From c8a2bf14627149859c5fed86cf127096c4fa2870 Mon Sep 17 00:00:00 2001 From: Dag-Erling Smørgrav Date: Sun, 6 May 2018 12:27:04 +0000 Subject: Vendor import of OpenSSH 7.7p1. --- .depend | 182 + .skipped-commit-ids | 7 + ChangeLog | 11871 ++++++++++--------- INSTALL | 20 +- Makefile.in | 101 +- PROTOCOL | 14 +- PROTOCOL.certkeys | 8 +- README | 20 +- README.privsep | 4 +- auth-options.c | 1199 +- auth-options.h | 107 +- auth-pam.c | 25 +- auth-pam.h | 4 +- auth-passwd.c | 30 +- auth-sia.c | 4 +- auth.c | 351 +- auth.h | 34 +- auth2-hostbased.c | 10 +- auth2-none.c | 4 +- auth2-passwd.c | 4 +- auth2-pubkey.c | 615 +- auth2.c | 17 +- authfd.c | 43 +- authfd.h | 7 +- authfile.c | 8 +- bitmap.c | 1 + bitmap.h | 1 + blocks.c | 248 - channels.c | 84 +- cipher.c | 21 +- clientloop.c | 57 +- clientloop.h | 4 +- compat.c | 73 +- compat.h | 28 +- config.h.in | 72 +- configure | 720 +- configure.ac | 217 +- contrib/aix/README | 1 - contrib/aix/buildbff.sh | 1 - contrib/aix/inventory.sh | 1 - contrib/cygwin/Makefile | 11 +- contrib/findssl.sh | 2 - contrib/redhat/openssh.spec | 69 +- contrib/redhat/sshd.init | 1 - contrib/redhat/sshd.init.old | 17 - contrib/suse/openssh.spec | 2 +- crypto_api.h | 10 +- defines.h | 24 - dh.c | 11 +- dns.c | 7 +- dns.h | 5 +- entropy.c | 4 +- fixprogs | 72 - hash.c | 83 +- install-sh | 682 +- kex.c | 14 +- kexc25519c.c | 4 +- kexc25519s.c | 2 +- kexdhc.c | 10 +- kexdhs.c | 8 +- kexecdhc.c | 19 +- kexecdhs.c | 14 +- kexgexc.c | 16 +- kexgexs.c | 8 +- key.c | 17 +- key.h | 3 +- krl.c | 4 +- loginrec.c | 6 - md5crypt.c | 4 +- mdoc2man.awk | 2 - misc.c | 696 +- misc.h | 21 +- mkinstalldirs | 2 - moduli | 836 +- moduli.c | 6 +- monitor.c | 116 +- monitor_wrap.c | 56 +- monitor_wrap.h | 13 +- opacket.c | 1 + opacket.h | 1 + openbsd-compat/Makefile.in | 81 +- openbsd-compat/bsd-cray.c | 816 -- openbsd-compat/bsd-cray.h | 59 - openbsd-compat/bsd-flock.c | 81 + openbsd-compat/bsd-getpagesize.c | 2 + openbsd-compat/bsd-malloc.c | 2 + openbsd-compat/bsd-misc.c | 81 +- openbsd-compat/bsd-misc.h | 34 +- openbsd-compat/bsd-openpty.c | 25 - openbsd-compat/bsd-signal.c | 62 + openbsd-compat/bsd-signal.h | 39 + openbsd-compat/bsd-statvfs.c | 8 + openbsd-compat/bsd-statvfs.h | 3 + openbsd-compat/freezero.c | 4 + openbsd-compat/openbsd-compat.h | 14 +- openbsd-compat/port-aix.c | 4 +- openbsd-compat/port-linux.c | 9 +- openbsd-compat/port-net.c | 374 + openbsd-compat/port-net.h | 48 + openbsd-compat/port-tun.c | 279 - openbsd-compat/port-tun.h | 34 - openbsd-compat/port-uw.c | 4 +- openbsd-compat/readpassphrase.c | 8 - openbsd-compat/regress/Makefile.in | 2 - openbsd-compat/strndup.c | 43 + openbsd-compat/strnlen.c | 2 +- opensshd.init.in | 4 - packet.c | 32 +- packet.h | 5 +- pathnames.h | 4 +- readconf.c | 76 +- readconf.h | 4 +- regress/Makefile | 5 +- regress/README.regress | 2 - regress/agent-getpeereid.sh | 3 +- regress/agent-ptrace.sh | 2 +- regress/agent.sh | 144 +- regress/allow-deny-users.sh | 1 + regress/authinfo.sh | 4 +- regress/cert-userkey.sh | 5 +- regress/cfgmatch.sh | 6 +- regress/connect-uri.sh | 29 + regress/forward-control.sh | 29 +- regress/key-options.sh | 68 +- regress/keys-command.sh | 2 +- regress/keytype.sh | 14 +- regress/limit-keytype.sh | 9 +- regress/misc/fuzz-harness/sig_fuzz.cc | 12 +- regress/misc/kexfuzz/Makefile | 32 +- regress/misc/kexfuzz/README | 2 + regress/netcat.c | 7 +- regress/proxy-connect.sh | 30 +- regress/putty-ciphers.sh | 2 +- regress/putty-kex.sh | 2 +- regress/putty-transfer.sh | 6 +- regress/scp-uri.sh | 70 + regress/sftp-chroot.sh | 7 +- regress/sftp-uri.sh | 63 + regress/sftp.sh | 6 +- regress/sshd-log-wrapper.sh | 2 +- regress/test-exec.sh | 6 +- regress/unittests/Makefile | 3 +- regress/unittests/Makefile.inc | 16 +- regress/unittests/authopt/testdata/all_permit.cert | 1 + .../unittests/authopt/testdata/bad_sourceaddr.cert | 1 + .../unittests/authopt/testdata/force_command.cert | 1 + regress/unittests/authopt/testdata/host.cert | 1 + regress/unittests/authopt/testdata/mktestdata.sh | 48 + .../unittests/authopt/testdata/no_agentfwd.cert | 1 + regress/unittests/authopt/testdata/no_permit.cert | 1 + regress/unittests/authopt/testdata/no_portfwd.cert | 1 + regress/unittests/authopt/testdata/no_pty.cert | 1 + regress/unittests/authopt/testdata/no_user_rc.cert | 1 + regress/unittests/authopt/testdata/no_x11fwd.cert | 1 + .../unittests/authopt/testdata/only_agentfwd.cert | 1 + .../unittests/authopt/testdata/only_portfwd.cert | 1 + regress/unittests/authopt/testdata/only_pty.cert | 1 + .../unittests/authopt/testdata/only_user_rc.cert | 1 + .../unittests/authopt/testdata/only_x11fwd.cert | 1 + regress/unittests/authopt/testdata/sourceaddr.cert | 1 + .../authopt/testdata/unknown_critical.cert | 1 + regress/unittests/authopt/tests.c | 573 + regress/unittests/bitmap/Makefile | 6 +- regress/unittests/conversion/Makefile | 7 +- regress/unittests/hostkeys/Makefile | 15 +- regress/unittests/kex/Makefile | 19 +- regress/unittests/match/Makefile | 8 +- regress/unittests/sshbuf/Makefile | 12 +- regress/unittests/sshkey/Makefile | 15 +- regress/unittests/sshkey/test_fuzz.c | 6 +- regress/unittests/sshkey/test_sshkey.c | 8 +- regress/unittests/test_helper/test_helper.c | 14 +- regress/unittests/test_helper/test_helper.h | 4 +- regress/unittests/utf8/Makefile | 6 +- regress/yes-head.sh | 2 +- scp.0 | 19 +- scp.1 | 45 +- scp.c | 222 +- servconf.c | 567 +- servconf.h | 77 +- serverloop.c | 82 +- session.c | 120 +- sftp-client.c | 20 +- sftp.0 | 67 +- sftp.1 | 92 +- sftp.c | 88 +- ssh-add.c | 74 +- ssh-agent.c | 64 +- ssh-dss.c | 87 +- ssh-ecdsa.c | 8 +- ssh-keygen.0 | 33 +- ssh-keygen.1 | 29 +- ssh-keygen.c | 98 +- ssh-keyscan.0 | 80 +- ssh-keyscan.1 | 102 +- ssh-keyscan.c | 38 +- ssh-keysign.c | 7 +- ssh-pkcs11-client.c | 5 +- ssh-pkcs11-helper.c | 183 +- ssh-pkcs11.c | 5 +- ssh-rsa.c | 57 +- ssh-xmss.c | 192 + ssh.0 | 50 +- ssh.1 | 57 +- ssh.c | 344 +- ssh_config.0 | 53 +- ssh_config.5 | 52 +- sshconnect.c | 197 +- sshconnect.h | 4 +- sshconnect2.c | 99 +- sshd.0 | 31 +- sshd.8 | 32 +- sshd.c | 218 +- sshd_config | 3 +- sshd_config.0 | 76 +- sshd_config.5 | 74 +- sshkey-xmss.c | 1055 ++ sshkey-xmss.h | 56 + sshkey.c | 743 +- sshkey.h | 45 +- sshpty.c | 25 - ttymodes.c | 13 +- umac.c | 194 +- umac128.c | 10 + version.h | 4 +- xmss_commons.c | 36 + xmss_commons.h | 21 + xmss_fast.c | 1106 ++ xmss_fast.h | 111 + xmss_hash.c | 140 + xmss_hash.h | 22 + xmss_hash_address.c | 66 + xmss_hash_address.h | 40 + xmss_wots.c | 192 + xmss_wots.h | 64 + 235 files changed, 18691 insertions(+), 11692 deletions(-) create mode 100644 .depend delete mode 100644 blocks.c delete mode 100755 fixprogs delete mode 100644 openbsd-compat/bsd-cray.c delete mode 100644 openbsd-compat/bsd-cray.h create mode 100644 openbsd-compat/bsd-flock.c create mode 100644 openbsd-compat/bsd-signal.c create mode 100644 openbsd-compat/bsd-signal.h create mode 100644 openbsd-compat/port-net.c create mode 100644 openbsd-compat/port-net.h delete mode 100644 openbsd-compat/port-tun.c delete mode 100644 openbsd-compat/port-tun.h create mode 100644 openbsd-compat/strndup.c create mode 100644 regress/connect-uri.sh create mode 100644 regress/scp-uri.sh create mode 100644 regress/sftp-uri.sh create mode 100644 regress/unittests/authopt/testdata/all_permit.cert create mode 100644 regress/unittests/authopt/testdata/bad_sourceaddr.cert create mode 100644 regress/unittests/authopt/testdata/force_command.cert create mode 100644 regress/unittests/authopt/testdata/host.cert create mode 100644 regress/unittests/authopt/testdata/mktestdata.sh create mode 100644 regress/unittests/authopt/testdata/no_agentfwd.cert create mode 100644 regress/unittests/authopt/testdata/no_permit.cert create mode 100644 regress/unittests/authopt/testdata/no_portfwd.cert create mode 100644 regress/unittests/authopt/testdata/no_pty.cert create mode 100644 regress/unittests/authopt/testdata/no_user_rc.cert create mode 100644 regress/unittests/authopt/testdata/no_x11fwd.cert create mode 100644 regress/unittests/authopt/testdata/only_agentfwd.cert create mode 100644 regress/unittests/authopt/testdata/only_portfwd.cert create mode 100644 regress/unittests/authopt/testdata/only_pty.cert create mode 100644 regress/unittests/authopt/testdata/only_user_rc.cert create mode 100644 regress/unittests/authopt/testdata/only_x11fwd.cert create mode 100644 regress/unittests/authopt/testdata/sourceaddr.cert create mode 100644 regress/unittests/authopt/testdata/unknown_critical.cert create mode 100644 regress/unittests/authopt/tests.c create mode 100644 ssh-xmss.c create mode 100644 sshkey-xmss.c create mode 100644 sshkey-xmss.h create mode 100644 umac128.c create mode 100644 xmss_commons.c create mode 100644 xmss_commons.h create mode 100644 xmss_fast.c create mode 100644 xmss_fast.h create mode 100644 xmss_hash.c create mode 100644 xmss_hash.h create mode 100644 xmss_hash_address.c create mode 100644 xmss_hash_address.h create mode 100644 xmss_wots.c create mode 100644 xmss_wots.h diff --git a/.depend b/.depend new file mode 100644 index 000000000000..0893a87ab026 --- /dev/null +++ b/.depend @@ -0,0 +1,182 @@ +# DO NOT DELETE + +addrmatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h match.h log.h +atomicio.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h atomicio.h +audit-bsm.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +audit-linux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +audit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +auth-bsdauth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +auth-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h ssh.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h misc.h servconf.h uidswap.h key.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h +auth-options.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h log.h misc.h sshkey.h match.h ssh2.h auth-options.h +auth-pam.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +auth-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h misc.h servconf.h key.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h +auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h uidswap.h pathnames.h log.h misc.h key.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h +auth-shadow.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +auth-sia.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +auth-skey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +auth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h match.h groupaccess.h log.h misc.h servconf.h key.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h canohost.h uidswap.h packet.h openbsd-compat/sys-queue.h +auth.o: dispatch.h opacket.h authfile.h monitor_wrap.h ssherr.h compat.h channels.h +auth2-chall.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h ssh2.h key.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h misc.h servconf.h +auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h canohost.h +auth2-hostbased.o: monitor_wrap.h pathnames.h ssherr.h match.h +auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h key.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h misc.h servconf.h +auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h misc.h servconf.h compat.h ssh2.h ssherr.h +auth2-none.o: monitor_wrap.h +auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h +auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h uidswap.h +auth2-pubkey.o: auth-options.h canohost.h monitor_wrap.h authfile.h match.h ssherr.h channels.h session.h +auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h misc.h servconf.h compat.h key.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h +auth2.o: monitor_wrap.h ssherr.h +authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h ssh.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h compat.h log.h atomicio.h misc.h ssherr.h +authfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh.h log.h authfile.h misc.h atomicio.h sshkey.h ssherr.h krl.h +bitmap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h bitmap.h +bufaux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h log.h ssherr.h +bufbn.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +bufec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h log.h ssherr.h +buffer.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h log.h ssherr.h +canohost.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h canohost.h misc.h +chacha.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h chacha.h +channels.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h ssherr.h packet.h dispatch.h opacket.h log.h misc.h channels.h compat.h canohost.h key.h sshkey.h authfd.h pathnames.h +cipher-aes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/openssl-compat.h +cipher-aesctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h cipher-aesctr.h rijndael.h +cipher-chachapoly.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h log.h ssherr.h cipher-chachapoly.h chacha.h poly1305.h +cipher-ctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +cipher.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h misc.h ssherr.h digest.h openbsd-compat/openssl-compat.h +cleanup.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h log.h +clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h opacket.h compat.h channels.h key.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h +clientloop.o: kex.h mac.h myproposal.h log.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h ssherr.h hostfile.h +compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h compat.h log.h match.h kex.h mac.h key.h sshkey.h +crc32.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h crc32.h +dh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +digest-libc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ssherr.h digest.h +digest-openssl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ssh2.h log.h dispatch.h packet.h openbsd-compat/sys-queue.h opacket.h compat.h ssherr.h +dns.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h sshkey.h ssherr.h dns.h log.h digest.h +ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h crypto_api.h ge25519.h fe25519.h sc25519.h +entropy.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +fatal.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h log.h +fe25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h fe25519.h crypto_api.h +ge25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h fe25519.h crypto_api.h sc25519.h ge25519.h ge25519_base.data +groupaccess.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h groupaccess.h match.h log.h +gss-genr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +gss-serv-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +gss-serv.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +hash.o: crypto_api.h includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h digest.h log.h ssherr.h +hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h digest.h hmac.h +hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h match.h sshkey.h hostfile.h log.h misc.h ssherr.h digest.h hmac.h +kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h key.h log.h match.h misc.h +kex.o: monitor.h ssherr.h digest.h +kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h key.h log.h digest.h ssherr.h +kexc25519c.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h key.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssh2.h digest.h ssherr.h +kexc25519s.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h kex.h mac.h key.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssh2.h ssherr.h +kexdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +kexdhc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +kexdhs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +kexecdhc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +kexecdhs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +kexgex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +kexgexc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +kexgexs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +key.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h key.h sshkey.h compat.h ssherr.h log.h authfile.h +krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h krl.h +log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h log.h +loginrec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h key.h sshkey.h hostfile.h ssh.h loginrec.h log.h atomicio.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h canohost.h auth.h auth-pam.h audit.h +logintest.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h loginrec.h +mac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h digest.h hmac.h umac.h mac.h misc.h ssherr.h openbsd-compat/openssl-compat.h +match.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h match.h misc.h +md5crypt.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h misc.h log.h ssh.h ssherr.h uidswap.h +moduli.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h atomicio.h xmalloc.h ssh.h key.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h chacha.h poly1305.h +monitor.o: cipher-aesctr.h rijndael.h kex.h mac.h dh.h packet.h dispatch.h opacket.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h ssherr.h +monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h log.h monitor_fdpass.h +monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h ssh.h key.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h hostfile.h auth.h auth-pam.h audit.h +monitor_wrap.o: loginrec.h auth-options.h packet.h dispatch.h opacket.h log.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h ssherr.h +msg.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ssherr.h log.h atomicio.h msg.h misc.h +mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h log.h ssh.h ssh2.h pathnames.h misc.h match.h channels.h msg.h packet.h dispatch.h opacket.h monitor_fdpass.h sshpty.h key.h sshkey.h readconf.h clientloop.h +mux.o: ssherr.h +nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h ssh2.h ssherr.h packet.h dispatch.h opacket.h channels.h compat.h log.h +opacket.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ssherr.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h +packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h key.h sshkey.h xmalloc.h crc32.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h digest.h log.h canohost.h misc.h +packet.o: channels.h ssh.h packet.h dispatch.h opacket.h ssherr.h +platform-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +platform-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h log.h +platform.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h log.h misc.h servconf.h key.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h +poly1305.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h poly1305.h +progressmeter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h progressmeter.h atomicio.h misc.h +readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/glob.h xmalloc.h ssh.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h key.h +readconf.o: uidswap.h myproposal.h digest.h +readpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h misc.h pathnames.h log.h ssh.h uidswap.h +rijndael.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h rijndael.h +sandbox-capsicum.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +sandbox-darwin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +sandbox-null.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +sandbox-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +sandbox-rlimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +sandbox-seccomp-filter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +sandbox-solaris.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +sc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h sc25519.h crypto_api.h +scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h ssh.h atomicio.h pathnames.h log.h misc.h progressmeter.h utf8.h +servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h key.h sshkey.h kex.h mac.h +servconf.o: match.h channels.h groupaccess.h canohost.h packet.h dispatch.h opacket.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h +serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h opacket.h log.h misc.h servconf.h canohost.h sshpty.h channels.h compat.h ssh2.h key.h sshkey.h cipher.h cipher-chachapoly.h chacha.h +serverloop.o: poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h ssherr.h +session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h opacket.h match.h uidswap.h compat.h channels.h key.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h +session.o: cipher-aesctr.h rijndael.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h monitor_wrap.h sftp.h atomicio.h +sftp-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h log.h atomicio.h progressmeter.h misc.h utf8.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h +sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h ssherr.h log.h misc.h sftp.h sftp-common.h +sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h +sftp-server-main.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h log.h sftp.h misc.h xmalloc.h +sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h +sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h log.h pathnames.h misc.h utf8.h sftp.h ssherr.h sftp-common.h sftp-client.h openbsd-compat/glob.h +ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/openssl-compat.h xmalloc.h ssh.h log.h sshkey.h authfd.h authfile.h pathnames.h misc.h ssherr.h digest.h +ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshkey.h authfd.h compat.h log.h misc.h digest.h ssherr.h match.h +ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +ssh-ecdsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +ssh-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h crypto_api.h log.h sshkey.h ssherr.h ssh.h +ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h sshkey.h authfile.h uuencode.h pathnames.h log.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssherr.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h +ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h key.h compat.h myproposal.h packet.h dispatch.h +ssh-keyscan.o: opacket.h log.h atomicio.h misc.h hostfile.h ssherr.h ssh_api.h ssh2.h dns.h +ssh-keysign.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h log.h sshkey.h ssh.h ssh2.h misc.h authfile.h msg.h canohost.h pathnames.h readconf.h uidswap.h ssherr.h +ssh-pkcs11-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +ssh-pkcs11-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h log.h misc.h sshkey.h authfd.h ssh-pkcs11.h ssherr.h +ssh-pkcs11.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +ssh-rsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h packet.h +ssh.o: dispatch.h opacket.h channels.h key.h sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h misc.h readconf.h sshconnect.h kex.h mac.h sshpty.h match.h msg.h uidswap.h version.h ssherr.h myproposal.h utf8.h +ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h key.h ssh.h ssh2.h packet.h dispatch.h opacket.h compat.h +ssh_api.o: log.h authfile.h misc.h version.h myproposal.h ssherr.h +sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ssherr.h +sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ssherr.h +sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ssherr.h +sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ssherr.h misc.h +sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h key.h sshkey.h hostfile.h ssh.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h uidswap.h compat.h sshconnect.h log.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h +sshconnect.o: ssh2.h version.h authfile.h ssherr.h authfd.h +sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h opacket.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h key.h sshkey.h kex.h mac.h +sshconnect2.o: myproposal.h sshconnect.h authfile.h dh.h authfd.h log.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h ssherr.h utf8.h +sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h opacket.h log.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h +sshd.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h key.h sshkey.h kex.h mac.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h ssherr.h +ssherr.o: ssherr.h +sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h crypto_api.h ssh2.h ssherr.h misc.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h sshkey-xmss.h match.h xmss_fast.h +sshlogin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h loginrec.h log.h misc.h servconf.h +sshpty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h sshpty.h log.h misc.h +sshtty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h sshpty.h +ttymodes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h compat.h ttymodes.h +uidswap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h log.h uidswap.h xmalloc.h +umac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h umac.h misc.h rijndael.h +umac128.o: umac.c includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h umac.h misc.h rijndael.h +utf8.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h utf8.h +uuencode.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h uuencode.h +verify.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h crypto_api.h +xmalloc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h log.h +xmss_commons.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +xmss_fast.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +xmss_hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +xmss_hash_address.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +xmss_wots.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h diff --git a/.skipped-commit-ids b/.skipped-commit-ids index 7c03c9db827a..b51baf90d75c 100644 --- a/.skipped-commit-ids +++ b/.skipped-commit-ids @@ -1,3 +1,10 @@ +5317f294d63a876bfc861e19773b1575f96f027d remove libssh from makefiles +a337e886a49f96701ccbc4832bed086a68abfa85 Makefile changes +f2c9feb26963615c4fece921906cf72e248b61ee more Makefile +fa728823ba21c4b45212750e1d3a4b2086fd1a62 more Makefile refactoring + +Old upstream tree: + 321065a95a7ccebdd5fd08482a1e19afbf524e35 Update DH groups d4f699a421504df35254cf1c6f1a7c304fb907ca Remove 1k bit groups aafe246655b53b52bc32c8a24002bc262f4230f7 Remove intermediate moduli diff --git a/ChangeLog b/ChangeLog index e008ec9f383f..bb729917c333 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,9351 +1,9798 @@ -commit 66bf74a92131b7effe49fb0eefe5225151869dc5 -Author: djm@openbsd.org -Date: Mon Oct 2 19:33:20 2017 +0000 +commit a0349a1cc4a18967ad1dbff5389bcdf9da098814 +Author: Damien Miller +Date: Mon Apr 2 15:38:28 2018 +1000 - upstream commit - - Fix PermitOpen crash; spotted by benno@, ok dtucker@ deraadt@ - - Upstream-ID: c2cc84ffac070d2e1ff76182c70ca230a387983c + update versions in .spec files -commit d63b38160a59039708fd952adc75a0b3da141560 +commit 816ad38f79792f5617e3913be306ddb27e91091c Author: Damien Miller -Date: Sun Oct 1 10:32:25 2017 +1100 +Date: Mon Apr 2 15:38:20 2018 +1000 - update URL again + update version number + +commit 2c71ca1dd1efe458cb7dee3f8a1a566f913182c2 +Author: Darren Tucker +Date: Fri Mar 30 18:23:07 2018 +1100 + + Disable native strndup and strnlen on AIX. - I spotted a typo in the draft so uploaded a new version... + On at least some revisions of AIX, strndup returns unterminated strings + under some conditions, apparently because strnlen returns incorrect + values in those cases. Disable both on AIX and use the replacements + from openbsd-compat. Fixes problem with ECDSA keys there, ok djm. -commit 6f64f596430cd3576c529f07acaaf2800aa17d58 -Author: Damien Miller -Date: Sun Oct 1 10:01:56 2017 +1100 +commit 6b5a17bc14e896e3904dc58d889b58934cfacd24 +Author: Darren Tucker +Date: Mon Mar 26 13:12:44 2018 +1100 - sync release notes URL + Include ssh_api.h for struct ssh. + + struct ssh is needed by implementations of sys_auth_passwd() that were + converted in commit bba02a50. Needed to fix build on AIX, I assume for + the other platforms too (although it should be harmless if not needed). -commit 35ff70a04dd71663a5ac1e73b90d16d270a06e0d -Author: Damien Miller -Date: Sun Oct 1 10:01:25 2017 +1100 +commit bc3f80e4d191b8e48650045dfa8a682cd3aabd4d +Author: Darren Tucker +Date: Mon Mar 26 12:58:09 2018 +1100 - sync contrib/ssh-copy-id with upstream + Remove UNICOS code missed during removal. + + Fixes compile error on AIX. -commit 290843b8ede85f8b30bf29cd7dceb805c3ea5b66 -Author: Damien Miller -Date: Sun Oct 1 09:59:19 2017 +1100 +commit 9d57762c24882e2f000a21a0ffc8c5908a1fa738 +Author: markus@openbsd.org +Date: Sat Mar 24 19:29:03 2018 +0000 - update version in RPM spec files + upstream: openssh-7.7 + + OpenBSD-Commit-ID: 274e614352460b9802c905f38fb5ea7ed5db3d41 -commit 4e4e0bb223c5be88d87d5798c75cc6b0d4fef31d +commit 4b7d8acdbbceef247dc035e611e577174ed8a87e Author: Damien Miller -Date: Sun Oct 1 09:58:24 2017 +1100 +Date: Mon Mar 26 09:37:02 2018 +1100 - update agent draft URL + Remove authinfo.sh test dependency on printenv + + Some platforms lack printenv in the default $PATH. + Reported by Tom G. Christensen -commit e4a798f001d2ecd8bf025c1d07658079f27cc604 -Author: djm@openbsd.org -Date: Sat Sep 30 22:26:33 2017 +0000 +commit 4afeaf3dcb7dc70efd98fcfcb0ed28a6b40b820e +Author: Tim Rice +Date: Sun Mar 25 10:00:21 2018 -0700 - upstream commit + Use libiaf on all sysv5 systems + +commit bba02a5094b3db228ceac41cb4bfca165d0735f3 +Author: Tim Rice +Date: Sun Mar 25 09:17:33 2018 -0700 + + modified: auth-sia.c + modified: openbsd-compat/port-aix.c + modified: openbsd-compat/port-uw.c - openssh-7.6; ok deraadt@ + propogate changes to auth-passwd.c in commit + 7c856857607112a3dfe6414696bf4c7ab7fb0cb3 to other providers + of sys_auth_passwd() + +commit d7a7a39168bdfe273587bf85d779d60569100a3f +Author: markus@openbsd.org +Date: Sat Mar 24 19:29:03 2018 +0000 + + upstream: openssh-7.7 - Upstream-ID: a39c3a5b63a1baae109ae1ae4c7c34c2a59acde0 + OpenBSD-Commit-ID: 274e614352460b9802c905f38fb5ea7ed5db3d41 -commit 5fa1407e16e7e5fda9769d53b626ce39d5588d4d -Author: jmc@openbsd.org -Date: Wed Sep 27 06:45:53 2017 +0000 +commit 9efcaaac314c611c6c0326e8bac5b486c424bbd2 +Author: markus@openbsd.org +Date: Sat Mar 24 19:28:43 2018 +0000 - upstream commit + upstream: fix bogus warning when signing cert keys using agent; - tweak EposeAuthinfo; diff from lars nooden + from djm; ok deraadt dtucker - tweaked by sthen; ok djm dtucker + OpenBSD-Commit-ID: 12e50836ba2040042383a8b71e12d7ea06e9633d + +commit 393436024d2e4b4c7a01f9cfa5854e7437896d11 +Author: Darren Tucker +Date: Sun Mar 25 09:40:46 2018 +1100 + + Replace /dev/stdin with "-". - Upstream-ID: 8f2ea5d2065184363e8be7a0ba24d98a3b259748 + For some reason sftp -b doesn't work with /dev/stdin on Cygwin, as noted + and suggested by vinschen at redhat.com. -commit bba69c246f0331f657fd6ec97724df99fc1ad174 -Author: Damien Miller -Date: Thu Sep 28 16:06:21 2017 -0700 +commit b5974de1a1d419e316ffb6524b1b277dda2f3b49 +Author: Darren Tucker +Date: Fri Mar 23 13:21:14 2018 +1100 - don't fatal ./configure for LibreSSL + Provide $OBJ to paths in PuTTY interop tests. -commit 04dc070e8b4507d9d829f910b29be7e3b2414913 -Author: Damien Miller -Date: Thu Sep 28 14:54:34 2017 -0700 +commit dc31e79454e9b9140b33ad380565fdb59b9c4f33 +Author: dtucker@openbsd.org +Date: Fri Mar 16 09:06:31 2018 +0000 - abort in configure when only openssl-1.1.x found + upstream: Tell puttygen to use /dev/urandom instead of /dev/random. On - We don't support openssl-1.1.x yet (see multiple threads on the - openssh-unix-dev@ mailing list for the reason), but previously - ./configure would accept it and the compilation would subsequently - fail. This makes ./configure display an explicit error message and - abort. + OpenBSD they are both non-blocking, but on many other -portable platforms it + blocks, stalling tests. - ok dtucker@ + OpenBSD-Regress-ID: 397d0d4c719c353f24d79f5b14775e0cfdf0e1cc -commit 74c1c3660acf996d9dc329e819179418dc115f2c -Author: Darren Tucker -Date: Wed Sep 27 07:44:41 2017 +1000 +commit cb1f94431ef319cd48618b8b771b58739a8210cf +Author: markus@openbsd.org +Date: Thu Mar 22 07:06:11 2018 +0000 - Check for and handle calloc(p, 0) = NULL. + upstream: ssh/xmss: fix build; ok djm@ - On some platforms (AIX, maybe others) allocating zero bytes of memory - via the various *alloc functions returns NULL, which is permitted - by the standards. Autoconf has some macros for detecting this (with - the exception of calloc for some reason) so use these and if necessary - activate shims for them. ok djm@ + OpenBSD-Commit-ID: c9374ca41d4497f1c673ab681cc33f6e7c5dd186 -commit 6a9481258a77b0b54b2a313d1761c87360c5f1f5 +commit 27979da9e4074322611355598f69175b9ff10d39 Author: markus@openbsd.org -Date: Thu Sep 21 19:18:12 2017 +0000 +Date: Thu Mar 22 07:05:48 2018 +0000 - upstream commit + upstream: ssh/xmss: fix deserialize for certs; ok djm@ - test reverse dynamic forwarding with SOCKS + OpenBSD-Commit-ID: f44c41636c16ec83502039828beaf521c057dddc + +commit c6cb2565c9285eb54fa9dfbb3890f5464aff410f +Author: Darren Tucker +Date: Thu Mar 22 17:00:28 2018 +1100 + + Save $? before case statement. - Upstream-Regress-ID: 95cf290470f7e5e2f691e4bc6ba19b91eced2f79 + In some shells (FreeBSD 9, ash) the case statement resets $?, so save + for later testing. -commit 1b9f321605733754df60fac8c1d3283c89b74455 -Author: Damien Miller -Date: Tue Sep 26 16:55:55 2017 +1000 +commit 4c4e7f783b43b264c247233acb887ee10ed4ce4d +Author: djm@openbsd.org +Date: Wed Mar 14 05:35:40 2018 +0000 - sync missing changes in dynamic-forward.sh + upstream: rename recently-added "valid-before" key restriction to + + "expiry-time" as the former is confusing wrt similar terminology in X.509; + pointed out by jsing@ + + OpenBSD-Regress-ID: ac8b41dbfd90cffd525d58350c327195b0937793 -commit 44fc334c7a9ebdd08addb6d5fa005369897fddeb -Author: Darren Tucker -Date: Mon Sep 25 09:48:10 2017 +1000 +commit 500396b204c58e78ad9d081516a365a9f28dc3fd +Author: djm@openbsd.org +Date: Mon Mar 12 00:56:03 2018 +0000 - Add minimal strsignal for platforms without it. + upstream: check valid-before option in authorized_keys + + OpenBSD-Regress-ID: 7e1e4a84f7f099a290e5a4cbf4196f90ff2d7e11 -commit 218e6f98df566fb9bd363f6aa47018cb65ede196 +commit a76b5d26c2a51d7dd7a5164e683ab3f4419be215 Author: djm@openbsd.org -Date: Sun Sep 24 13:45:34 2017 +0000 +Date: Mon Mar 12 00:54:04 2018 +0000 - upstream commit + upstream: explicitly specify RSA/SHA-2 keytype here too - fix inverted test on channel open failure path that - "upgraded" a transient failure into a fatal error; reported by sthen and also - seen by benno@; ok sthen@ + OpenBSD-Regress-ID: 74d7b24e8c72c27af6b481198344eb077e993a62 + +commit 3a43297ce29d37c64e37c7e21282cb219e28d3d1 +Author: djm@openbsd.org +Date: Mon Mar 12 00:52:57 2018 +0000 + + upstream: exlicitly include RSA/SHA-2 keytypes in - Upstream-ID: b58b3fbb79ba224599c6cd6b60c934fc46c68472 + PubkeyAcceptedKeyTypes here + + OpenBSD-Regress-ID: 954d19e0032a74e31697fb1dc7e7d3d1b2d65fe9 -commit c704f641f7b8777497dc82e81f2ac89afec7e401 +commit 037fdc1dc2d68e1d43f9c9e2586c02cabc8f7cc8 +Author: jmc@openbsd.org +Date: Wed Mar 14 06:56:20 2018 +0000 + + upstream: sort expiry-time; + + OpenBSD-Commit-ID: 8c7d82ee1e63e26ceb2b3d3a16514019f984f6bf + +commit abc0fa38c9bc136871f28e452c3465c3051fc785 Author: djm@openbsd.org -Date: Sun Sep 24 09:50:01 2017 +0000 +Date: Wed Mar 14 05:35:40 2018 +0000 - upstream commit + upstream: rename recently-added "valid-before" key restriction to - write the correct buffer when tunnel forwarding; doesn't - matter on OpenBSD (they are the same) but does matter on portable where we - use an output filter to translate os-specific tun/tap headers + "expiry-time" as the former is confusing wrt similar terminology in X.509; + pointed out by jsing@ - Upstream-ID: f1ca94eff48404827b12e1d12f6139ee99a72284 + OpenBSD-Commit-ID: 376939466a1f562f3950a22314bc6505733aaae6 -commit 55486f5cef117354f0c64f991895835077b7c7f7 +commit bf0fbf2b11a44f06a64b620af7d01ff171c28e13 Author: djm@openbsd.org -Date: Sat Sep 23 22:04:07 2017 +0000 +Date: Mon Mar 12 00:52:01 2018 +0000 - upstream commit + upstream: add valid-before="[time]" authorized_keys option. A - fix tunnel forwarding problem introduced in refactor; - reported by stsp@ ok markus@ + simple way of giving a key an expiry date. ok markus@ - Upstream-ID: 81a731cdae1122c8522134095d1a8b60fa9dcd04 + OpenBSD-Commit-ID: 1793b4dd5184fa87f42ed33c7b0f4f02bc877947 -commit 609d7a66ce578abf259da2d5f6f68795c2bda731 -Author: markus@openbsd.org -Date: Thu Sep 21 19:16:53 2017 +0000 +commit fbd733ab7adc907118a6cf56c08ed90c7000043f +Author: Darren Tucker +Date: Mon Mar 12 19:17:26 2018 +1100 - upstream commit + Add AC_LANG_PROGRAM to AC_COMPILE_IFELSE. - Add 'reverse' dynamic forwarding which combines dynamic - forwarding (-D) with remote forwarding (-R) where the remote-forwarded port - expects SOCKS-requests. + The recently added MIPS ABI tests need AC_LANG_PROGRAM to prevent + warnings from autoconf. Pointed out by klausz at haus-gisela.de. + +commit c7c458e8261b04d161763cd333d74e7a5842e917 +Author: djm@openbsd.org +Date: Wed Mar 7 23:53:08 2018 +0000 + + upstream: revert recent strdelim() change, it causes problems with - The SSH server code is unchanged and the parsing happens at the SSH - clients side. Thus the full SOCKS-request is sent over the forwarded - channel and the client parses c->output. Parsing happens in - channel_before_prepare_select(), _before_ the select bitmask is - computed in the pre[] handlers, but after network input processing - in the post[] handlers. + some configs. - help and ok djm@ + revision 1.124 + date: 2018/03/02 03:02:11; author: djm; state: Exp; lines: +19 -8; commitid: nNRsCijZiGG6SUTT; + Allow escaped quotes \" and \' in ssh_config and sshd_config quotes + option strings. bz#1596 ok markus@ - Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89 + OpenBSD-Commit-ID: 59c40b1b81206d713c06b49d8477402c86babda5 -commit 36945fa103176c00b39731e1fc1919a0d0808b81 -Author: dtucker@openbsd.org -Date: Wed Sep 20 05:19:00 2017 +0000 +commit 0bcd871ccdf3baf2b642509ba4773d5be067cfa2 +Author: jmc@openbsd.org +Date: Mon Mar 5 07:03:18 2018 +0000 - upstream commit + upstream: move the input format details to -f; remove the output - Use strsignal in debug message instead of casting for the - benefit of portable where sig_atomic_t might not be int. "much nicer" - deraadt@ + format details and point to sshd(8), where it is documented; - Upstream-ID: 2dac6c1e40511c700bd90664cd263ed2299dcf79 + ok dtucker + + OpenBSD-Commit-ID: 95f17e47dae02a6ac7329708c8c893d4cad0004a -commit 3e8d185af326bf183b6f78597d5e3d2eeb2dc40e -Author: millert@openbsd.org -Date: Tue Sep 19 12:10:30 2017 +0000 +commit 45011511a09e03493568506ce32f4891a174a3bd +Author: Vicente Olivert Riera +Date: Tue Jun 20 16:42:28 2017 +0100 - upstream commit + configure.ac: properly set seccomp_audit_arch for MIPS64 - Use explicit_bzero() instead of bzero() before free() to - prevent the compiler from optimizing away the bzero() call. OK djm@ + Currently seccomp_audit_arch is set to AUDIT_ARCH_MIPS64 or + AUDIT_ARCH_MIPSEL64 (depending on the endinness) when openssh is built + for MIPS64. However, that's only valid for n64 ABI. The right macros for + n32 ABI defined in seccomp.h are AUDIT_ARCH_MIPS64N32 and + AUDIT_ARCH_MIPSEL64N32, for big and little endian respectively. - Upstream-ID: cdc6197e64c9684c7250e23d60863ee1b53cef1d + Because of that an sshd built for MIPS64 n32 rejects connection attempts + and the output of strace reveals that the problem is related to seccomp + audit: + + [pid 194] prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=57, + filter=0x555d5da0}) = 0 + [pid 194] write(7, "\0\0\0]\0\0\0\5\0\0\0Ulist_hostkey_types: "..., 97) = ? + [pid 193] <... poll resumed> ) = 2 ([{fd=5, revents=POLLIN|POLLHUP}, + {fd=6, revents=POLLHUP}]) + [pid 194] +++ killed by SIGSYS +++ + + This patch fixes that problem by setting the right value to + seccomp_audit_arch taking into account the MIPS64 ABI. + + Signed-off-by: Vicente Olivert Riera -commit 5b8da1f53854c0923ec6e927e86709e4d72737b6 -Author: djm@openbsd.org -Date: Tue Sep 19 04:24:22 2017 +0000 +commit 580086704c31de91dc7ba040a28e416bf1fefbca +Author: Vicente Olivert Riera +Date: Tue Jun 20 16:42:11 2017 +0100 - upstream commit - - fix use-after-free in ~^Z escape handler path, introduced - in channels.c refactor; spotted by millert@ "makes sense" deraadt@ + configure.ac: detect MIPS ABI - Upstream-ID: 8fa2cdc65c23ad6420c1e59444b0c955b0589b22 + Signed-off-by: Vicente Olivert Riera -commit a3839d8d2b89ff1a80cadd4dd654336710de2c9e -Author: dtucker@openbsd.org -Date: Mon Sep 18 12:03:24 2017 +0000 +commit cd4e937aa701f70366cd5b5969af525dff6fdf15 +Author: Alan Yee +Date: Wed Mar 7 15:12:14 2018 -0800 - upstream commit + Use https URLs for links that support it. + +commit c0a0c3fc4a76b682db22146b28ddc46566db1ce9 +Author: Darren Tucker +Date: Mon Mar 5 20:03:07 2018 +1100 + + Disable UTMPX on SunOS4. + +commit 58fd4c5c0140f6636227ca7acbb149ab0c2509b9 +Author: Darren Tucker +Date: Mon Mar 5 19:28:08 2018 +1100 + + Check for and work around buggy fflush(NULL). - Prevent type mismatch warning in debug on platforms where - sig_atomic_t != int. ok djm@ + Some really old platforms (eg SunOS4) segfault on fflush(NULL) so check + for and work around. With klausz at haus-gisela.de. + +commit 71e48bc7945f867029e50e06c665c66aed6d3c64 +Author: Darren Tucker +Date: Mon Mar 5 10:22:32 2018 +1100 + + Remove extra XMSS #endif - Upstream-ID: 306e2375eb0364a4c68e48f091739bea4f4892ed + Extra #endif breaks compile with -DWITH_XMSS. Pointed out by Jack + Schmidt via github. -commit 30484e5e5f0b63d2c6ba32c6b85f06b6c6fa55fc +commit 055e09e2212ff52067786bf6d794ca9512ff7f0c Author: dtucker@openbsd.org -Date: Mon Sep 18 09:41:52 2017 +0000 +Date: Sat Mar 3 06:37:53 2018 +0000 - upstream commit + upstream: Update RSA minimum modulus size to 1024. sshkey.h rev 1.18 - Add braces missing after channels refactor. ok markus@ + bumped the minimum from 768 to 1024, update man page accordingly. - Upstream-ID: 72ab325c84e010680dbc88f226e2aa96b11a3980 + OpenBSD-Commit-ID: 27563ab4e866cd2aac40a5247876f6787c08a338 -commit b79569190b9b76dfacc6d996faa482f16e8fc026 -Author: Damien Miller -Date: Tue Sep 19 12:29:23 2017 +1000 +commit 7e4fadd3248d6bb7d39d6688c76a613d35d2efc1 +Author: djm@openbsd.org +Date: Sun Mar 4 01:46:48 2018 +0000 - add freezero(3) replacement + upstream: for the pty control tests, just check that the PTY path - ok dtucker@ + points to something in /dev (rather than checking the device node itself); + makes life easier for portable, where systems with dynamic ptys can delete + nodes before we get around to testing their existence. + + OpenBSD-Regress-ID: b1e455b821e62572bccd98102f8dd9d09bb94994 -commit 161af8f5ec0961b10cc032efb5cc1b44ced5a92e -Author: Damien Miller -Date: Tue Sep 19 10:18:56 2017 +1000 +commit 13ef4cf53f24753fe920832b990b25c9c9cd0530 +Author: Darren Tucker +Date: Sat Mar 3 16:21:20 2018 +1100 - move FORTIFY_SOURCE into hardening options group + Update PAM password change to new opts API. + +commit 33561e68e0b27366cb769295a077aabc6a49d2a1 +Author: Darren Tucker +Date: Sat Mar 3 14:56:09 2018 +1100 + + Add strndup for platforms that need it. - It's still on by default, but now it's possible to turn it off using - --without-hardening. This is useful since it's known to cause problems - with some -fsanitize options. ok dtucker@ + Some platforms don't have strndup, which includes Solaris 10, NetBSD 3 + and FreeBSD 6. -commit 09eacf856e0fe1a6e3fe597ec8032b7046292914 -Author: bluhm@openbsd.org -Date: Wed Sep 13 14:58:26 2017 +0000 +commit e8a17feba95eef424303fb94441008f6c5347aaf +Author: Darren Tucker +Date: Sat Mar 3 14:49:07 2018 +1100 - upstream commit + Flatten and alphabetize object file lists. - Print SKIPPED if sudo and doas configuration is missing. - Prevents that running the regression test with wrong environment is reported - as failure. Keep the fatal there to avoid interfering with other setups for - portable ssh. OK dtucker@ + This will make maintenance and changes easier. "no objection" tim@ + +commit de1920d743d295f50e6905e5957c4172c038e8eb +Author: djm@openbsd.org +Date: Sat Mar 3 03:16:17 2018 +0000 + + upstream: unit tests for new authorized_keys options API - Upstream-Regress-ID: f0dc60023caef496ded341ac5aade2a606fa234e + OpenBSD-Regress-ID: 820f9ec9c6301f6ca330ad4052d85f0e67d0bdc1 -commit cdede10899892f25f1ccdccd7a3fe5e5ef0aa49a -Author: dtucker@openbsd.org -Date: Mon Aug 7 03:52:55 2017 +0000 +commit dc3e92df17556dc5b0ab19cee8dcb2a6ba348717 +Author: djm@openbsd.org +Date: Fri Mar 2 02:53:27 2018 +0000 - upstream commit + upstream: fix testing of pty option, include positive test and - Remove obsolete privsep=no fallback test. + testing of restrict keyword - Upstream-Regress-ID: 7d6e1baa1678ac6be50c2a1555662eb1047638df + OpenBSD-Regress-ID: 4268f27c2706a0a95e725d9518c5bcbec9814c6d -commit ec218c105daa9f5b192f7aa890fdb2d4fdc4e9d8 -Author: dtucker@openbsd.org -Date: Mon Aug 7 00:53:51 2017 +0000 +commit 3d1edd1ebbc0aabea8bbe61903060f37137f7c61 +Author: djm@openbsd.org +Date: Fri Mar 2 02:51:55 2018 +0000 - upstream commit + upstream: better testing for port-forwarding and restrict flags in - Remove non-privsep test since disabling privsep is now - deprecated. + authorized_keys - Upstream-Regress-ID: 77ad3f3d8d52e87f514a80f285c6c1229b108ce8 + OpenBSD-Regress-ID: ee771df8955f2735df54746872c6228aff381daa -commit 239c57d5bc2253e27e3e6ad7ac52ec8c377ee24e -Author: dtucker@openbsd.org -Date: Fri Jul 28 10:32:08 2017 +0000 +commit 7c856857607112a3dfe6414696bf4c7ab7fb0cb3 +Author: djm@openbsd.org +Date: Sat Mar 3 03:15:51 2018 +0000 - upstream commit + upstream: switch over to the new authorized_keys options API and - Don't call fatal from stop_sshd since it calls cleanup - which calls stop_sshd which will probably fail in the same way. Instead, - just bail. Differentiate between sshd dying without cleanup and not shutting - down. + remove the legacy one. - Upstream-Regress-ID: f97315f538618b349e2b0bea02d6b0c9196c6bc4 + Includes a fairly big refactor of auth2-pubkey.c to retain less state + between key file lines. + + feedback and ok markus@ + + OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df -commit aea59a0d9f120f2a87c7f494a0d9c51eaa79b8ba +commit 90c4bec8b5f9ec4c003ae4abdf13fc7766f00c8b Author: djm@openbsd.org -Date: Thu Sep 14 04:32:21 2017 +0000 +Date: Sat Mar 3 03:06:02 2018 +0000 - upstream commit + upstream: Introduce a new API for handling authorized_keys options. - Revert commitid: gJtIN6rRTS3CHy9b. + This API parses options to a dedicated structure rather than the old API's + approach of setting global state. It also includes support for merging + options, e.g. from authorized_keys, authorized_principals and/or + certificates. - ------------- - identify the case where SSHFP records are missing but other DNS RR - types are present and display a more useful error message for this - case; patch by Thordur Bjornsson; bz#2501; ok dtucker@ - ------------- + feedback and ok markus@ - This caused unexpected failures when VerifyHostKeyDNS=yes, SSHFP results - are missing but the user already has the key in known_hosts + OpenBSD-Commit-ID: 98badda102cd575210d7802943e93a34232c80a2 + +commit 26074380767e639ef89321610e146ae11016b385 +Author: djm@openbsd.org +Date: Sat Mar 3 03:01:50 2018 +0000 + + upstream: warn when the agent returns a signature type that was - Spotted by dtucker@ + different to what was requested. This might happen when an old/non-OpenSSH + agent is asked to make a rsa-sha2-256/512 signature but only supports + ssh-rsa. bz#2799 feedback and ok markus@ - Upstream-ID: 97e31742fddaf72046f6ffef091ec0d823299920 + OpenBSD-Commit-ID: 760c0f9438c5c58abc16b5f98008ff2d95cb13ce -commit 871f1e4374420b07550041b329627c474abc3010 -Author: Damien Miller -Date: Tue Sep 12 18:01:35 2017 +1000 +commit f493d2b0b66fb003ed29f31dd66ff1aeb64be1fc +Author: jmc@openbsd.org +Date: Fri Mar 2 21:40:15 2018 +0000 - adapt portable to channels API changes + upstream: apply a lick of paint; tweaks/ok dtucker + + OpenBSD-Commit-ID: 518a6736338045e0037f503c21027d958d05e703 -commit 4ec0bb9f9ad7b4eb0af110fa8eddf8fa199e46bb +commit 713d9cb510e0e7759398716cbe6dcf43e574be71 Author: djm@openbsd.org -Date: Tue Sep 12 07:55:48 2017 +0000 +Date: Fri Mar 2 03:02:11 2018 +0000 - upstream commit + upstream: Allow escaped quotes \" and \' in ssh_config and - unused variable + sshd_config quotes option strings. bz#1596 ok markus@ - Upstream-ID: 2f9ba09f2708993d35eac5aa71df910dcc52bac1 + OpenBSD-Commit-ID: dd3a29fc2dc905e8780198e5a6a30b096de1a1cb -commit 9145a73ce2ba30c82bbf91d7205bfd112529449f +commit 94b4e2d29afaaaef89a95289b16c18bf5627f7cd Author: djm@openbsd.org -Date: Tue Sep 12 07:32:04 2017 +0000 +Date: Fri Mar 2 02:08:03 2018 +0000 - upstream commit + upstream: refactor sshkey_read() to make it a little more, err, - fix tun/tap forwarding case in previous + readable. ok markus - Upstream-ID: 43ebe37a930320e24bca6900dccc39857840bc53 + OpenBSD-Commit-ID: 2e9247b5762fdac3b6335dc606d3822121714c28 -commit 9f53229c2ac97dbc6f5a03657de08a1150a9ac7e -Author: djm@openbsd.org -Date: Tue Sep 12 06:35:31 2017 +0000 +commit 5886b92968b360623491699247caddfb77a74d80 +Author: markus@openbsd.org +Date: Thu Mar 1 20:32:16 2018 +0000 - upstream commit - - Make remote channel ID a u_int - - Previously we tracked the remote channel IDs in an int, but this is - strictly incorrect: the wire protocol uses uint32 and there is nothing - in-principle stopping a SSH implementation from sending, say, 0xffff0000. + upstream: missing #ifdef for _PATH_HOST_XMSS_KEY_FILE; report by - In practice everyone numbers their channels sequentially, so this has - never been a problem. + jmc@ - ok markus@ + OpenBSD-Commit-ID: 9039cb69a3f9886bfef096891a9e7fcbd620280b + +commit 3b36bed3d26f17f6a2b7e036e01777770fe1bcd4 +Author: dtucker@openbsd.org +Date: Mon Feb 26 12:14:53 2018 +0000 + + upstream: Remove unneeded (local) include. ok markus@ - Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73 + OpenBSD-Commit-ID: 132812dd2296b1caa8cb07d2408afc28e4e60f93 -commit dbee4119b502e3f8b6cd3282c69c537fd01d8e16 -Author: djm@openbsd.org -Date: Tue Sep 12 06:32:07 2017 +0000 +commit 27b9f3950e0289e225b57b7b880a8f1859dcd70b +Author: dtucker@openbsd.org +Date: Mon Feb 26 03:56:44 2018 +0000 - upstream commit + upstream: Add $OpenBSD$ markers to xmss files to help keep synced - refactor channels.c + with portable. ok djm@. - Move static state to a "struct ssh_channels" that is allocated at - runtime and tracked as a member of struct ssh. + OpenBSD-Commit-ID: 5233a27aafd1dfadad4b957225f95ae51eb365c1 + +commit afd830847a82ebbd5aeab05bad6d2c8ce74df1cd +Author: dtucker@openbsd.org +Date: Mon Feb 26 03:03:05 2018 +0000 + + upstream: Add newline at end of file to prevent compiler warnings. - Explicitly pass "struct ssh" to all channels functions. + OpenBSD-Commit-ID: 52f247d4eafe840c7c14c8befa71a760a8eeb063 + +commit 941e0d3e9bb8d5e4eb70cc694441445faf037c84 +Author: Darren Tucker +Date: Wed Feb 28 19:59:35 2018 +1100 + + Add WITH_XMSS, move to prevent conflicts. - Replace use of the legacy packet APIs in channels.c. + Add #ifdef WITH_XMSS to ssh-xmss.c, move it in the other files to after + includes.h so it's less likely to conflict and will pick up WITH_XMSS if + added to config.h. + +commit a10d8552d0d2438da4ed539275abcbf557d1e7a8 +Author: Darren Tucker +Date: Tue Feb 27 14:45:17 2018 +1100 + + Conditionally compile XMSS code. - Rework sshd_config PermitOpen handling: previously the configuration - parser would call directly into the channels layer. After the refactor - this is not possible, as the channels structures are allocated at - connection time and aren't available when the configuration is parsed. - The server config parser now tracks PermitOpen itself and explicitly - configures the channels code later. + The XMSS code is currently experimental and, unlike the rest of OpenSSH + cannot currently be compiled with a c89 compiler. + +commit 146c3bd28c8dbee9c4b06465d9c9facab96b1e9b +Author: Darren Tucker +Date: Mon Feb 26 12:51:29 2018 +1100 + + Check dlopen has RTLD_NOW before enabling pkcs11. + +commit 1323f120d06a26074c4d154fcbe7f49bcad3d741 +Author: Darren Tucker +Date: Tue Feb 27 08:41:25 2018 +1100 + + Check for attributes on prototype args. - ok markus@ + Some compilers (gcc 2.9.53, 3.0 and probably others, see gcc bug #3481) + do not accept __attribute__ on function pointer prototype args. Check for + this and hide them if they're not accepted. + +commit f0b245b0439e600fab782d19e97980e9f2c2533c +Author: Darren Tucker +Date: Mon Feb 26 11:43:48 2018 +1100 + + Check if HAVE_DECL_BZERO correctly. + +commit c7ef4a399155e1621a532cc5e08e6fa773658dd4 +Author: Darren Tucker +Date: Mon Feb 26 17:42:56 2018 +1100 + + Wrap in #ifdef HAVE_STDINT_H. + +commit ac53ce46cf8165cbda7f57ee045f9f32e1e92b31 +Author: Darren Tucker +Date: Mon Feb 26 16:24:23 2018 +1100 + + Replace $(CURDIR) with $(PWD). - Upstream-ID: 11828f161656b965cc306576422613614bea2d8f + The former doesn't work on Solaris or BSDs. -commit abd59663df37a42152e37980113ccaa405b9a282 -Author: djm@openbsd.org -Date: Thu Sep 7 23:48:09 2017 +0000 +commit 534b2680a15d14e7e60274d5b29b812d44cc5a44 +Author: Darren Tucker +Date: Mon Feb 26 14:51:59 2018 +1100 - upstream commit + Comment out hexdump(). - typo in comment + Nothing currently uses them but they cause conflicts on at least + FreeBSD, possibly others. ok djm@ + +commit 5aea4aa522f61bb2f34c3055a7de203909dfae77 +Author: Darren Tucker +Date: Mon Feb 26 14:39:14 2018 +1100 + + typo: missing ; + +commit cd3ab57f9b388f8b1abf601dc4d78ff82d83b75e +Author: Darren Tucker +Date: Mon Feb 26 14:37:06 2018 +1100 + + Hook up flock() compat code. - Upstream-ID: a93b1e6f30f1f9b854b5b964b9fd092d0c422c47 + Also a couple of minor changes: fail if we can't lock instead of + silently succeeding, and apply a couple of minor style fixes. -commit 149a8cd24ce9dd47c36f571738681df5f31a326c -Author: jmc@openbsd.org -Date: Mon Sep 4 06:34:43 2017 +0000 +commit b087998d1ba90dd1ddb6bfdb17873dc3e7392798 +Author: Darren Tucker +Date: Mon Feb 26 14:27:02 2018 +1100 - upstream commit + Import flock() compat from NetBSD. - tweak previous; + From NetBSD's src/trunk/tools/compat/flock.c, no OpenSSH changes yet. + +commit 89212533dde6798324e835b1499084658df4579e +Author: Darren Tucker +Date: Mon Feb 26 12:32:14 2018 +1100 + + Fix breakage when REGRESSTMP not set. - Upstream-ID: bb8cc40b61b15f6a13d81da465ac5bfc65cbfc4b + BUILDDIR is not set where used for REGRESSTMP, use make's CURDIR + instead. Pointed out by djm@. -commit ec9d22cc251cc5acfe7b2bcef9cc7a1fe0e949d8 +commit f885474137df4b89498c0b8834c2ac72c47aa4bd Author: Damien Miller -Date: Fri Sep 8 12:44:13 2017 +1000 +Date: Mon Feb 26 12:18:14 2018 +1100 - Fuzzer harnesses for sig verify and pubkey parsing - - These are some basic clang libfuzzer harnesses for signature - verification and public key parsing. Some assembly (metaphorical) - required. + XMSS-related files get includes.h -commit de35c382894964a896a63ecd5607d3a3b93af75d +commit 612faa34c72e421cdc9e63f624526bae62d557cc Author: Damien Miller -Date: Fri Sep 8 12:38:31 2017 +1000 +Date: Mon Feb 26 12:17:55 2018 +1100 - Give configure ability to set CFLAGS/LDFLAGS later - - Some CFLAGS/LDFLAGS may disrupt the configure script's operation, - in particular santization and fuzzer options that break assumptions - about memory and file descriptor dispositions. + object files end with .o - not .c + +commit bda709b8e13d3eef19e69c2d1684139e3af728f5 +Author: Damien Miller +Date: Mon Feb 26 12:17:22 2018 +1100 + + avoid inclusion of deprecated selinux/flask.h - This adds two flags to configure --with-cflags-after and - --with-ldflags-after that allow specifying additional compiler and - linker options that are added to the resultant Makefiles but not - used in the configure run itself. + Use string_to_security_class() instead. + +commit 2e396439365c4ca352cac222717d09b14f8a0dfd +Author: Damien Miller +Date: Mon Feb 26 11:48:27 2018 +1100 + + updatedepend + +commit 1b11ea7c58cd5c59838b5fa574cd456d6047b2d4 +Author: markus@openbsd.org +Date: Fri Feb 23 15:58:37 2018 +0000 + + upstream: Add experimental support for PQC XMSS keys (Extended - E.g. + Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS + in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See + https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok + djm@ - env CC=clang-3.9 ./configure \ - --with-cflags-after=-fsantize=address \ - --with-ldflags-after="-g -fsanitize=address" + OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac -commit 22376d27a349f62c502fec3396dfe0fdcb2a40b7 -Author: djm@openbsd.org -Date: Sun Sep 3 23:33:13 2017 +0000 +commit 7d330a1ac02076de98cfc8fda05353d57b603755 +Author: jmc@openbsd.org +Date: Fri Feb 23 07:38:09 2018 +0000 - upstream commit + upstream: some cleanup for BindInterface and ssh-keyscan; - Expand ssh_config's StrictModes option with two new - settings: + OpenBSD-Commit-ID: 1a719ebeae22a166adf05bea5009add7075acc8c + +commit c7b5a47e3b9db9a0f0198f9c90c705f6307afc2b +Author: Darren Tucker +Date: Sun Feb 25 23:55:41 2018 +1100 + + Invert sense of getpgrp test. - StrictModes=accept-new will automatically accept hitherto-unseen keys - but will refuse connections for changed or invalid hostkeys. + AC_FUNC_GETPGRP tests if getpgrp(0) works, which it does if it's not + declared. Instead, test if the zero-arg version we want to use works. + +commit b39593a6de5290650a01adf8699c6460570403c2 +Author: Darren Tucker +Date: Sun Feb 25 13:25:15 2018 +1100 + + Add no-op getsid implmentation. + +commit 11057564eb6ab8fd987de50c3d7f394c6f6632b7 +Author: Darren Tucker +Date: Sun Feb 25 11:22:57 2018 +1100 + + bsd-statvfs: include sys/vfs.h, check for f_flags. + +commit e9dede06e5bc582a4aeb5b1cd5a7a640d7de3609 +Author: Darren Tucker +Date: Sun Feb 25 10:20:31 2018 +1100 + + Handle calloc(0,x) where different from malloc. - StrictModes=off is the same as StrictModes=no + Configure assumes that if malloc(0) returns null then calloc(0,n) + also does. On some old platforms (SunOS4) malloc behaves as expected + (as determined by AC_FUNC_MALLOC) but calloc doesn't. Test for this + at configure time and activate the replacement function if found, plus + handle this case in rpl_calloc. + +commit 2eb4041493fd2635ffdc64a852d02b38c4955e0b +Author: Darren Tucker +Date: Sat Feb 24 21:06:48 2018 +1100 + + Add prototype for readv if needed. + +commit 6c8c9a615b6d31db8a87bc25033f053d5b0a831e +Author: Darren Tucker +Date: Sat Feb 24 20:46:37 2018 +1100 + + Check for raise and supply if needed. + +commit a9004425a032d7a7141a5437cfabfd02431e2a74 +Author: Darren Tucker +Date: Sat Feb 24 20:25:22 2018 +1100 + + Check for bzero and supply if needed. - Motivation: + Since explicit_bzero uses it via an indirect it needs to be a function + not just a macro. + +commit 1a348359e4d2876203b5255941bae348557f4f54 +Author: djm@openbsd.org +Date: Fri Feb 23 05:14:05 2018 +0000 + + upstream: Add ssh-keyscan -D option to make it print its results in - StrictModes=no combines two behaviours for host key processing: - automatically learning new hostkeys and continuing to connect to hosts - with invalid/changed hostkeys. The latter behaviour is quite dangerous - since it removes most of the protections the SSH protocol is supposed to - provide. + SSHFP format bz#2821, ok dtucker@ - Quite a few users want to automatically learn hostkeys however, so - this makes that feature available with less danger. + OpenBSD-Commit-ID: 831446b582e0f298ca15c9d99c415c899e392221 + +commit 3e19fb976a47b44b3d7c4f8355269f7f2c5dd82c +Author: dtucker@openbsd.org +Date: Fri Feb 23 04:18:46 2018 +0000 + + upstream: Add missing braces. - At some point in the future, StrictModes=no will change to be a synonym - for accept-new, with its current behaviour remaining available via - StrictModes=off. + Caught by the tinderbox's -Werror=misleading-indentation, ok djm@ - bz#2400, suggested by Michael Samuel; ok markus + OpenBSD-Commit-ID: d44656af594c3b2366eb87d6abcef83e1c88a6ca + +commit b59162da99399d89bd57f71c170c0003c55b1583 +Author: Darren Tucker +Date: Fri Feb 23 15:20:42 2018 +1100 + + Check for ifaddrs.h for BindInterface. - Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64 + BindInterface required getifaddr and friends so disable if not available + (eg Solaris 10). We should be able to add support for some systems with + a bit more work but this gets the building again. -commit ff3c42384033514e248ba5d7376aa033f4a2b99a -Author: jmc@openbsd.org -Date: Fri Sep 1 15:41:26 2017 +0000 +commit a8dd6fe0aa10b6866830b4688a73ef966f0aed88 +Author: Damien Miller +Date: Fri Feb 23 14:19:11 2018 +1100 - upstream commit + space before tab in previous + +commit b5e9263c7704247f9624c8f5c458e9181fcdbc09 +Author: dtucker@openbsd.org +Date: Fri Feb 9 03:40:22 2018 +0000 + + upstream: Replace fatal with exit in the case that we do not have - remove blank line; + $SUDO set. Prevents test failures when neither sudo nor doas are configured. - Upstream-ID: 2f46b51a0ddb3730020791719e94d3e418e9f423 + OpenBSD-Regress-ID: 6a0464decc4f8ac7d6eded556a032b0fc521bc7b -commit b828605d51f57851316d7ba402b4ae06cf37c55d +commit 3e9d3192ad43758ef761c5b0aa3ac5ccf8121ef2 +Author: Darren Tucker +Date: Fri Feb 23 14:10:53 2018 +1100 + + Use portable syntax for REGRESSTMP. + +commit 73282b61187883a2b2bb48e087fdda1d751d6059 Author: djm@openbsd.org -Date: Fri Sep 1 05:53:56 2017 +0000 +Date: Fri Feb 23 03:03:00 2018 +0000 - upstream commit + upstream: unbreak interop test after SSHv1 purge; patch from Colin - identify the case where SSHFP records are missing but - other DNS RR types are present and display a more useful error message for - this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@ + Watson via bz#2823 - Upstream-ID: 8f7a5a8344f684823d8317a9708b63e75be2c244 + OpenBSD-Regress-ID: 807d30a597756ed6612bdf46dfebca74f49cb31a -commit 8042bad97e2789a50e8f742c3bcd665ebf0add32 -Author: djm@openbsd.org -Date: Fri Sep 1 05:50:48 2017 +0000 +commit f8985dde5f46aedade0373365cbf86ed3f1aead2 +Author: dtucker@openbsd.org +Date: Fri Feb 9 03:42:57 2018 +0000 - upstream commit + upstream: Skip sftp-chroot test when SUDO not set instead of - document available AuthenticationMethods; bz#2453 ok - dtucker@ + fatal(). - Upstream-ID: 2c70576f237bb699aff59889dbf2acba4276d3d0 + OpenBSD-Regress-ID: cd4b5f1109b0dc09af4e5ea7d4968c43fbcbde88 -commit 71e5a536ec815d542b199f2ae6d646c0db9f1b58 -Author: djm@openbsd.org -Date: Wed Aug 30 03:59:08 2017 +0000 +commit df88551c02d4e3445c44ff67ba8757cff718609a +Author: dtucker@openbsd.org +Date: Fri Feb 9 03:40:22 2018 +0000 - upstream commit + upstream: Replace fatal with exit in the case that we do not have - pass packet state down to some of the channels function - (more to come...); ok markus@ + $SUDO set. Prevents test failures when neither sudo nor doas are configured. - Upstream-ID: d8ce7a94f4059d7ac1e01fb0eb01de0c4b36c81b + OpenBSD-Regress-ID: 6a0464decc4f8ac7d6eded556a032b0fc521bc7b -commit 6227fe5b362239c872b91bbdee4bf63cf85aebc5 -Author: jmc@openbsd.org -Date: Tue Aug 29 13:05:58 2017 +0000 +commit 3b252c20b19f093e87363de197f1100b79705dd3 +Author: djm@openbsd.org +Date: Thu Feb 8 08:46:20 2018 +0000 - upstream commit - - sort options; + upstream: some helpers to check verbose/quiet mode - Upstream-ID: cf21d68cf54e81968bca629aaeddc87f0c684f3c + OpenBSD-Regress-ID: e736aac39e563f5360a0935080a71d5fdcb976de -commit 530591a5795a02d01c78877d58604723918aac87 -Author: dlg@openbsd.org -Date: Tue Aug 29 09:42:29 2017 +0000 +commit ac2e3026bbee1367e4cda34765d1106099be3287 +Author: djm@openbsd.org +Date: Fri Feb 23 02:34:33 2018 +0000 - upstream commit + upstream: Add BindInterface ssh_config directive and -B - add a -q option to ssh-add to make it quiet on success. + command-line argument to ssh(1) that directs it to bind its outgoing + connection to the address of the specified network interface. - if you want to silence ssh-add without this you generally redirect - the output to /dev/null, but that can hide error output which you - should see. + BindInterface prefers to use addresses that aren't loopback or link- + local, but will fall back to those if no other addresses of the + required family are available on that interface. - ok djm@ + Based on patch by Mike Manning in bz#2820, ok dtucker@ - Upstream-ID: 2f31b9b13f99dcf587e9a8ba443458e6c0d8997c + OpenBSD-Commit-ID: c5064d285c2851f773dd736a2c342aa384fbf713 -commit a54eb27dd64b5eca3ba94e15cec3535124bd5029 -Author: dtucker@openbsd.org -Date: Sun Aug 27 00:38:41 2017 +0000 +commit fcdb9d777839a3fa034b3bc3067ba8c1f6886679 +Author: djm@openbsd.org +Date: Mon Feb 19 00:55:02 2018 +0000 - upstream commit + upstream: emphasise that the hostkey rotation may send key types - Increase the buffer sizes for user prompts to ensure that - they won't be truncated by snprintf. Based on patch from cjwatson at - debian.org via bz#2768, ok djm@ + that the client may not support, and that the client should simply disregard + such keys (this is what ssh does already). - Upstream-ID: 6ffacf1abec8f40b469de5b94bfb29997d96af3e + OpenBSD-Commit-ID: 65f8ffbc32ac8d12be8f913d7c0ea55bef8622bf -commit dd9d9b3381a4597b840d480b043823112039327e -Author: Darren Tucker -Date: Mon Aug 28 16:48:27 2017 +1000 +commit ce066f688dc166506c082dac41ca686066e3de5f +Author: Darren Tucker +Date: Thu Feb 22 20:45:09 2018 +1100 - Switch Capsicum header to sys/capsicum.h. + Add headers for sys/audit.h. - FreeBSD's was renamed to in 2014 to - avoid future conflicts with POSIX capabilities (the last release that - didn't have it was 9.3) so switch to that. Patch from des at des.no. + On some older platforms (at least sunos4, probably others) sys/audit.h + requires some other headers. Patch from klausz at haus-gisela.de. -commit f5e917ab105af5dd6429348d9bc463e52b263f92 -Author: Darren Tucker -Date: Sun Aug 27 08:55:40 2017 +1000 +commit 3fd2d2291a695c96a54269deae079bacce6e3fb9 +Author: Darren Tucker +Date: Mon Feb 19 18:37:40 2018 +1100 - Add missing includes for bsd-err.c. + Add REGRESSTMP make var override. - Patch from cjwatson at debian.org via bz#2767. + Defaults to original location ($srcdir/regress) but allows overriding + if desired, eg a directory in /tmp. -commit 878e029797cfc9754771d6f6ea17f8c89e11d225 -Author: Damien Miller -Date: Fri Aug 25 13:25:01 2017 +1000 +commit f8338428588f3ecb5243c86336eccaa28809f97e +Author: Darren Tucker +Date: Sun Feb 18 15:53:15 2018 +1100 - Split platform_sys_dir_uid into its own file + Remove now-unused check for getrusage. - platform.o is too heavy for libssh.a use; it calls into the server on - many platforms. Move just the function needed by misc.c into its own - file. - -commit 07949bfe9133234eddd01715592aa0dde67745f0 -Author: Damien Miller -Date: Wed Aug 23 20:13:18 2017 +1000 - - misc.c needs functions from platform.c now + getrusage was used in ssh-rand-helper but that's now long gone. + Patch from klauszh at haus-gisela.de. -commit b074c3c3f820000a21953441cea7699c4b17d72f -Author: djm@openbsd.org -Date: Fri Aug 18 05:48:04 2017 +0000 +commit 8570177195f6a4b3173c0a25484a83641ee3faa6 +Author: dtucker@openbsd.org +Date: Fri Feb 16 04:43:11 2018 +0000 - upstream commit + upstream: Don't send IUTF8 to servers that don't like them. - add a "quiet" flag to exited_cleanly() that supresses - errors about exit status (failure due to signal is still reported) + Some SSH servers eg "ConfD" drop the connection if the client sends the + new IUTF8 (RFC8160) terminal mode even if it's not set. Add a bug bit + for such servers and avoid sending IUTF8 to them. ok djm@ - Upstream-ID: db85c39c3aa08e6ff67fc1fb4ffa89f807a9d2f0 + OpenBSD-Commit-ID: 26425855402d870c3c0a90491e72e2a8a342ceda -commit de4ae07f12dabf8815ecede54235fce5d22e3f63 -Author: djm@openbsd.org -Date: Fri Aug 18 05:36:45 2017 +0000 +commit f6dc2ba3c9d12be53057b9371f5109ec553a399f +Author: Darren Tucker +Date: Fri Feb 16 17:32:28 2018 +1100 - upstream commit - - Move several subprocess-related functions from various - locations to misc.c. Extend subprocess() to offer a little more control over - stdio disposition. - - feedback & ok dtucker@ - - Upstream-ID: 3573dd7109d13ef9bd3bed93a3deb170fbfce049 + freezero should check for NULL. -commit 643c2ad82910691b2240551ea8b14472f60b5078 +commit 680321f3eb46773883111e234b3c262142ff7c5b Author: djm@openbsd.org -Date: Sat Aug 12 06:46:01 2017 +0000 +Date: Fri Feb 16 02:40:45 2018 +0000 - upstream commit + upstream: Mention recent DH KEX methods: - make "--" before the hostname terminate command-line - option processing completely; previous behaviour would not prevent further - options appearing after the hostname (ssh has a supported options after the - hostname for >20 years, so that's too late to change). + diffie-hellman-group14-sha256 + diffie-hellman-group16-sha512 + diffie-hellman-group18-sha512 - ok deraadt@ + From Jakub Jelen via bz#2826 - Upstream-ID: ef5ee50571b98ad94dcdf8282204e877ec88ad89 + OpenBSD-Commit-ID: 51bf769f06e55447f4bfa7306949e62d2401907a -commit 0f3455356bc284d7c6f4d3c1614d31161bd5dcc2 +commit 88c50a5ae20902715f0fca306bb9c38514f71679 Author: djm@openbsd.org -Date: Sat Aug 12 06:42:52 2017 +0000 +Date: Fri Feb 16 02:32:40 2018 +0000 - upstream commit + upstream: stop loading DSA keys by default, remove sshd_config - Switch from aes256-cbc to aes256-ctr for encrypting - new-style private keys. The latter having the advantage of being supported - for no-OpenSSL builds; bz#2754 ok markus@ + stanza and manpage bits; from Colin Watson via bz#2662, ok dtucker@ - Upstream-ID: 54179a2afd28f93470471030567ac40431e56909 + OpenBSD-Commit-ID: d33a849f481684ff655c140f5eb1b4acda8c5c09 -commit c4972d0a9bd6f898462906b4827e09b7caea2d9b -Author: djm@openbsd.org -Date: Fri Aug 11 04:47:12 2017 +0000 +commit d2b3db2860c962927def39a52f67f1c23f7b201a +Author: jsing@openbsd.org +Date: Wed Feb 14 16:27:24 2018 +0000 - upstream commit + upstream: Ensure that D mod (P-1) and D mod (Q-1) are calculated in - refuse to a private keys when its corresponding .pub key - does not match. bz#2737 ok dtucker@ + constant time. - Upstream-ID: 54ff5e2db00037f9db8d61690f26ef8f16e0d913 - -commit 4b3ecbb663c919132dddb3758e17a23089413519 -Author: djm@openbsd.org -Date: Fri Aug 11 04:41:08 2017 +0000 - - upstream commit + This avoids a potential side channel timing leak. - don't print verbose error message when ssh disconnects - under sftp; bz#2750; ok dtucker@ + ok djm@ markus@ - Upstream-ID: 6d83708aed77b933c47cf155a87dc753ec01f370 + OpenBSD-Commit-ID: 71ff3c16be03290e63d8edab8fac053d8a82968c -commit 42a8f8bc288ef8cac504c5c73f09ed610bc74a34 -Author: dtucker@openbsd.org -Date: Fri Aug 11 04:16:35 2017 +0000 +commit 4270efad7048535b4f250f493d70f9acfb201593 +Author: jsing@openbsd.org +Date: Wed Feb 14 16:03:32 2018 +0000 - upstream commit + upstream: Some obvious freezero() conversions. - Tweak previous keepalive commit: if last_time + keepalive - <= now instead of just "<" so client_alive_check will fire if the select - happens to return on exact second of the timeout. ok djm@ + This also zeros an ed25519_pk when it was not being zeroed previously. - Upstream-ID: e02756bd6038d11bb8522bfd75a4761c3a684fcc + ok djm@ dtucker@ + + OpenBSD-Commit-ID: 5c196a3c85c23ac0bd9b11bcadaedd90b7a2ce82 -commit b60ff20051ef96dfb207b6bfa45c0ad6c34a542a -Author: dtucker@openbsd.org -Date: Fri Aug 11 03:58:36 2017 +0000 +commit affa6ba67ffccc30b85d6e98f36eb5afd9386882 +Author: Darren Tucker +Date: Thu Feb 15 22:32:04 2018 +1100 - upstream commit - - Keep track of the last time we actually heard from the - client and use this to also schedule a client_alive_check(). Prevents - activity on a forwarded port from indefinitely preventing the select timeout - so that client_alive_check() will eventually (although not optimally) be - called. - - Analysis by willchan at google com via bz#2756, feedback & ok djm@ - - Upstream-ID: c08721e0bbda55c6d18e2760f3fe1b17fb71169e + Remove execute bit from modpipe.c. -commit 94bc1e7ffba3cbdea8c7dcdab8376bf29283128f -Author: Damien Miller -Date: Fri Jul 28 14:50:59 2017 +1000 +commit 9879dca438526ae6dfd656fecb26b0558c29c731 +Author: Darren Tucker +Date: Thu Feb 15 22:26:16 2018 +1100 - Expose list of completed auth methods to PAM - - bz#2408; ok dtucker@ + Update prngd link to point to sourceforge. -commit c78e6eec78c88acf8d51db90ae05a3e39458603d -Author: Damien Miller -Date: Fri Jul 21 14:38:16 2017 +1000 +commit b6973fa5152b1a0bafd2417b7c3ad96f6e87d014 +Author: Darren Tucker +Date: Thu Feb 15 22:22:38 2018 +1100 - fix problems in tunnel forwarding portability code - - This fixes a few problems in the tun forwarding code, mostly to do - with host/network byte order confusion. + Remove references to UNICOS. + +commit f1ca487940449f0b64f38f1da575078257609966 +Author: Darren Tucker +Date: Thu Feb 15 22:18:37 2018 +1100 + + Remove extra newline. + +commit 6d4e980f3cf27f409489cf89cd46c21501b13731 +Author: Darren Tucker +Date: Thu Feb 15 22:16:54 2018 +1100 + + OpenSSH's builtin entropy gathering is long gone. + +commit 389125b25d1a1d7f22e907463b7e8eca74af79ea +Author: Darren Tucker +Date: Thu Feb 15 21:43:01 2018 +1100 + + Replace remaining mysignal() with signal(). - Based on a report and patch by stepe AT centaurus.uberspace.de; - bz#2735; ok dtucker@ + These seem to have been missed during the replacement of mysignal + with #define signal in commit 5ade9ab. Both include the requisite + headers to pick up the #define. -commit 2985d4062ebf4204bbd373456a810d558698f9f5 -Author: dtucker@openbsd.org -Date: Tue Jul 25 09:22:25 2017 +0000 +commit 265d88d4e61e352de6791733c8b29fa3d7d0c26d +Author: Darren Tucker +Date: Thu Feb 15 20:06:19 2018 +1100 - upstream commit + Remove remaining now-obsolete cvs $Ids. + +commit 015749e9b1d2f6e14733466d19ba72f014d0845c +Author: Darren Tucker +Date: Thu Feb 15 17:01:54 2018 +1100 + + Regenerate dependencies after UNICOS removal. + +commit ddc0f3814881ea279a6b6d4d98e03afc60ae1ed7 +Author: Darren Tucker +Date: Tue Feb 13 09:10:46 2018 +1100 + + Remove UNICOS support. - Make WinSCP patterns for SSH_OLD_DHGEX more specific to - exclude WinSCP 5.10.x and up. bz#2748, from martin at winscp.net, ok djm@ + The code required to support it is quite invasive to the mainline + code that is synced with upstream and is an ongoing maintenance burden. + Both the hardware and software are literal museum pieces these days and + we could not find anyone still running OpenSSH on one. + +commit 174bed686968494723e6db881208cc4dac0d020f +Author: Darren Tucker +Date: Tue Feb 13 18:12:47 2018 +1100 + + Retpoline linker flag only needed for linking. + +commit 075e258c2cc41e1d7f3ea2d292c5342091728d40 +Author: Darren Tucker +Date: Tue Feb 13 17:36:43 2018 +1100 + + Default PidFile is sshd.pid not ssh.pid. + +commit 49f3c0ec47730ea264e2bd1e6ece11167d6384df +Author: Darren Tucker +Date: Tue Feb 13 16:27:09 2018 +1100 + + Remove assigned-to-but-never-used variable. - Upstream-ID: 6fd7c32e99af3952db007aa180e73142ddbc741a + 'p' was removed in previous change but I neglected to remove the + otherwise-unused assignment to it. -commit 9f0e44e1a0439ff4646495d5735baa61138930a9 +commit b8bbff3b3fc823bf80c5ab226c94f13cb887d5b1 Author: djm@openbsd.org -Date: Mon Jul 24 04:34:28 2017 +0000 +Date: Tue Feb 13 03:36:56 2018 +0000 - upstream commit - - g/c unused variable; make a little more portable + upstream: remove space before tab - Upstream-ID: 3f5980481551cb823c6fb2858900f93fa9217dea + OpenBSD-Commit-ID: 674edd214d0a7332dd4623c9cf8117301b012890 -commit 51676ec61491ec6d7cbd06082034e29b377b3bf6 -Author: djm@openbsd.org -Date: Sun Jul 23 23:37:02 2017 +0000 +commit 05046d907c211cb9b4cd21b8eff9e7a46cd6c5ab +Author: dtucker@openbsd.org +Date: Sun Feb 11 21:16:56 2018 +0000 - upstream commit + upstream Don't reset signal handlers inside handlers. - Allow IPQoS=none in ssh/sshd to not set an explicit - ToS/DSCP value and just use the operating system default; ok dtucker@ + The signal handlers from the original ssh1 code on which OpenSSH + is based assume unreliable signals and reinstall their handlers. + Since OpenBSD (and pretty much every current system) has reliable + signals this is not needed. In the unlikely even that -portable + is still being used on such systems we will deal with it in the + compat layer. ok deraadt@ - Upstream-ID: 77906ff8c7b660b02ba7cb1e47b17d66f54f1f7e + OpenBSD-Commit-ID: f53a1015cb6908431b92116130d285d71589612c -commit 6c1fbd5a50d8d2415f06c920dd3b1279b741072d -Author: Damien Miller -Date: Fri Jul 21 14:24:26 2017 +1000 +commit 3c51143c639ac686687c7acf9b373b8c08195ffb +Author: Darren Tucker +Date: Tue Feb 13 09:07:29 2018 +1100 - mention libedit + Whitespace sync with upstream. -commit dc2bd308768386b02c7337120203ca477e67ba62 -Author: markus@openbsd.org -Date: Wed Jul 19 08:30:41 2017 +0000 +commit 19edfd4af746bedf0df17f01953ba8c6d3186eb7 +Author: Darren Tucker +Date: Tue Feb 13 08:25:46 2018 +1100 - upstream commit + Whitespace sync with upstream. + +commit fbfa6f980d7460b3e12b0ce88ed3b6018edf4711 +Author: Darren Tucker +Date: Sun Feb 11 21:25:11 2018 +1300 + + Move signal compat code into bsd-signal.{c,h} + +commit 24d2a33bd3bf5170700bfdd8675498aa09a79eab +Author: Darren Tucker +Date: Sun Feb 11 21:20:39 2018 +1300 + + Include headers for linux/if.h. - fix support for unknown key types; ok djm@ + Prevents configure-time "present but cannot be compiled" warning. + +commit bc02181c24fc551aab85eb2cff0f90380928ef43 +Author: Darren Tucker +Date: Sun Feb 11 19:45:47 2018 +1300 + + Fix test for -z,retpolineplt linker flag. + +commit 3377df00ea3fece5293db85fe63baef33bf5152e +Author: Darren Tucker +Date: Sun Feb 11 09:32:37 2018 +1100 + + Add checks for Spectre v2 mitigation (retpoline) - Upstream-ID: 53fb29394ed04d616d65b3748dee5aa06b07ab48 + This adds checks for gcc and clang flags for mitigations for Spectre + variant 2, ie "retpoline". It'll automatically enabled if the compiler + supports it as part of toolchain hardening flag. ok djm@ -commit fd0e8fa5f89d21290b1fb5f9d110ca4f113d81d9 +commit d9e5cf078ea5380da6df767bb1773802ec557ef0 Author: djm@openbsd.org -Date: Wed Jul 19 01:15:02 2017 +0000 +Date: Sat Feb 10 09:25:34 2018 +0000 upstream commit - switch from select() to poll() for the ssh-agent - mainloop; ok markus + constify some private key-related functions; based on + https://github.com/openssh/openssh-portable/pull/56 by Vincent Brillault - Upstream-ID: 4a94888ee67b3fd948fd10693973beb12f802448 + OpenBSD-Commit-ID: dcb94a41834a15f4d00275cb5051616fdc4c988c -commit b1e72df2b813ecc15bd0152167bf4af5f91c36d3 -Author: dtucker@openbsd.org -Date: Fri Jul 14 03:18:21 2017 +0000 +commit a7c38215d564bf98e8e9eb40c1079e3adf686f15 +Author: djm@openbsd.org +Date: Sat Feb 10 09:03:54 2018 +0000 upstream commit - Make ""Killed by signal 1" LogLevel verbose so it's not - shown at the default level. Prevents it from appearing during ssh -J and - equivalent ProxyCommand configs. bz#1906, bz#2744, feedback&ok markus@ + Mention ServerAliveTimeout in context of TCPKeepAlives; + prompted by Christoph Anton Mitterer via github - Upstream-ID: debfaa7e859b272246c2f2633335d288d2e2ae28 + OpenBSD-Commit-ID: f0cf1b5bd3f1fbf41d71c88d75d93afc1c880ca2 -commit 1f3d202770a08ee6752ed2a234b7ca6f180eb498 -Author: jmc@openbsd.org -Date: Thu Jul 13 19:16:33 2017 +0000 +commit 62562ceae61e4f7cf896566592bb840216e71061 +Author: djm@openbsd.org +Date: Sat Feb 10 06:54:38 2018 +0000 upstream commit - man pages with pseudo synopses which list filenames end - up creating very ugly output in man -k; after some discussion with ingo, we - feel the simplest fix is to remove such SYNOPSIS sections: the info is hardly - helpful at page top, is contained already in FILES, and there are - sufficiently few that just zapping them is simple; - - ok schwarze, who also helpfully ran things through a build to check - output; + clarify IgnoreUserKnownHosts; based on github PR from + Christoph Anton Mitterer. - Upstream-ID: 3e211b99457e2f4c925c5927d608e6f97431336c + OpenBSD-Commit-ID: 4fff2c17620c342fb2f1f9c2d2e679aab3e589c3 -commit 7f13a4827fb28957161de4249bd6d71954f1f2ed -Author: espie@openbsd.org -Date: Mon Jul 10 14:09:59 2017 +0000 +commit 4f011daa4cada6450fa810f7563b8968639bb562 +Author: djm@openbsd.org +Date: Sat Feb 10 06:40:28 2018 +0000 upstream commit - zap redundant Makefile variables. okay djm@ + Shorter, more accurate explanation of + NoHostAuthenticationForLocalhost without the confusing example. Prompted by + Christoph Anton Mitterer via github and bz#2293. - Upstream-ID: e39b3902fe1d6c4a7ba6a3c58e072219f3c1e604 + OpenBSD-Commit-ID: 19dc96bea25b80d78d416b581fb8506f1e7b76df -commit dc44dd3a9e2c9795394e6a7e1e71c929cbc70ce0 -Author: jmc@openbsd.org -Date: Sat Jul 8 18:32:54 2017 +0000 +commit 77e05394af21d3f5faa0c09ed3855e4505a5cf9f +Author: djm@openbsd.org +Date: Sat Feb 10 06:15:12 2018 +0000 upstream commit - slightly rework previous, to avoid an article issue; + Disable RemoteCommand and RequestTTY in the ssh session + started by scp. sftp is already doing this. From Camden Narzt via github; ok + dtucker - Upstream-ID: 15a315f0460ddd3d4e2ade1f16d6c640a8c41b30 + OpenBSD-Commit-ID: 59e2611141c0b2ee579c6866e8eb9d7d8217bc6b -commit 853edbe057a84ebd0024c8003e4da21bf2b469f7 +commit ca613249a00b64b2eea9f52d3834b55c28cf2862 Author: djm@openbsd.org -Date: Fri Jul 7 03:53:12 2017 +0000 +Date: Sat Feb 10 05:48:46 2018 +0000 upstream commit - When generating all hostkeys (ssh-keygen -A), clobber - existing keys if they exist but are zero length. zero-length keys could - previously be made if ssh-keygen failed part way through generating them, so - avoid that case too. bz#2561 reported by Krzysztof Cieplucha; ok dtucker@ + Refuse to create a certificate with an unusable number of + principals; Prompted by gdestuynder via github - Upstream-ID: f662201c28ab8e1f086b5d43c59cddab5ade4044 + OpenBSD-Commit-ID: 8cfae2451e8f07810e3e2546dfdcce66984cbd29 -commit 43616876ba68a2ffaece6a6c792def4b039f2d6e +commit b56ac069d46b6f800de34e1e935f98d050731d14 Author: djm@openbsd.org -Date: Sat Jul 1 22:55:44 2017 +0000 +Date: Sat Feb 10 05:43:26 2018 +0000 upstream commit - actually remove these files + fatal if we're unable to write all the public key; previously + we would silently ignore errors writing the comment and terminating newline. + Prompted by github PR from WillerZ; ok dtucker - Upstream-ID: 1bd41cba06a7752de4df304305a8153ebfb6b0ac + OpenBSD-Commit-ID: 18fbfcfd4e8c6adbc84820039b64d70906e49831 -commit 83fa3a044891887369ce8b487ce88d713a04df48 -Author: djm@openbsd.org -Date: Sat Jul 1 13:50:45 2017 +0000 +commit cdb10bd431f9f6833475c27e9a82ebb36fdb12db +Author: Darren Tucker +Date: Sat Feb 10 11:18:38 2018 +1100 - upstream commit - - remove post-SSHv1 removal dead code from rsa.c and merge - the remaining bit that it still used into ssh-rsa.c; ok markus + Add changelog entry for binary strip change. + +commit fbddd91897cfaf456bfc2081f39fb4a2208a0ebf +Author: Darren Tucker +Date: Sat Feb 10 11:14:54 2018 +1100 + + Remove unused variables. + +commit 937d96587df99c16c611d828cded292fa474a32b +Author: Darren Tucker +Date: Sat Feb 10 11:12:45 2018 +1100 + + Don't strip binaries so debuginfo gets built. - Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f + Tell install not to strip binaries during package creation so that the + debuginfo package can be built. -commit 738c73dca2c99ee78c531b4cbeefc2008fe438f0 -Author: Damien Miller -Date: Fri Jul 14 14:26:36 2017 +1000 +commit eb0865f330f59c889ec92696b97bd397090e720c +Author: Darren Tucker +Date: Sat Feb 10 10:33:11 2018 +1100 - make explicit_bzero/memset safe for sz=0 + Fix bogus dates in changelog. -commit 8433d51e067e0829f5521c0c646b6fd3fe17e732 -Author: Tim Rice -Date: Tue Jul 11 18:47:56 2017 -0700 +commit 7fbde1b34c1f6c9ca9e9d10805ba1e5e4538e165 +Author: Darren Tucker +Date: Sat Feb 10 10:25:15 2018 +1100 - modified: configure.ac - UnixWare needs BROKEN_TCGETATTR_ICANON like Solaris - Analysis by Robbie Zhang + Remove SSH1 from description. -commit ff3507aea9c7d30cd098e7801e156c68faff7cc7 -Author: Damien Miller -Date: Fri Jul 7 11:21:27 2017 +1000 +commit 9c34a76f099c4e0634bf6ecc2f40ce93925402c4 +Author: Darren Tucker +Date: Sat Feb 10 10:19:16 2018 +1100 - typo + Add support for compat-openssl10 build dep. -commit d79bceb9311a9c137d268f5bc481705db4151810 -Author: dtucker@openbsd.org -Date: Fri Jun 30 04:17:23 2017 +0000 +commit 04f4e8193cb5a5a751fcc356bd6656291fec539e +Author: Darren Tucker +Date: Sat Feb 10 09:57:04 2018 +1100 - upstream commit - - Only call close once in confree(). ssh_packet_close will - close the FD so only explicitly close non-SSH channels. bz#2734, from - bagajjal at microsoft.com, ok djm@ + Add leading zero so it'll work when rhel not set. - Upstream-ID: a81ce0c8b023527167739fccf1732b154718ab02 + When rhel is not set it will error out with "bad if". Add leading zero + as per https://fedoraproject.org/wiki/Packaging:DistTag so it'll work + on non-RHEL. -commit 197dc9728f062e23ce374f44c95a2b5f9ffa4075 -Author: Darren Tucker -Date: Thu Jun 29 15:40:25 2017 +1000 +commit 12abd67a6af28476550807a443b38def2076bb92 +Author: Darren Tucker +Date: Sat Feb 10 09:56:34 2018 +1100 - Update link for my patches. + Update openssl-devel dependency. -commit a98339edbc1fc21342a390f345179a9c3031bef7 -Author: djm@openbsd.org -Date: Wed Jun 28 01:09:22 2017 +0000 +commit b33e7645f8813719d7f9173fef24463c8833ebb3 +Author: nkadel +Date: Sun Nov 16 18:19:58 2014 -0500 - upstream commit - - Allow ssh-keygen to use a key held in ssh-agent as a CA when - signing certificates. bz#2377 ok markus + Add mandir with-mandir' for RHEL 5 compatibility. - Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f + Activate '--mandir' and '--with-mandir' settings in setup for RHEL + 5 compatibility. -commit c9cdef35524bd59007e17d5bd2502dade69e2dfb -Author: djm@openbsd.org -Date: Sat Jun 24 06:35:24 2017 +0000 +commit 94f8bf360eb0162e39ddf39d69925c2e93511e40 +Author: nkadel +Date: Sun Nov 16 18:18:51 2014 -0500 - upstream commit + Discard 'K5DIR' reporting. - regress test for ExposeAuthInfo + It does not work inside 'mock' build environment. + +commit bb7e54dbaf34b70b3e57acf7982f3a2136c94ee5 +Author: nkadel +Date: Sun Nov 16 18:17:15 2014 -0500 + + Add 'dist' to 'rel' for OS specific RPM names. + +commit 87346f1f57f71150a9b8c7029d8c210e27027716 +Author: nkadel +Date: Sun Nov 16 14:17:38 2014 -0500 + + Add openssh-devel >= 0.9.8f for redhat spec file. + +commit bec1478d710866d3c1b119343a35567a8fc71ec3 +Author: nkadel +Date: Sun Nov 16 13:10:24 2014 -0500 + + Enhance BuildRequires for openssh-x11-askpass. + +commit 3104fcbdd3c70aefcb0cdc3ee24948907db8dc8f +Author: nkadel +Date: Sun Nov 16 13:04:14 2014 -0500 + + Always include x11-ssh-askpass SRPM. - Upstream-Regress-ID: 190e5b6866376f4061c411ab157ca4d4e7ae86fd + Always include x11-ssh-askpass tarball in redhat SRPM, even if unused. -commit f17ee61cad25d210edab69d04ed447ad55fe80c1 -Author: djm@openbsd.org -Date: Sat Jun 24 07:08:57 2017 +0000 +commit c61d0d038d58eebc365f31830be6e04ce373ad1b +Author: Damien Miller +Date: Sat Feb 10 09:43:12 2018 +1100 + + this is long unused; prompted by dtucker@ + +commit 745771fb788e41bb7cdad34e5555bf82da3af7ed +Author: dtucker@openbsd.org +Date: Fri Feb 9 02:37:36 2018 +0000 upstream commit - correct env var name + Remove unused sKerberosTgtPassing from enum. From + calestyo via github pull req #11, ok djm@ - Upstream-ID: 721e761c2b1d6a4dcf700179f16fd53a1dadb313 + OpenBSD-Commit-ID: 1008f8870865a7c4968b7aed402a0a9e3e5b9540 -commit 40962198e3b132cecdb32e9350acd4294e6a1082 -Author: jmc@openbsd.org -Date: Sat Jun 24 06:57:04 2017 +0000 +commit 1f385f55332db830b0ae22a7663b98279ca2d657 +Author: dtucker@openbsd.org +Date: Thu Feb 8 04:12:32 2018 +0000 upstream commit - spelling; + Rename struct umac_ctx to umac128_ctx too. In portable + some linkers complain about two symbols with the same name having differing + sizes. ok djm@ - Upstream-ID: 606f933c8e2d0be902ea663946bc15e3eee40b25 + OpenBSD-Commit-ID: cbebf8bdd3310a9795b4939a1e112cfe24061ca3 -commit 33f86265d7e8a0e88d3a81745d746efbdd397370 -Author: djm@openbsd.org -Date: Sat Jun 24 06:38:11 2017 +0000 +commit f1f047fb031c0081dbc8738f05bf5d4cc47acadf +Author: dtucker@openbsd.org +Date: Wed Feb 7 22:52:45 2018 +0000 upstream commit - don't pass pointer to struct sshcipher between privsep - processes, just redo the lookup in each using the already-passed cipher name. - bz#2704 based on patch from Brooks Davis; ok markus dtucker + ssh_free checks for and handles NULL args, remove NULL + checks from remaining callers. ok djm@ - Upstream-ID: 2eab434c09bdf549dafd7da3e32a0d2d540adbe0 + OpenBSD-Commit-ID: bb926825c53724c069df68a93a2597f9192f7e7b -commit 8f574959272ac7fe9239c4f5d10fd913f8920ab0 -Author: djm@openbsd.org -Date: Sat Jun 24 06:34:38 2017 +0000 +commit aee49b2a89b6b323c80dd3b431bd486e51f94c8c +Author: Darren Tucker +Date: Thu Feb 8 12:36:22 2018 +1100 - upstream commit + Set SO_REUSEADDR in regression test netcat. - refactor authentication logging + Sometimes multiplex tests fail on Solaris with "netcat: local_listen: + Address already in use" which is likely due to previous invocations + leaving the port in TIME_WAIT. Set SO_REUSEADDR (in addition to + SO_REUSEPORT which is alread set on platforms that support it). ok djm@ + +commit 1749991c55bab716877b7c687cbfbf19189ac6f1 +Author: jsing@openbsd.org +Date: Wed Feb 7 05:17:56 2018 +0000 + + upstream commit - optionally record successful auth methods and public credentials - used in a file accessible to user sessions + Convert some explicit_bzero()/free() calls to freezero(). - feedback and ok markus@ + ok deraadt@ dtucker@ - Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb + OpenBSD-Commit-ID: f566ab99149650ebe58b1d4b946ea726c3829609 -commit e2004d4bb7eb01c663dd3a3e7eb224f1ccdc9bba -Author: jmc@openbsd.org -Date: Sat Jun 24 06:28:50 2017 +0000 +commit 94ec2b69d403f4318b7a0d9b17f8bc3efbf4d0d2 +Author: jsing@openbsd.org +Date: Wed Feb 7 05:15:49 2018 +0000 upstream commit - word fix; + Remove some #ifdef notyet code from OpenSSL 0.9.8 days. - Upstream-ID: 8539bdaf2366603a34a9b2f034527ca13bb795c5 + These functions have never appeared in OpenSSL and are likely never to do + so. + + "kill it with fire" djm@ + + OpenBSD-Commit-ID: fee9560e283fd836efc2631ef381658cc673d23e -commit 4540428cd0adf039bcf5a8a27f2d5cdf09191513 -Author: djm@openbsd.org -Date: Sat Jun 24 05:37:44 2017 +0000 +commit 7cd31632e3a6607170ed0c9ed413a7ded5b9b377 +Author: jsing@openbsd.org +Date: Wed Feb 7 02:06:50 2018 +0000 upstream commit - switch sshconnect.c from (slightly abused) select() to - poll(); ok deraadt@ a while back + Remove all guards for calls to OpenSSL free functions - + all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards. - Upstream-ID: efc1937fc591bbe70ac9e9542bb984f354c8c175 + Prompted by dtucker@ asking about guards for RSA_free(), when looking at + openssh-portable pr#84 on github. + + ok deraadt@ dtucker@ + + OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae -commit 6f8ca3b92540fa1a9b91670edc98d15448e3d765 -Author: djm@openbsd.org -Date: Sat Jun 24 05:35:05 2017 +0000 +commit 3c000d57d46882eb736c6563edfc4995915c24a2 +Author: Darren Tucker +Date: Wed Feb 7 09:19:38 2018 +1100 - upstream commit - - use HostKeyAlias if specified instead of hostname for - matching host certificate principal names; bz#2728; ok dtucker@ + Remove obsolete "Smartcard support" message - Upstream-ID: dc2e11c83ae9201bbe74872a0c895ae9725536dd + The configure checks that populated $SCARD_MSG were removed in commits + 7ea845e4 and d8f60022 when the smartcard support was replaced with + PKCS#11. -commit 8904ffce057b80a7472955f1ec00d7d5c250076c -Author: djm@openbsd.org -Date: Sat Jun 24 05:24:11 2017 +0000 +commit 3e615090de0ce36a833d811e01c28aec531247c4 +Author: dtucker@openbsd.org +Date: Tue Feb 6 06:01:54 2018 +0000 upstream commit - no need to call log_init to reinitialise logged PID in - child sessions, since we haven't called openlog() in log_init() since 1999; - ok markus@ + Replace "trojan horse" with the correct term (MITM). + From maikel at predikkta.com via bz#2822, ok markus@ - Upstream-ID: 0906e4002af5d83d3d544df75e1187c932a3cf2e + OpenBSD-Commit-ID: e86ac64c512057c89edfadb43302ac0aa81a6c53 -commit e238645d789cd7eb47541b66aea2a887ea122c9b -Author: mestre@openbsd.org -Date: Fri Jun 23 07:24:48 2017 +0000 +commit 3484380110d437c50e17f87d18544286328c75cb +Author: tb@openbsd.org +Date: Mon Feb 5 05:37:46 2018 +0000 upstream commit - When using the escape sequence &~ the code path is - client_loop() -> client_simple_escape_filter() -> process_escapes() -> fork() - and the pledge for this path lacks the proc promise and therefore aborts the - process. The solution is to just add proc the promise to this specific - pledge. + Add a couple of non-negativity checks to avoid close(-1). - Reported by Gregoire Jadi gjadi ! omecha.info - Insight with tb@, OK jca@ + ok djm - Upstream-ID: 63c05e30c28209519f476023b65b0b1b0387a05b + OpenBSD-Commit-ID: 4701ce0b37161c891c838d0931305f1d37a50880 -commit 5abbb31c4e7a6caa922cc1cbb14e87a77f9d19d3 -Author: dtucker@openbsd.org -Date: Fri Jun 23 03:30:42 2017 +0000 +commit 5069320be93c8b2a6584b9f944c86f60c2b04e48 +Author: tb@openbsd.org +Date: Mon Feb 5 05:36:49 2018 +0000 upstream commit - Import regenerated moduli. + The file descriptors for socket, stdin, stdout and stderr + aren't necessarily distinct, so check if they are the same to avoid closing + the same fd several times. - Upstream-ID: b25bf747544265b39af74fe0716dc8d9f5b63b95 + ok djm + + OpenBSD-Commit-ID: 60d71fd22e9a32f5639d4ba6e25a2f417fc36ac1 -commit 849c5468b6d9b4365784c5dd88e3f1fb568ba38f -Author: dtucker@openbsd.org -Date: Fri Jun 23 03:25:53 2017 +0000 +commit 2b428f90ea1b21d7a7c68ec1ee334253b3f9324d +Author: djm@openbsd.org +Date: Mon Feb 5 04:02:53 2018 +0000 upstream commit - Run the screen twice so we end up with more candidate - groups. ok djm@ + I accidentially a word - Upstream-ID: b92c93266d8234d493857bb822260dacf4366157 + OpenBSD-Commit-ID: 4547ee713fa941da861e83ae7a3e6432f915e14a -commit 4626e39c7053c6486c1c8b708ec757e464623f5f -Author: dtucker@openbsd.org -Date: Wed Jun 14 00:31:38 2017 +0000 +commit 130283d5c2545ff017c2162dc1258c5354e29399 +Author: djm@openbsd.org +Date: Thu Jan 25 03:34:43 2018 +0000 upstream commit - Add user@host prefix to client's "Permisison denied" - messages, useful in particular when using "stacked" connections where it's - not clear which host is denying. bz#2720, ok djm@ markus@ + certificate options are case-sensitive; fix case on one + that had it wrong. - Upstream-ID: de88e1e9dcb050c98e85377482d1287a9fe0d2be + move a badly-place sentence to a less bad place + + OpenBSD-Commit-ID: 231e516bba860699a1eece6d48532d825f5f747b -commit c948030d54911b2d3cddb96a7a8e9269e15d11cd -Author: djm@openbsd.org -Date: Tue Jun 13 12:13:59 2017 +0000 +commit 89f09ee68730337015bf0c3f138504494a34e9a6 +Author: Damien Miller +Date: Wed Jan 24 12:20:44 2018 +1100 + + crypto_api.h needs includes.h + +commit c9c1bba06ad1c7cad8548549a68c071bd807af60 +Author: stsp@openbsd.org +Date: Tue Jan 23 20:00:58 2018 +0000 upstream commit - Do not require that unknown EXT_INFO extension values not - contain \0 characters. This would cause fatal connection errors if an - implementation sent e.g. string-encoded sub-values inside a value. - - Reported by Denis Bider; ok markus@ + Fix a logic bug in sshd_exchange_identification which + prevented clients using major protocol version 2 from connecting to the + server. ok millert@ - Upstream-ID: 030e10fdc605563c040244c4b4f1d8ae75811a5c + OpenBSD-Commit-ID: 8668dec04586e27f1c0eb039ef1feb93d80a5ee9 -commit 6026f48dfca78b713e4a7f681ffa42a0afe0929e -Author: djm@openbsd.org -Date: Tue Jun 13 11:22:15 2017 +0000 +commit a60c5dcfa2538ffc94dc5b5adb3db5b6ed905bdb +Author: stsp@openbsd.org +Date: Tue Jan 23 18:33:49 2018 +0000 upstream commit - missing prototype. + Add missing braces; fixes 'write: Socket is not + connected' error in ssh. ok deraadt@ - Upstream-ID: f443d2be9910fd2165a0667956d03343c46f66c9 + OpenBSD-Commit-ID: db73a3a9e147722d410866cac34d43ed52e1ad24 -commit bcd1485075aa72ba9418003f5cc27af2b049c51b +commit 20d53ac283e1c60245ea464bdedd015ed9b38f4a Author: Damien Miller -Date: Sat Jun 10 23:41:25 2017 +1000 +Date: Tue Jan 23 16:49:43 2018 +1100 - portability for sftp globbed ls sort by mtime - - Include replacement timespeccmp() for systems that lack it. - Support time_t struct stat->st_mtime in addition to - timespec stat->st_mtim, as well as unsorted fallback. + rebuild depends -commit 072e172f1d302d2a2c6043ecbfb4004406717b96 +commit 552ea155be44f9c439c1f9f0c38f9e593428f838 +Author: Damien Miller +Date: Tue Jan 23 16:49:22 2018 +1100 + + one SSH_BUG_BANNER instance that got away + +commit 14b5c635d1190633b23ac3372379517fb645b0c2 Author: djm@openbsd.org -Date: Sat Jun 10 06:36:46 2017 +0000 +Date: Tue Jan 23 05:27:21 2018 +0000 upstream commit - print '?' instead of incorrect link count (that the - protocol doesn't provide) for remote listings. bz#2710 ok dtucker@ + Drop compatibility hacks for some ancient SSH + implementations, including ssh.com <=2.* and OpenSSH <= 3.*. - Upstream-ID: c611f98a66302cea452ef10f13fff8cf0385242e + These versions were all released in or before 2001 and predate the + final SSH RFCs. The hacks in question aren't necessary for RFC- + compliant SSH implementations. + + ok markus@ + + OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138 -commit 72be5b2f8e7dc37235e8c4b8d0bc7b5ee1301505 +commit 7c77991f5de5d8475cbeb7cbb06d0c7d1611d7bb Author: djm@openbsd.org -Date: Sat Jun 10 06:33:34 2017 +0000 +Date: Tue Jan 23 05:17:04 2018 +0000 upstream commit - implement sorting for globbed ls; bz#2649 ok dtucker@ + try harder to preserve errno during + ssh_connect_direct() to make the final error message possibly accurate; + bz#2814, ok dtucker@ - Upstream-ID: ed3110f351cc9703411bf847ba864041fb7216a8 + OpenBSD-Commit-ID: 57de882cb47381c319b04499fef845dd0c2b46ca -commit 5b2f34a74aa6a524cd57e856b23e1b7b25007721 +commit 9e9c4a7e57b96ab29fe6d7545ed09d2e5bddbdec Author: djm@openbsd.org -Date: Fri Jun 9 06:47:13 2017 +0000 +Date: Tue Jan 23 05:12:12 2018 +0000 upstream commit - return failure rather than fatal() for more cases during - mux negotiations. Causes the session to fall back to a non-mux connection if - they occur. bz#2707 ok dtucker@ + unbreak support for clients that advertise a protocol + version of "1.99" (indicating both v2 and v1 support). Busted by me during + SSHv1 purge in r1.358; bz2810, ok dtucker - Upstream-ID: d2a7892f464d434e1f615334a1c9d0cdb83b29ab + OpenBSD-Commit-ID: e8f9c2bee11afc16c872bb79d6abe9c555bd0e4b -commit 7f5637c4a67a49ef256cb4eedf14e8590ac30976 +commit fc21ea97968264ad9bb86b13fedaaec8fd3bf97d Author: djm@openbsd.org -Date: Fri Jun 9 06:43:01 2017 +0000 +Date: Tue Jan 23 05:06:25 2018 +0000 upstream commit - in description of public key authentication, mention that - the server will send debug messages to the client for some error conditions - after authentication has completed. bz#2709 ok dtucker + don't attempt to force hostnames that are addresses to + lowercase, but instead canonicalise them through getnameinfo/getaddrinfo to + remove ambiguities (e.g. ::0001 => ::1) before they are matched against + known_hosts; bz#2763, ok dtucker@ - Upstream-ID: 750127dbd58c5a2672c2d28bc35fe221fcc8d1dd + OpenBSD-Commit-ID: ba0863ff087e61e5c65efdbe53be3cb92c9aefa0 -commit 2076e4adb986512ce8c415dd194fd4e52136c4b4 +commit d6364f6fb1a3d753d7ca9bf15b2adce961324513 Author: djm@openbsd.org -Date: Fri Jun 9 06:40:24 2017 +0000 +Date: Tue Jan 23 05:01:15 2018 +0000 upstream commit - better translate libcrypto errors by looking deeper in - the accursed error stack for codes that indicate the wrong passphrase was - supplied for a PEM key. bz#2699 ok dtucker@ + avoid modifying pw->pw_passwd; let endpwent() clean up + for us, but keep a scrubbed copy; bz2777, ok dtucker@ - Upstream-ID: 4da4286326d570f4f0489459bb71f6297e54b681 + OpenBSD-Commit-ID: 715afc0f59c6b82c4929a73279199ed241ce0752 -commit ad0531614cbe8ec424af3c0fa90c34a8e1ebee4c -Author: dtucker@openbsd.org -Date: Fri Jun 9 04:40:04 2017 +0000 +commit a69bbb07cd6fb4dfb9bdcacd370ab26d0a2b4215 +Author: naddy@openbsd.org +Date: Sat Jan 13 00:24:09 2018 +0000 upstream commit - Add comments referring to the relevant RFC sections for - rekeying behaviour. + clarify authorship; prodded by and ok markus@ - Upstream-ID: 6fc8e82485757a27633f9175ad00468f49a07d40 + OpenBSD-Commit-ID: e1938eee58c89b064befdabe232835fa83bb378c -commit ce9134260b9b1247e2385a1afed00c26112ba479 -Author: Damien Miller -Date: Fri Jun 9 14:43:47 2017 +1000 +commit 04214b30be3d3e73a01584db4e040d5ccbaaddd4 +Author: markus@openbsd.org +Date: Mon Jan 8 15:37:21 2018 +0000 - drop two more privileges in the Solaris sandbox + upstream commit - Drop PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO. - Patch from huieying.lee AT oracle.com via bz#2723 - -commit e0f609c8a2ab940374689ab8c854199c3c285a76 -Author: Darren Tucker -Date: Fri Jun 9 13:36:29 2017 +1000 - - Wrap stdint.h include in #ifdef. + group shared source files (e.g. SRCS_KEX) and allow + compilation w/o OPENSSL ok djm@ + + OpenBSD-Commit-ID: fa728823ba21c4b45212750e1d3a4b2086fd1a62 -commit 1de5e47a85850526a4fdaf77185134046c050f75 -Author: djm@openbsd.org -Date: Wed Jun 7 01:48:15 2017 +0000 +commit 25cf9105b849932fc3b141590c009e704f2eeba6 +Author: markus@openbsd.org +Date: Mon Jan 8 15:21:49 2018 +0000 upstream commit - unbreak after sshv1 purge + move subprocess() so scp/sftp do not need uidswap.o; ok + djm@ - Upstream-Regress-ID: 8ea01a92d5f571b9fba88c1463a4254a7552d51b + OpenBSD-Commit-ID: 6601b8360388542c2e5fef0f4085f8e54750bea8 -commit 550c053168123fcc0791f9952abad684704b5760 -Author: dtucker@openbsd.org -Date: Tue Jun 6 09:12:17 2017 +0000 +commit b0d34132b3ca26fe94013f01d7b92101e70b68bb +Author: markus@openbsd.org +Date: Mon Jan 8 15:18:46 2018 +0000 upstream commit - Fix compression output stats broken in rev 1.201. Patch - originally by Russell Coker via Debian bug #797964 and Christoph Biedl. ok - djm@ + switch ssh-pkcs11-helper to new API; ok djm@ - Upstream-ID: 83a1903b95ec2e4ed100703debb4b4a313b01016 + OpenBSD-Commit-ID: e0c0ed2a568e25b1d2024f3e630f3fea837c2a42 -commit 55d06c6e72a9abf1c06a7ac2749ba733134a1f39 -Author: djm@openbsd.org -Date: Fri Jun 2 06:06:10 2017 +0000 +commit ec4a9831184c0c6ed5f7f0cfff01ede5455465a3 +Author: markus@openbsd.org +Date: Mon Jan 8 15:15:36 2018 +0000 upstream commit - rationalise the long list of manual CDIAGFLAGS that we - add; most of these were redundant to -Wall -Wextra + split client/server kex; only ssh-keygen needs + uuencode.o; only scp/sftp use progressmeter.o; ok djm@ - Upstream-ID: ea80f445e819719ccdcb237022cacfac990fdc5c + OpenBSD-Commit-ID: f2c9feb26963615c4fece921906cf72e248b61ee -commit 1527d9f61e6d50f6c2b4a3fa5b45829034b1b0b1 -Author: djm@openbsd.org -Date: Thu Jun 1 06:59:21 2017 +0000 +commit ec77efeea06ac62ee1d76fe0b3225f3000775a9e +Author: markus@openbsd.org +Date: Mon Jan 8 15:15:17 2018 +0000 upstream commit - no need to bzero allocated space now that we use use - recallocarray; ok deraadt@ + only ssh-keygen needs uuencode.o; only scp/sftp use + progressmeter.o - Upstream-ID: 53333c62ccf97de60b8cb570608c1ba5ca5803c8 + OpenBSD-Commit-ID: a337e886a49f96701ccbc4832bed086a68abfa85 -commit cc812baf39b93d5355565da98648d8c31f955990 -Author: djm@openbsd.org -Date: Thu Jun 1 06:58:25 2017 +0000 +commit 25aae35d3d6ee86a8c4c0b1896acafc1eab30172 +Author: markus@openbsd.org +Date: Mon Jan 8 15:14:44 2018 +0000 upstream commit - unconditionally zero init size of buffer; ok markus@ - deraadt@ + uuencode.h is not used - Upstream-ID: 218963e846d8f26763ba25afe79294547b99da29 + OpenBSD-Commit-ID: 238eb4659f3c119904326b9e94a5e507a912796c -commit 65eb8fae0d7ba45ef4483a3cf0ae7fd0dbc7c226 +commit 4f29309c4cb19bcb1774931db84cacc414f17d29 Author: Damien Miller -Date: Thu Jun 1 16:25:09 2017 +1000 +Date: Wed Jan 3 19:50:43 2018 +1100 - avoid compiler warning + unbreak fuzz harness -commit 2d75d74272dc2a0521fce13cfe6388800c9a2406 +commit f6b50bf84dc0b61f22c887c00423e0ea7644e844 Author: djm@openbsd.org -Date: Thu Jun 1 06:16:43 2017 +0000 +Date: Thu Dec 21 05:46:35 2017 +0000 upstream commit - some warnings spotted by clang; ok markus@ + another libssh casualty - Upstream-ID: 24381d68ca249c5cee4388ceb0f383fa5b43991b + OpenBSD-Regress-ID: 839b970560246de23e7c50215095fb527a5a83ec -commit 151c6e433a5f5af761c78de87d7b5d30a453cf5e -Author: Damien Miller -Date: Thu Jun 1 15:25:13 2017 +1000 +commit 5fb4fb5a0158318fb8ed7dbb32f3869bbf221f13 +Author: djm@openbsd.org +Date: Thu Dec 21 03:01:49 2017 +0000 - add recallocarray replacement and dependency + upstream commit - recallocarray() needs getpagesize() so add a tiny replacement for that. - -commit 01e6f78924da308447e71e9a32c8a6104ef4e888 -Author: Damien Miller -Date: Thu Jun 1 15:16:24 2017 +1000 - - add *.0 manpage droppings + missed one (unbreak after ssh/lib removal) + + OpenBSD-Regress-ID: cfdd132143131769e2d2455e7892b5d55854c322 -commit 4b2e2d3fd9dccff357e1e26ce9a5f2e103837a36 +commit e6c4134165d05447009437a96e7201276688807f Author: djm@openbsd.org -Date: Thu Jun 1 04:51:58 2017 +0000 +Date: Thu Dec 21 00:41:22 2017 +0000 upstream commit - fix casts re constness + unbreak unit tests after removal of src/usr.bin/ssh/lib - Upstream-ID: e38f2bac162b37dbaf784d349c8327a6626fa266 + OpenBSD-Regress-ID: 3a79760494147b20761cbd2bd5c20e86c63dc8f9 -commit 75b8af8de805c0694b37fcf80ce82783b2acc86f -Author: markus@openbsd.org -Date: Wed May 31 10:54:00 2017 +0000 +commit d45d69f2a937cea215c7f0424e5a4677b6d8c7fe +Author: djm@openbsd.org +Date: Thu Dec 21 00:00:28 2017 +0000 upstream commit - make sure we don't pass a NULL string to vfprintf - (triggered by the principals-command regress test); ok bluhm + revert stricter key type / signature type checking in + userauth path; too much software generates inconsistent messages, so we need + a better plan. - Upstream-ID: eb49854f274ab37a0b57056a6af379a0b7111990 + OpenBSD-Commit-ID: 4a44ddc991c803c4ecc8f1ad40e0ab4d22e1c519 -commit 84008608c9ee944d9f72f5100f31ccff743b10f2 -Author: markus@openbsd.org -Date: Wed May 31 10:04:29 2017 +0000 +commit c5a6cbdb79752f7e761074abdb487953ea6db671 +Author: djm@openbsd.org +Date: Tue Dec 19 00:49:30 2017 +0000 upstream commit - use SO_ZEROIZE for privsep communication (if available) + explicitly test all key types and their certificate + counterparts - Upstream-ID: abcbb6d2f8039fc4367a6a78096e5d5c39de4a62 + refactor a little + + OpenBSD-Regress-ID: e9ecd5580821b9ef8b7106919c6980d8e45ca8c4 -commit 9e509d4ec97cb3d71696f1a2f1fdad254cbbce11 -Author: deraadt@openbsd.org -Date: Wed May 31 09:15:42 2017 +0000 +commit f689adb7a370b5572612d88be9837ca9aea75447 +Author: dtucker@openbsd.org +Date: Mon Dec 11 11:41:56 2017 +0000 upstream commit - Switch to recallocarray() for a few operations. Both - growth and shrinkage are handled safely, and there also is no need for - preallocation dances. Future changes in this area will be less error prone. - Review and one bug found by markus + use cmp in a loop instead of diff -N to compare + directories. The former works on more platforms for Portable. - Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065 + OpenBSD-Regress-ID: c3aa72807f9c488e8829a26ae50fe5bcc5b57099 -commit dc5dc45662773c0f7745c29cf77ae2d52723e55e -Author: deraadt@openbsd.org -Date: Wed May 31 08:58:52 2017 +0000 +commit 748dd8e5de332b24c40f4b3bbedb902acb048c98 +Author: Damien Miller +Date: Tue Dec 19 16:17:59 2017 +1100 - upstream commit - - These shutdown() SHUT_RDWR are not needed before close() - ok djm markus claudio - - Upstream-ID: 36f13ae4ba10f5618cb9347933101eb4a98dbcb5 + remove blocks.c from Makefile -commit 1e0cdf8efb745d0d1116e1aa22bdc99ee731695e -Author: markus@openbsd.org -Date: Wed May 31 08:09:45 2017 +0000 +commit 278856320520e851063b06cef6ef1c60d4c5d652 +Author: djm@openbsd.org +Date: Tue Dec 19 00:24:34 2017 +0000 upstream commit - clear session keys from memory; ok djm@ + include signature type and CA key (if applicable) in some + debug messages - Upstream-ID: ecd178819868975affd5fd6637458b7c712b6a0f + OpenBSD-Commit-ID: b71615cc20e78cec7105bb6e940c03ce9ae414a5 -commit 92e9fe633130376a95dd533df6e5e6a578c1e6b8 -Author: markus@openbsd.org -Date: Wed May 31 07:00:13 2017 +0000 +commit 7860731ef190b52119fa480f8064ab03c44a120a +Author: djm@openbsd.org +Date: Mon Dec 18 23:16:23 2017 +0000 upstream commit - remove now obsolete ctx from ssh_dispatch_run; ok djm@ + unbreak hostkey rotation; attempting to sign with a + desired signature algorithm of kex->hostkey_alg is incorrect when the key + type isn't capable of making those signatures. ok markus@ - Upstream-ID: 9870aabf7f4d71660c31fda91b942b19a8e68d29 + OpenBSD-Commit-ID: 35ae46864e1f5859831ec0d115ee5ea50953a906 -commit 17ad5b346043c5bbc5befa864d0dbeb76be39390 -Author: markus@openbsd.org -Date: Wed May 31 05:34:14 2017 +0000 +commit 966ef478339ad5e631fb684d2a8effe846ce3fd4 +Author: djm@openbsd.org +Date: Mon Dec 18 23:14:34 2017 +0000 upstream commit - use the ssh_dispatch_run_fatal variant + log mismatched RSA signature types; ok markus@ - Upstream-ID: 28c5b364e37c755d1b22652b8cd6735a05c625d8 + OpenBSD-Commit-ID: 381bddfcc1e297a42292222f3bcb5ac2b7ea2418 -commit 39896b777320a6574dd06707aebac5fb98e666da +commit 349ecd4da3a985359694a74635748009be6baca6 Author: djm@openbsd.org -Date: Wed May 31 05:08:46 2017 +0000 +Date: Mon Dec 18 23:13:42 2017 +0000 upstream commit - another ctx => ssh conversion (in GSSAPI code) + pass kex->hostkey_alg and kex->hostkey_nid from pre-auth + to post-auth unpriviledged child processes; ok markus@ - Upstream-ID: 4d6574c3948075c60608d8e045af42fe5b5d8ae0 + OpenBSD-Commit-ID: 4a35bc7af0a5f8a232d1361f79f4ebc376137302 -commit 6116bd4ed354a71a733c8fd0f0467ce612f12911 -Author: Damien Miller -Date: Wed May 31 14:56:07 2017 +1000 +commit c9e37a8725c083441dd34a8a53768aa45c3c53fe +Author: millert@openbsd.org +Date: Mon Dec 18 17:28:54 2017 +0000 - fix conversion of kexc25519s.c to struct ssh too + upstream commit - git cvsimport missed this commit for some reason + Add helper function for uri handing in scp where a + missing path simply means ".". Also fix exit code and add warnings when an + invalid uri is encountered. OK otto@ + + OpenBSD-Commit-ID: 47dcf872380586dabf7fcc6e7baf5f8ad508ae1a -commit d40dbdc85b6fb2fd78485ba02225511b8cbf20d7 +commit 04c7e28f83062dc42f2380d1bb3a6bf0190852c0 Author: djm@openbsd.org -Date: Wed May 31 04:29:44 2017 +0000 +Date: Mon Dec 18 02:25:15 2017 +0000 upstream commit - spell out that custom options/extensions should follow the - usual SSH naming rules, e.g. "extension@example.com" + pass negotiated signing algorithm though to + sshkey_verify() and check that the negotiated algorithm matches the type in + the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@ - Upstream-ID: ab326666d2fad40769ec96b5a6de4015ffd97b8d + OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9 -commit 2a108277f976e8d0955c8b29d1dfde04dcbb3d5b +commit 931c78dfd7fe30669681a59e536bbe66535f3ee9 Author: djm@openbsd.org -Date: Wed May 31 04:17:12 2017 +0000 +Date: Mon Dec 18 02:22:29 2017 +0000 upstream commit - one more void *ctx => struct ssh *ssh conversion + sshkey_sigtype() function to return the type of a + signature; ok markus@ - Upstream-ID: d299d043471c10214cf52c03daa10f1c232759e2 + OpenBSD-Commit-ID: d3772b065ad6eed97285589bfb544befed9032e8 -commit c04e979503e97f52b750d3b98caa6fe004ab2ab9 -Author: djm@openbsd.org -Date: Wed May 31 00:43:04 2017 +0000 +commit 4cdc5956f2fcc9e9078938db833142dc07d8f523 +Author: naddy@openbsd.org +Date: Thu Dec 14 21:07:39 2017 +0000 upstream commit - fix possible OOB strlen() in SOCKS4A hostname parsing; - ok markus@ + Replace ED25519's private SHA-512 implementation with a + call to the regular digest code. This speeds up compilation considerably. ok + markus@ - Upstream-ID: c67297cbeb0e5a19d81752aa18ec44d31270cd11 + OpenBSD-Commit-ID: fcce8c3bcfe7389462a28228f63c823e80ade41c -commit a3bb250c93bfe556838c46ed965066afce61cffa -Author: jmc@openbsd.org -Date: Tue May 30 19:38:17 2017 +0000 +commit 012e5cb839faf76549e3b6101b192fe1a74d367e +Author: naddy@openbsd.org +Date: Tue Dec 12 15:06:12 2017 +0000 upstream commit - tweak previous; + Create a persistent umac128.c source file: #define the + output size and the name of the entry points for UMAC-128 before including + umac.c. Idea from FreeBSD. ok dtucker@ - Upstream-ID: 66987651046c42d142f7318c9695fb81a6d14031 + OpenBSD-Commit-ID: 463cfacfa07cb8060a4d4961e63dca307bf3f4b1 -commit 1112b534a6a7a07190e497e6bf86b0d5c5fb02dc -Author: bluhm@openbsd.org -Date: Tue May 30 18:58:37 2017 +0000 +commit b35addfb4cd3b5cdb56a2a489d38e940ada926c7 +Author: Darren Tucker +Date: Mon Dec 11 16:23:28 2017 +1100 - upstream commit - - Add RemoteCommand option to specify a command in the - ssh config file instead of giving it on the client's command line. This - command will be executed on the remote host. The feature allows to automate - tasks using ssh config. OK markus@ + Update .depend with empty config.h + +commit 2d96f28246938e0ca474a939d8ac82ecd0de27e3 +Author: Darren Tucker +Date: Mon Dec 11 16:21:55 2017 +1100 + + Ensure config.h is always in dependencies. - Upstream-ID: 5d982fc17adea373a9c68cae1021ce0a0904a5ee + Put an empty config.h into the dependency list to ensure that it's + always listed and consistent. -commit eb272ea4099fd6157846f15c129ac5727933aa69 -Author: markus@openbsd.org -Date: Tue May 30 14:29:59 2017 +0000 +commit ac4987a55ee5d4dcc8e87f7ae7c1f87be7257d71 +Author: deraadt@openbsd.org +Date: Sun Dec 10 19:37:57 2017 +0000 upstream commit - switch auth2 to ssh_dispatch API; ok djm@ + ssh/lib hasn't worked towards our code-sharing goals for + a quit while, perhaps it is too verbose? Change each */Makefile to + specifying exactly what sources that program requires, compiling it seperate. + Maybe we'll iterate by sorting those into seperatable chunks, splitting up + files which contain common code + server/client specific code, or whatnot. + But this isn't one step, or we'd have done it a long time ago.. ok dtucker + markus djm - Upstream-ID: a752ca19e2782900dd83060b5c6344008106215f + OpenBSD-Commit-ID: 5317f294d63a876bfc861e19773b1575f96f027d -commit 5a146bbd4fdf5c571f9fb438e5210d28cead76d9 -Author: markus@openbsd.org -Date: Tue May 30 14:27:22 2017 +0000 +commit 48c23a39a8f1069a57264dd826f6c90aa12778d5 +Author: dtucker@openbsd.org +Date: Sun Dec 10 05:55:29 2017 +0000 upstream commit - switch auth2-none.c to modern APIs; ok djm@ + Put remote client info back into the ClientAlive + connection termination message. Based in part on diff from lars.nooden at + gmail, ok djm - Upstream-ID: 07252b58e064d332214bcabbeae8e08c44b2001b + OpenBSD-Commit-ID: 80a0f619a29bbf2f32eb5297a69978a0e05d0ee0 -commit 60306b2d2f029f91927c6aa7c8e08068519a0fa2 -Author: markus@openbsd.org -Date: Tue May 30 14:26:49 2017 +0000 +commit aabd75ec76575c1b17232e6526a644097cd798e5 +Author: deraadt@openbsd.org +Date: Fri Dec 8 03:45:52 2017 +0000 upstream commit - switch auth2-passwd.c to modern APIs; ok djm@ + time_t printing needs %lld and (long long) casts ok djm - Upstream-ID: cba0a8b72b4f97adfb7e3b3fd2f8ba3159981fc7 + OpenBSD-Commit-ID: 4a93bc2b0d42a39b8f8de8bb74d07ad2e5e83ef7 -commit eb76698b91338bd798c978d4db2d6af624d185e4 -Author: markus@openbsd.org -Date: Tue May 30 14:25:42 2017 +0000 +commit fd4eeeec16537870bd40d04836c7906ec141c17d +Author: djm@openbsd.org +Date: Fri Dec 8 02:14:33 2017 +0000 upstream commit - switch auth2-hostbased.c to modern APIs; ok djm@ + fix ordering in previous to ensure errno isn't clobbered + before logging. - Upstream-ID: 146af25c36daeeb83d5dbbb8ca52b5d25de88f4e + OpenBSD-Commit-ID: e260bc1e145a9690dcb0d5aa9460c7b96a0c8ab2 -commit 2ae666a8fc20b3b871b2f1b90ad65cc027336ccd -Author: markus@openbsd.org -Date: Tue May 30 14:23:52 2017 +0000 +commit 155072fdb0d938015df828836beb2f18a294ab8a +Author: djm@openbsd.org +Date: Fri Dec 8 02:13:02 2017 +0000 upstream commit - protocol handlers all get struct ssh passed; ok djm@ + for some reason unix_listener() logged most errors twice + with each message containing only some of the useful information; merge these - Upstream-ID: 0ca9ea2a5d01a6d2ded94c5024456a930c5bfb5d + OpenBSD-Commit-ID: 1978a7594a9470c0dddcd719586066311b7c9a4a -commit 94583beb24a6c5fd19cedb9104ab2d2d5cd052b6 -Author: markus@openbsd.org -Date: Tue May 30 14:19:15 2017 +0000 +commit 79c0e1d29959304e5a49af1dbc58b144628c09f3 +Author: Darren Tucker +Date: Mon Dec 11 14:38:33 2017 +1100 - upstream commit + Add autogenerated dependency info to Makefile. - ssh: pass struct ssh to auth functions, too; ok djm@ + Adds a .depend file containing dependency information generated by + makedepend, which is appended to the generated Makefile by configure. - Upstream-ID: d13c509cc782f8f19728fbea47ac7cf36f6e85dd + You can regen the file with "make -f Makefile.in depend" if necessary, + but we'll be looking at some way to automatically keep this up to date. + + "no objection" djm@ -commit 5f4082d886c6173b9e90b9768c9a38a3bfd92c2b -Author: markus@openbsd.org -Date: Tue May 30 14:18:15 2017 +0000 +commit f001de8fbf7f3faddddd8efd03df18e57601f7eb +Author: Darren Tucker +Date: Mon Dec 11 13:42:51 2017 +1100 - upstream commit - - sshd: pass struct ssh to auth functions; ok djm@ + Fix pasto in ldns handling. - Upstream-ID: b00a80c3460884ebcdd14ef550154c761aebe488 + When ldns-config is not found, configure would check the wrong variable. + ok djm@ -commit 7da5df11ac788bc1133d8d598d298e33500524cc -Author: markus@openbsd.org -Date: Tue May 30 14:16:41 2017 +0000 +commit c5bfe83f67cb64e71cf2fe0d1500f6904b0099ee +Author: Darren Tucker +Date: Sat Dec 9 10:12:23 2017 +1100 + + Portable switched to git so s/CVS/git/. + +commit bb82e61a40a4ee52e4eb904caaee2c27b763ab5b +Author: Darren Tucker +Date: Sat Dec 9 08:06:00 2017 +1100 + + Remove now-used check for perl. + +commit e0ce54c0b9ca3a9388f9c50f4fa6cc25c28a3240 +Author: djm@openbsd.org +Date: Wed Dec 6 05:06:21 2017 +0000 upstream commit - remove unused wrapper functions from key.[ch]; ok djm@ + don't accept junk after "yes" or "no" responses to + hostkey prompts. bz#2803 reported by Maksim Derbasov; ok dtucker@ - Upstream-ID: ea0f4016666a6817fc11f439dd4be06bab69707e + OpenBSD-Commit-ID: e1b159fb2253be973ce25eb7a7be26e6f967717c -commit ff7371afd08ac0bbd957d90451d4dcd0da087ef5 -Author: markus@openbsd.org -Date: Tue May 30 14:15:17 2017 +0000 +commit 609d96b3d58475a15b2eb6b3d463f2c5d8e510c0 +Author: dtucker@openbsd.org +Date: Tue Dec 5 23:59:47 2017 +0000 upstream commit - sshkey_new() might return NULL (pkcs#11 code only); ok - djm@ + Replace atoi and strtol conversions for integer arguments + to config keywords with a checking wrapper around strtonum. This will + prevent and flag invalid and negative arguments to these keywords. ok djm@ - Upstream-ID: de9f2ad4a42c0b430caaa7d08dea7bac943075dd + OpenBSD-Commit-ID: 99ae3981f3d608a219ccb8d2fff635ae52c17998 -commit beb965bbc5a984fa69fb1e2b45ebe766ae09d1ef -Author: markus@openbsd.org -Date: Tue May 30 14:13:40 2017 +0000 +commit 168ecec13f9d7cb80c07df3bf7d414f4e4165e84 +Author: dtucker@openbsd.org +Date: Tue Dec 5 23:56:07 2017 +0000 upstream commit - switch sshconnect.c to modern APIs; ok djm@ + Add missing break for rdomain. Prevents spurious + "Deprecated option" warnings. ok djm@ - Upstream-ID: 27be17f84b950d5e139b7a9b281aa487187945ad + OpenBSD-Commit-ID: ba28a675d39bb04a974586241c3cba71a9c6099a -commit 00ed75c92d1f95fe50032835106c368fa22f0f02 -Author: markus@openbsd.org -Date: Tue May 30 14:10:53 2017 +0000 +commit 927f8514ceffb1af380a5f63ab4d3f7709b1b198 +Author: djm@openbsd.org +Date: Tue Dec 5 01:30:19 2017 +0000 upstream commit - switch auth2-pubkey.c to modern APIs; with & ok djm@ + include the addr:port in bind/listen failure messages - Upstream-ID: 8f08d4316eb1b0c4ffe4a206c05cdd45ed1daf07 + OpenBSD-Commit-ID: fdadb69fe1b38692608809cf0376b71c2c28e58e -commit 54d90ace1d3535b44d92a8611952dc109a74a031 -Author: markus@openbsd.org -Date: Tue May 30 08:52:19 2017 +0000 +commit a8c89499543e2d889629c4e5e8dcf47a655cf889 +Author: dtucker@openbsd.org +Date: Wed Nov 29 05:49:54 2017 +0000 upstream commit - switch from Key typedef with struct sshkey; ok djm@ + Import updated moduli. - Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f + OpenBSD-Commit-ID: 524d210f982af6007aa936ca7f4c977f4d32f38a -commit c221219b1fbee47028dcaf66613f4f8d6b7640e9 -Author: markus@openbsd.org -Date: Tue May 30 08:49:58 2017 +0000 +commit 3dde09ab38c8e1cfc28252be473541a81bc57097 +Author: dtucker@openbsd.org +Date: Tue Nov 28 21:10:22 2017 +0000 upstream commit - remove ssh1 references; ok djm@ + Have sftp print a warning about shell cleanliness when + decoding the first packet fails, which is usually caused by shells polluting + stdout of non-interactive starups. bz#2800, ok markus@ deraadt@. - Upstream-ID: fc23b7578e7b0a8daaec72946d7f5e58ffff5a3d + OpenBSD-Commit-ID: 88d6a9bf3470f9324b76ba1cbd53e50120f685b5 -commit afbfa68fa18081ef05a9cd294958509a5d3cda8b -Author: markus@openbsd.org -Date: Tue May 30 08:49:32 2017 +0000 +commit 6c8a246437f612ada8541076be2414846d767319 +Author: Darren Tucker +Date: Fri Dec 1 17:11:47 2017 +1100 - upstream commit + Replace mkinstalldirs with mkdir -p. - revise sshkey_load_public(): remove ssh1 related - comments, remove extra open()/close() on keyfile, prevent leak of 'pub' if - 'keyp' is NULL, replace strlcpy+cat with asprintf; ok djm@ + Check for MIKDIR_P and use it instead of mkinstalldirs. Should fix "mkdir: + cannot create directory:... File exists" during "make install". + Patch from eb at emlix.com. + +commit 3058dd78d2e43ed0f82ad8eab8bb04b043a72023 +Author: Darren Tucker +Date: Fri Dec 1 17:07:08 2017 +1100 + + Pull in newer install-sh from autoconf-2.69. - Upstream-ID: 6175e47cab5b4794dcd99c1175549a483ec673ca + Suggested by eb at emlix.com -commit 813f55336a24fdfc45e7ed655fccc7d792e8f859 -Author: markus@openbsd.org -Date: Fri May 26 20:34:49 2017 +0000 +commit 79226e5413c5b0fda3511351a8511ff457e306d8 +Author: Darren Tucker +Date: Fri Dec 1 16:55:35 2017 +1100 + + Remove RSA1 host key generation. + + SSH1 support is now gone, remove SSH1 key generation. + Patch from eb at emlix.com. + +commit 2937dd02c572a12f33d5c334d518f6cbe0b645eb +Author: djm@openbsd.org +Date: Tue Nov 28 06:09:38 2017 +0000 upstream commit - sshbuf_consume: reset empty buffer; ok djm@ + more whitespace errors - Upstream-ID: 0d4583ba57f69e369d38bbd7843d85cac37fa821 + OpenBSD-Commit-ID: 5e11c125378327b648940b90145e0d98beb05abb -commit 6cf711752cc2a7ffaad1fb4de18cae65715ed8bb -Author: markus@openbsd.org -Date: Fri May 26 19:35:50 2017 +0000 +commit 7f257bf3fd3a759f31098960cbbd1453fafc4164 +Author: djm@openbsd.org@openbsd.org +Date: Tue Nov 28 06:04:51 2017 +0000 upstream commit - remove SSH_CHANNEL_XXX_DRAINING (ssh1 only); ok djm@ + whitespace at EOL - Upstream-ID: e2e225b6ac67b84dd024f38819afff2554fafe42 + OpenBSD-Commit-ID: 76d3965202b22d59c2784a8df3a8bfa5ee67b96a -commit 364f0d5edea27767fb0f915ea7fc61aded88d3e8 -Author: markus@openbsd.org -Date: Fri May 26 19:34:12 2017 +0000 +commit 5db6fbf1438b108e5df3e79a1b4de544373bc2d4 +Author: dtucker@openbsd.org@openbsd.org +Date: Sat Nov 25 06:46:22 2017 +0000 upstream commit - remove channel_input_close_confirmation (ssh1 only); ok - djm@ + Add monotime_ts and monotime_tv that return monotonic + timespec and timeval respectively. Replace calls to gettimeofday() in packet + timing with monotime_tv so that the callers will work over a clock step. + Should prevent integer overflow during clock steps reported by wangle6 at + huawei.com. "I like" markus@ - Upstream-ID: 8e7c8c38f322d255bb0294a5c0ebef53fdf576f1 + OpenBSD-Commit-ID: 74d684264814ff806f197948b87aa732cb1b0b8a -commit 8ba0fd40082751dbbc23a830433488bbfb1abdca -Author: djm@openbsd.org -Date: Fri May 26 01:40:07 2017 +0000 +commit 2d638e986085bdf1a40310ed6e2307463db96ea0 +Author: dtucker@openbsd.org@openbsd.org +Date: Sat Nov 25 05:58:47 2017 +0000 upstream commit - fix references to obsolete v00 cert format; spotted by - Jakub Jelen + Remove get_current_time() and replace with calls to + monotime_double() which uses CLOCK_MONOTONIC and works over clock steps. "I + like" markus@ - Upstream-ID: 7600ce193ab8fd19451acfe24fc2eb39d46b2c4f + OpenBSD-Commit-ID: 3ad2f7d2414e2cfcaef99877a7a5b0baf2242952 -commit dcc714c65cfb81eb6903095b4590719e8690f3da -Author: Mike Frysinger -Date: Wed May 24 23:21:19 2017 -0400 +commit ba460acae48a36ef749cb23068f968f4d5d90a24 +Author: Darren Tucker +Date: Fri Nov 24 16:24:31 2017 +1100 - configure: actually set cache vars when cross-compiling + Include string.h for explicit_bzero. + +commit a65655fb1a12b77fb22f9e71559b9d73030ec8ff +Author: Damien Miller +Date: Fri Nov 24 10:23:47 2017 +1100 + + fix incorrect range of OpenSSL versions supported - The cross-compiling fallback message says it's assuming the test - passed, but it didn't actually set the cache var which causes - later tests to fail. + Pointed out by Solar Designer -commit 947a3e829a5b8832a4768fd764283709a4ca7955 -Author: djm@openbsd.org -Date: Sat May 20 02:35:47 2017 +0000 +commit 83a1e5dbec52d05775174f368e0c44b08619a308 +Author: djm@openbsd.org@openbsd.org +Date: Wed Nov 15 02:10:16 2017 +0000 upstream commit - there's no reason to artificially limit the key path - here, just check that it fits PATH_MAX; spotted by Matthew Patton + downgrade a couple more request parsing errors from + process-fatal to just returning failure, making them consistent with the + others that were already like that. - Upstream-ID: 858addaf2009c9cf04d80164a41b2088edb30b58 + OpenBSD-Commit-ID: c111461f7a626690a2d53018ef26557b34652918 -commit 773224802d7cb250bb8b461546fcce10567b4b2e -Author: djm@openbsd.org -Date: Fri May 19 21:07:17 2017 +0000 +commit 93c68a8f3da8e5e6acdc3396f54d73919165e242 +Author: djm@openbsd.org@openbsd.org +Date: Wed Nov 15 00:13:40 2017 +0000 upstream commit - Now that we no longer support SSHv1, replace the contents - of this file with a pointer to - https://tools.ietf.org/html/draft-miller-ssh-agent-00 It's better edited, - doesn't need to document stuff we no longer implement and does document stuff - that we do implement (RSA SHA256/512 signature flags) + fix regression in 7.6: failure to parse a signature request + message shouldn't be fatal to the process, just the request. Reported by Ron + Frederick - Upstream-ID: da8cdc46bbcc266efabd565ddddd0d8e556f846e + OpenBSD-Commit-ID: e5d01b3819caa1a2ad51fc57d6ded43f48bbcc05 -commit 54cd41a4663fad66406dd3c8fe0e4760ccd8a899 -Author: djm@openbsd.org -Date: Wed May 17 01:24:17 2017 +0000 +commit 548d3a66feb64c405733932a6b1abeaf7198fa71 +Author: djm@openbsd.org@openbsd.org +Date: Tue Nov 14 00:45:29 2017 +0000 upstream commit - allow LogLevel in sshd_config Match blocks; ok dtucker - bz#2717 + fix problem in configuration parsing when in config dump mode + (sshd -T) without providing a full connection specification (sshd -T -C ...) - Upstream-ID: 662e303be63148f47db1aa78ab81c5c2e732baa8 + spotted by bluhm@ + + OpenBSD-Commit-ID: 7125faf5740eaa9d3a2f25400a0bc85e94e28b8f -commit 277abcda3f1b08d2376686f0ef20320160d4c8ab -Author: djm@openbsd.org -Date: Tue May 16 16:56:15 2017 +0000 +commit 33edb6ebdc2f81ebed1bceadacdfb8910b64fb88 +Author: djm@openbsd.org@openbsd.org +Date: Fri Nov 3 05:18:44 2017 +0000 upstream commit - remove duplicate check; spotted by Jakub Jelen + reuse parse_multistate for parse_flag (yes/no arguments). + Saves a few lines of code and makes the parser more consistent wrt case- + sensitivity. bz#2664 ok dtucker@ - Upstream-ID: 30c2996c1767616a8fdc49d4cee088efac69c3b0 + OpenBSD-Commit-ID: b2ad1b6086858d5db71c7b11e5a74dba6d60efef -commit adb47ce839c977fa197e770c1be8f852508d65aa -Author: djm@openbsd.org -Date: Tue May 16 16:54:05 2017 +0000 +commit d52131a98316e76c0caa348f09bf6f7b9b01a1b9 +Author: djm@openbsd.org@openbsd.org +Date: Fri Nov 3 05:14:04 2017 +0000 upstream commit - mention that Ed25519 keys are valid as CA keys; spotted - by Jakub Jelen + allow certificate validity intervals that specify only a + start or stop time (we already support specifying both or neither) - Upstream-ID: d3f6db58b30418cb1c3058211b893a1ffed3dfd4 - -commit 6bdf70f01e700348bb4d8c064c31a0ab90896df6 -Author: Damien Miller -Date: Tue May 9 14:35:03 2017 +1000 - - clean up regress files and add a .gitignore + OpenBSD-Commit-ID: 9be486545603c003030bdb5c467d1318b46b4e42 -commit 7bdb2eeb1d3c26acdc409bd94532eefa252e440b -Author: djm@openbsd.org -Date: Mon May 8 22:57:38 2017 +0000 +commit fbe8e7ac94c2fa380421a9205a8bc966549c2f91 +Author: djm@openbsd.org@openbsd.org +Date: Fri Nov 3 03:46:52 2017 +0000 upstream commit - remove hmac-ripemd160; ok dtucker + allow "cd" and "lcd" commands with no explicit path + argument. lcd will change to the local user's home directory as usual. cd + will change to the starting directory for session (because the protocol + offers no way to obtain the remote user's home directory). bz#2760 ok + dtucker@ - Upstream-ID: 896e737ea0bad6e23327d1c127e02d5e9e9c654d + OpenBSD-Commit-ID: 15333f5087cee8c1ed1330cac1bd0a3e6a767393 -commit 5f02bb1f99f70bb422be8a5c2b77ef853f1db554 -Author: djm@openbsd.org -Date: Mon May 8 06:11:06 2017 +0000 +commit 0208a48517b5e8e8b091f32fa4addcd67c31ca9e +Author: dtucker@openbsd.org@openbsd.org +Date: Fri Nov 3 03:18:53 2017 +0000 upstream commit - make requesting bad ECDSA bits yield the same error - (SSH_ERR_KEY_LENGTH) as the same mistake for RSA/DSA + When doing a config test with sshd -T, only require the + attributes that are actually used in Match criteria rather than (an + incomplete list of) all criteria. ok djm@, man page help jmc@ - Upstream-ID: bf40d3fee567c271e33f05ef8e4e0fa0b6f0ece6 + OpenBSD-Commit-ID: b4e773c4212d3dea486d0259ae977551aab2c1fc -commit d757a4b633e8874629a1442c7c2e7b1b55d28c19 -Author: djm@openbsd.org -Date: Mon May 8 06:08:42 2017 +0000 +commit c357eed5a52cd2f4ff358b17e30e3f9a800644da +Author: djm@openbsd.org@openbsd.org +Date: Fri Nov 3 02:32:19 2017 +0000 upstream commit - fix for new SSH_ERR_KEY_LENGTH error value + typos in ECDSA certificate names; bz#2787 reported by + Mike Gerow - Upstream-Regress-ID: c38a6e6174d4c3feca3518df150d4fbae0dca8dc + OpenBSD-Commit-ID: 824938b6aba1b31321324ba1f56c05f84834b163 -commit 2e58a69508ac49c02d1bb6057300fa6a76db1045 -Author: djm@openbsd.org -Date: Mon May 8 06:03:39 2017 +0000 +commit ecbf005b8fd80b81d0c61dfc1e96fe3da6099395 +Author: djm@openbsd.org@openbsd.org +Date: Fri Nov 3 02:29:17 2017 +0000 upstream commit - helps if I commit the correct version of the file. fix - missing return statement. + Private keys in PEM format have been encrypted by AES-128 for + a while (not 3DES). bz#2788 reported by Calum Mackay - Upstream-ID: c86394a3beeb1ec6611e659bfa830254f325546c + OpenBSD-Commit-ID: bd33da7acbbb3c882f0a0ee56007a35ce0d8a11a -commit effaf526bfa57c0ac9056ca236becf52385ce8af -Author: djm@openbsd.org -Date: Mon May 8 01:52:49 2017 +0000 +commit 81c9ccdbf6ddbf9bfbd6f1f775a5a7c13e47e185 +Author: Darren Tucker +Date: Fri Nov 3 14:52:51 2017 +1100 - upstream commit + Check for linux/if.h when enabling rdomain. - remove arcfour, blowfish and CAST here too + musl libc doesn't seem to have linux/if.h, so check for its presence + before enabling rdomain support on Linux. + +commit fa1b834cce41a1ce3e6a8d57fb67ef18c9dd803f +Author: Darren Tucker +Date: Fri Nov 3 14:09:45 2017 +1100 + + Add headers for sys/sysctl.h and net/route.h - Upstream-Regress-ID: c613b3bcbef75df1fe84ca4dc2d3ef253dc5e920 + On at least older OpenBSDs, sys/sysctl.h and net/route.h require + sys/types and, in the case of sys/sysctl.h, sys/param.h for MAXLOGNAME. -commit 7461a5bc571696273252df28a1f1578968cae506 -Author: djm@openbsd.org -Date: Mon May 8 00:21:36 2017 +0000 +commit 41bff4da21fcd8a7c6a83a7e0f92b018f904f6fb +Author: djm@openbsd.org@openbsd.org +Date: Fri Nov 3 02:22:41 2017 +0000 upstream commit - I was too aggressive with the scalpel in the last commit; - unbreak sshd, spotted quickly by naddy@ + avoid unused variable warnings for !WITH_OPENSSL; patch from + Marcus Folkesson - Upstream-ID: fb7e75d2b2c7e6ca57dee00ca645e322dd49adbf + OpenBSD-Commit-ID: c01d27a3f907acdc3dd4ea48170fac3ba236d229 -commit bd636f40911094a39c2920bf87d2ec340533c152 -Author: djm@openbsd.org -Date: Sun May 7 23:15:59 2017 +0000 +commit 6b373e4635a7470baa94253dd1dc8953663da9e8 +Author: Marcus Folkesson +Date: Sat Oct 28 19:48:39 2017 +0200 - upstream commit + only enable functions in dh.c when openssl is used - Refuse RSA keys <1024 bits in length. Improve reporting - for keys that do not meet this requirement. ok markus@ - - Upstream-ID: b385e2a7b13b1484792ee681daaf79e1e203df6c + Signed-off-by: Marcus Folkesson -commit 70c1218fc45757a030285051eb4d209403f54785 -Author: djm@openbsd.org -Date: Sun May 7 23:13:42 2017 +0000 +commit 939b30ba23848b572e15bf92f0f1a3d9cf3acc2b +Author: djm@openbsd.org@openbsd.org +Date: Wed Nov 1 00:04:15 2017 +0000 upstream commit - Don't offer CBC ciphers by default in the client. ok - markus@ + fix broken stdout in ControlPersist mode, introduced by me in + r1.467 and reported by Alf Schlichting - Upstream-ID: 94c9ce8d0d1a085052e11c7f3307950fdc0901ef + OpenBSD-Commit-ID: 3750a16e02108fc25f747e4ebcedb7123c1ef509 -commit acaf34fd823235d549c633c0146ee03ac5956e82 -Author: djm@openbsd.org -Date: Sun May 7 23:12:57 2017 +0000 +commit f21455a084f9cc3942cf1bde64055a4916849fed +Author: Darren Tucker +Date: Tue Oct 31 10:09:33 2017 +1100 - upstream commit + Include includes.h for HAVE_GETPAGESIZE. - As promised in last release announcement: remove - support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@ + The configure script checks for getpagesize() and sets HAVE_GETPAGESIZE in + config.h, but bsd-getpagesize.c forgot to include includes.h (which + indirectly includes config.h) so the checks always fails, causing linker + issues when linking statically on systems with getpagesize(). - Upstream-ID: 21f8facdba3fd8da248df6417000867cec6ba222 + Patch from Peter Korsgaard -commit 3e371bd2124427403971db853fb2e36ce789b6fd -Author: naddy@openbsd.org -Date: Fri May 5 10:42:49 2017 +0000 +commit f2ad63c0718b93ac1d1e85f53fee33b06eef86b5 +Author: djm@openbsd.org@openbsd.org +Date: Mon Oct 30 22:01:52 2017 +0000 upstream commit - more simplification and removal of SSHv1-related code; - ok djm@ + whitespace at EOL - Upstream-ID: d2f041aa0b79c0ebd98c68a01e5a0bfab2cf3b55 + OpenBSD-Regress-ID: f4b5df99b28c6f63478deb916c6ed0e794685f07 -commit 2e9c324b3a7f15c092d118c2ac9490939f6228fd -Author: naddy@openbsd.org -Date: Fri May 5 10:41:58 2017 +0000 +commit c6415b1f8f1d0c2735564371647fd6a177fb9a3e +Author: djm@openbsd.org@openbsd.org +Date: Mon Oct 30 21:59:43 2017 +0000 upstream commit - remove superfluous protocol 2 mentions; ok jmc@ + whitespace at EOL - Upstream-ID: 0aaf7567c9f2e50fac5906b6a500a39c33c4664d + OpenBSD-Regress-ID: 19b1394393deee4c8a2114a3b7d18189f27a15cd -commit 744bde79c3361e2153cb395a2ecdcee6c713585d -Author: djm@openbsd.org -Date: Thu May 4 06:10:57 2017 +0000 +commit e4d4ddbbba0e585ca3ec3a455430750b4622a6d3 +Author: millert@openbsd.org@openbsd.org +Date: Wed Oct 25 20:08:36 2017 +0000 upstream commit - since a couple of people have asked, leave a comment - explaining why we retain SSH v.1 support in the "delete all keys from agent" - path. + Use printenv to test whether an SSH_USER_AUTH is set + instead of using $SSH_USER_AUTH. The latter won't work with csh which treats + unknown variables as an error when expanding them. OK markus@ - Upstream-ID: 4b42dcfa339813c15fe9248a2c1b7ed41c21bbb4 + OpenBSD-Regress-ID: f601e878dd8b71aa40381573dde3a8f567e6f2d1 -commit 0c378ff6d98d80bc465a4a6a787670fb9cc701ee -Author: djm@openbsd.org -Date: Thu May 4 01:33:21 2017 +0000 +commit 116b1b439413a724ebb3320633a64dd0f3ee1fe7 +Author: millert@openbsd.org@openbsd.org +Date: Tue Oct 24 19:33:32 2017 +0000 upstream commit - another tentacle: cipher_set_key_string() was only ever - used for SSHv1 + Add tests for URI parsing. OK markus@ - Upstream-ID: 7fd31eb6c48946f7e7cc12af0699fe8eb637e94a + OpenBSD-Regress-ID: 5d1df19874f3b916d1a2256a905526e17a98bd3b -commit 9a82e24b986e3e0dc70849dbb2c19aa6c707b37f -Author: naddy@openbsd.org -Date: Wed May 3 21:49:18 2017 +0000 +commit dbe0662e9cd482593a4a8bf58c6481bfe8a747a4 +Author: djm@openbsd.org@openbsd.org +Date: Fri Oct 27 01:57:06 2017 +0000 upstream commit - restore mistakenly deleted description of the - ConnectionAttempts option ok markus@ + whitespace at EOL - Upstream-ID: 943002b1b7c470caea3253ba7b7348c359de0348 + OpenBSD-Commit-ID: c95549cf5a07d56ea11aaff818415118720214f6 -commit 768405fddf64ff83aa6ef701ebb3c1f82d98a2f3 -Author: naddy@openbsd.org -Date: Wed May 3 21:08:09 2017 +0000 +commit d2135474344335a7c6ee643b6ade6db400fa76ee +Author: djm@openbsd.org@openbsd.org +Date: Fri Oct 27 01:01:17 2017 +0000 upstream commit - remove miscellaneous SSH1 leftovers; ok markus@ + whitespace at EOL (lots) - Upstream-ID: af23696022ae4d45a1abc2fb8b490d8d9dd63b7c + OpenBSD-Commit-ID: 757257dd44116794ee1b5a45c6724973de181747 -commit 1a1b24f8229bf7a21f89df21987433283265527a -Author: jmc@openbsd.org -Date: Wed May 3 10:01:44 2017 +0000 +commit b77c29a07f5a02c7c1998701c73d92bde7ae1608 +Author: djm@openbsd.org@openbsd.org +Date: Fri Oct 27 00:18:41 2017 +0000 upstream commit - more protocol 1 bits removed; ok djm + improve printing of rdomain on accept() a little - Upstream-ID: b5b977eaf756915acb56aef3604a650e27f7c2b9 + OpenBSD-Commit-ID: 5da58db2243606899cedaa646c70201b2d12247a -commit 2b6f799e9b230cf13a7eefc05ecead7d8569d6b5 -Author: jmc@openbsd.org -Date: Wed May 3 06:32:02 2017 +0000 +commit 68d3bbb2e6dfbf117c46e942142795b2cdd0274b +Author: jmc@openbsd.org@openbsd.org +Date: Thu Oct 26 06:44:01 2017 +0000 upstream commit - more protocol 1 stuff to go; ok djm + mark up the rdomain keyword; - Upstream-ID: 307a30441d2edda480fd1661d998d36665671e47 + OpenBSD-Commit-ID: 1b597d0ad0ad20e94dbd61ca066057e6f6313b8a -commit f10c0d32cde2084d2a0b19bc47d80cb93e85a093 -Author: jmc@openbsd.org -Date: Tue May 2 17:04:09 2017 +0000 +commit 0b2e2896b9d0d6cfb59e9ec8271085296bd4e99b +Author: jmc@openbsd.org@openbsd.org +Date: Wed Oct 25 06:19:46 2017 +0000 upstream commit - rsa1 is no longer valid; + tweak the uri text, specifically removing some markup to + make it a bit more readable; - Upstream-ID: 9953d09ed9841c44b7dcf7019fa874783a709d89 + issue reported by - and diff ok - millert + + OpenBSD-Commit-ID: 8b56a20208040b2d0633536fd926e992de37ef3f -commit 42b690b4fd0faef78c4d68225948b6e5c46c5163 -Author: jmc@openbsd.org -Date: Tue May 2 14:06:37 2017 +0000 +commit 7530e77bdc9415386d2a8ea3d086e8b611b2ba40 +Author: jmc@openbsd.org@openbsd.org +Date: Wed Oct 25 06:18:06 2017 +0000 upstream commit - add PubKeyAcceptedKeyTypes to the -o list: scp(1) has - it, so i guess this should too; + simplify macros in previous, and some minor tweaks; - Upstream-ID: 7fab32e869ca5831d09ab0c40d210b461d527a2c + OpenBSD-Commit-ID: 6efeca3d8b095b76e21b484607d9cc67ac9a11ca -commit d852603214defd93e054de2877b20cc79c19d0c6 -Author: jmc@openbsd.org -Date: Tue May 2 13:44:51 2017 +0000 +commit eb9c582b710dc48976b48eb2204218f6863bae9a +Author: Damien Miller +Date: Tue Oct 31 00:46:29 2017 +1100 - upstream commit + Switch upstream git repository. - remove now obsolete protocol1 options from the -o - lists; + Previously portable OpenSSH has synced against a conversion of OpenBSD's + CVS repository made using the git cvsimport tool, but this has become + increasingly unreliable. - Upstream-ID: 828e478a440bc5f9947672c392420510a362b3dd + As of this commit, portable OpenSSH now tracks a conversion of the + OpenBSD CVS upstream made using the excellent cvs2gitdump tool from + YASUOKA Masahiko: https://github.com/yasuoka/cvs2gitdump + + cvs2gitdump is considerably more reliable than gitcvsimport and the old + version of cvsps that it uses under the hood, and is the same tool used + to export the entire OpenBSD repository to git (so we know it can cope + with future growth). + + These new conversions are mirrored at github, so interested parties can + match portable OpenSSH commits to their upstream counterparts. + + https://github.com/djmdjm/openbsd-openssh-src + https://github.com/djmdjm/openbsd-openssh-regress + + An unfortunate side effect of switching upstreams is that we must have + a flag day, across which the upstream commit IDs will be inconsistent. + The old commit IDs are recorded with the tags "Upstream-ID" for main + directory commits and "Upstream-Regress-ID" for regress commits. + + To make it clear that the commit IDs do not refer to the same + things, the new repository will instead use "OpenBSD-ID" and + "OpenBSD-Regress-ID" tags instead. + + Apart from being a longwinded explanation of what is going on, this + commit message also serves to synchronise our tools with the state of + the tree, which happens to be: + + OpenBSD-ID: 9c43a9968c7929613284ea18e9fb92e4e2a8e4c1 + OpenBSD-Regress-ID: b33b385719420bf3bc57d664feda6f699c147fef -commit 8b60ce8d8111e604c711c4cdd9579ffe0edced74 -Author: jmc@openbsd.org -Date: Tue May 2 09:05:58 2017 +0000 +commit 2de5c6b53bf063ac698596ef4e23d8e3099656ea +Author: Damien Miller +Date: Fri Oct 27 08:42:33 2017 +1100 - upstream commit + fix rdomain compilation errors + +commit 6bd5b569fd6dfd5e8c8af20bbc41e45c2d6462ab +Author: Damien Miller +Date: Wed Oct 25 14:15:42 2017 +1100 + + autoconf glue to enable Linux VRF + +commit 97c5aaf925d61641d599071abb56012cde265978 +Author: Damien Miller +Date: Wed Oct 25 14:09:56 2017 +1100 + + basic valid_rdomain() implementation for Linux + +commit ce1cca39d7935dd394080ce2df62f5ce5b51f485 +Author: Damien Miller +Date: Wed Oct 25 13:47:59 2017 +1100 + + implement get/set_rdomain() for Linux - more -O shuffle; ok djm + Not enabled, pending implementation of valid_rdomain() and autoconf glue + +commit 6eee79f9b8d4a3b113b698383948a119acb82415 +Author: Damien Miller +Date: Wed Oct 25 13:22:29 2017 +1100 + + stubs for rdomain replacement functions + +commit f5594f939f844bbb688313697d6676238da355b3 +Author: Damien Miller +Date: Wed Oct 25 13:13:57 2017 +1100 + + rename port-tun.[ch] => port-net.[ch] - Upstream-ID: c239991a3a025cdbb030b73e990188dd9bfbeceb + Ahead of adding rdomain support -commit 3575f0b12afe6b561681582fd3c34067d1196231 +commit d685e5a31feea35fb99e1a31a70b3c60a7f2a0eb Author: djm@openbsd.org -Date: Tue May 2 08:54:19 2017 +0000 +Date: Wed Oct 25 02:10:39 2017 +0000 upstream commit - remove -1 / -2 options; pointed out by jmc@ + uninitialised variable in PermitTunnel printing code - Upstream-ID: 65d2a816000741a95df1c7cfdb5fa8469fcc7daa + Upstream-ID: f04dc33e42855704e116b8da61095ecc71bc9e9a -commit 4f1ca823bad12e4f9614895eefe0d0073b84a28f -Author: jmc@openbsd.org -Date: Tue May 2 08:06:33 2017 +0000 +commit 43c29bb7cfd46bbbc61e0ffa61a11e74d49a712f +Author: Damien Miller +Date: Wed Oct 25 13:10:59 2017 +1100 + + provide hooks and fallbacks for rdomain support + +commit 3235473bc8e075fad7216b7cd62fcd2b0320ea04 +Author: Damien Miller +Date: Wed Oct 25 11:25:43 2017 +1100 + + check for net/route.h and sys/sysctl.h + +commit 4d5456c7de108e17603a0920c4d15bca87244921 +Author: djm@openbsd.org +Date: Wed Oct 25 00:21:37 2017 +0000 upstream commit - remove options -12 from usage(); + transfer ownership of stdout to the session channel by + dup2'ing /dev/null to fd 1. This allows propagation of remote stdout close to + the local side; reported by David Newall, ok markus@ - Upstream-ID: db7ceef25132e63b50ed05289bf447fece1d1270 + Upstream-ID: 8d9ac18a11d89e6b0415f0cbf67b928ac67f0e79 -commit 6b84897f7fd39956b849eac7810319d8a9958568 -Author: jmc@openbsd.org -Date: Tue May 2 07:13:31 2017 +0000 +commit 68af80e6fdeaeb79432209db614386ff0f37e75f +Author: djm@openbsd.org +Date: Wed Oct 25 00:19:47 2017 +0000 upstream commit - tidy up -O somewhat; ok djm + add a "rdomain" criteria for the sshd_config Match + keyword to allow conditional configuration that depends on which rdomain(4) a + connection was recevied on. ok markus@ - Upstream-ID: 804405f716bf7ef15c1f36ab48581ca16aeb4d52 + Upstream-ID: 27d8fd5a3f1bae18c9c6e533afdf99bff887a4fb -commit d1c6b7fdbdfe4a7a37ecd48a97f0796b061c2868 +commit 35eb33fb957979e3fcbe6ea0eaee8bf4a217421a Author: djm@openbsd.org -Date: Mon May 1 22:09:48 2017 +0000 +Date: Wed Oct 25 00:17:08 2017 +0000 upstream commit - when freeing a bitmap, zero all it bytes; spotted by Ilya - Kaliman + add sshd_config RDomain keyword to place sshd and the + subsequent user session (including the shell and any TCP/IP forwardings) into + the specified rdomain(4) - Upstream-ID: 834ac024f2c82389d6ea6b1c7d6701b3836e28e4 + ok markus@ + + Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5 -commit 0f163983016c2988a92e039d18a7569f9ea8e071 +commit acf559e1cffbd1d6167cc1742729fc381069f06b Author: djm@openbsd.org -Date: Mon May 1 14:08:26 2017 +0000 +Date: Wed Oct 25 00:15:35 2017 +0000 upstream commit - this one I did forget to "cvs rm" + Add optional rdomain qualifier to sshd_config's + ListenAddress option to allow listening on a different rdomain(4), e.g. - Upstream-ID: 5781670c0578fe89663c9085ed3ba477cf7e7913 + ListenAddress 0.0.0.0 rdomain 4 + + Upstream-ID: 24b6622c376feeed9e9be8b9605e593695ac9091 -commit 21ed00a8e26fe8a772bcca782175fafc2b0890ed -Author: djm@openbsd.org -Date: Mon May 1 09:27:45 2017 +0000 +commit b9903ee8ee8671b447fc260c2bee3761e26c7227 +Author: millert@openbsd.org +Date: Tue Oct 24 19:41:45 2017 +0000 upstream commit - don't know why cvs didn't exterminate these the first - time around, I use rm -f and everuthing... - - pointed out by sobrado@ + Kill dead store and some spaces vs. tabs indent in + parse_user_host_path(). Noticed by markus@ - Upstream-ID: a6c44a0c2885330d322ee01fcfd7f6f209b1e15d + Upstream-ID: 114fec91dadf9af46c7c94fd40fc630ea2de8200 -commit d29ba6f45086703fdcb894532848ada3427dfde6 -Author: Darren Tucker -Date: Mon May 1 13:53:07 2017 +1000 +commit 0869627e00f4ee2a038cb62d7bd9ffad405e1800 +Author: jmc@openbsd.org +Date: Tue Oct 24 06:27:42 2017 +0000 - Define INT32_MAX and INT64_MAX if needed. + upstream commit + + tweak previous; ok djm + + Upstream-ID: 7d913981ab315296be1f759c67b6e17aea38fca9 -commit 329037e389f02ec95c8e16bf93ffede94d3d44ce -Author: Darren Tucker -Date: Mon May 1 13:19:41 2017 +1000 +commit e3fa20e2e58fdc88a0e842358778f2de448b771b +Author: Damien Miller +Date: Mon Oct 23 16:25:24 2017 +1100 - Wrap stdint.h in HAVE_STDINT_H + avoid -Wsign-compare warning in argv copying -commit f382362e8dfb6b277f16779ab1936399d7f2af78 +commit b7548b12a6b2b4abf4d057192c353147e0abba08 Author: djm@openbsd.org -Date: Mon May 1 02:27:11 2017 +0000 +Date: Mon Oct 23 05:08:00 2017 +0000 upstream commit - remove unused variable + Expose devices allocated for tun/tap forwarding. - Upstream-ID: 66011f00819d0e71b14700449a98414033284516 + At the client, the device may be obtained from a new %T expansion + for LocalCommand. + + At the server, the allocated devices will be listed in a + SSH_TUNNEL variable exposed to the environment of any user sessions + started after the tunnel forwarding was established. + + ok markus + + Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e -commit dd369320d2435b630a5974ab270d686dcd92d024 -Author: djm@openbsd.org -Date: Sun Apr 30 23:34:55 2017 +0000 +commit 887669ef032d63cf07f53cada216fa8a0c9a7d72 +Author: millert@openbsd.org +Date: Sat Oct 21 23:06:24 2017 +0000 upstream commit - eliminate explicit specification of protocol in tests and - loops over protocol. We only support SSHv2 now. + Add URI support to ssh, sftp and scp. For example + ssh://user@host or sftp://user@host/path. The connection parameters + described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since + the ssh fingerprint format in the draft uses md5 with no way to specify the + hash function type. OK djm@ - Upstream-Regress-ID: 0082838a9b8a382b7ee9cbf0c1b9db727784fadd + Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc -commit 557f921aad004be15805e09fd9572969eb3d9321 +commit d27bff293cfeb2252f4c7a58babe5ad3262c6c98 +Author: Damien Miller +Date: Fri Oct 20 13:22:00 2017 +1100 + + Fix missed RCSID merges + +commit d3b6aeb546242c9e61721225ac4387d416dd3d5e Author: djm@openbsd.org -Date: Sun Apr 30 23:33:48 2017 +0000 +Date: Fri Oct 20 02:13:41 2017 +0000 upstream commit - remove SSHv1 support from unit tests + more RCSIDs - Upstream-Regress-ID: 395ca2aa48f1f7d23eefff6cb849ea733ca8bbfe + Upstream-Regress-ID: 1aecbe3f8224793f0ec56741a86d619830eb33be -commit e77e1562716fb3da413e4c2397811017b762f5e3 +commit b011edbb32e41aaab01386ce4c0efcc9ff681c4a Author: djm@openbsd.org -Date: Mon May 1 00:03:18 2017 +0000 +Date: Fri Oct 20 01:56:39 2017 +0000 upstream commit - fixup setting ciphercontext->plaintext (lost in SSHv1 purge), - though it isn't really used for much anymore. + add RCSIDs to these; they make syncing portable a bit + easier - Upstream-ID: 859b8bce84ff4865b32097db5430349d04b9b747 + Upstream-ID: 56cb7021faea599736dd7e7f09c2e714425b1e68 -commit f7849e6c83a4e0f602dea6c834a24091c622d68e +commit 6eb27597781dccaf0ec2b80107a9f0592a0cb464 Author: Damien Miller -Date: Mon May 1 09:55:56 2017 +1000 +Date: Fri Oct 20 12:54:15 2017 +1100 - remove configure --with-ssh1 + upstream commit + + Apply missing commit 1.11 to kexc25519s.c + + Upstream-ID: 5f020e23a1ee6c3597af1f91511e68552cdf15e8 -commit f4a6a88ddb6dba6d2f7bfb9e2c9879fcc9633043 -Author: djm@openbsd.org -Date: Sun Apr 30 23:29:10 2017 +0000 +commit 6f72280553cb6918859ebcacc717f2d2fafc1a27 +Author: Damien Miller +Date: Fri Oct 20 12:52:50 2017 +1100 upstream commit - flense SSHv1 support from ssh-agent, considerably - simplifying it - - ok markus + Apply missing commit 1.127 to servconf.h - Upstream-ID: 71d772cdcefcb29f76e01252e8361e6fc2dfc365 + Upstream-ID: f14c4bac74a2b7cf1e3cff6bea5c447f192a7d15 -commit 930e8d2827853bc2e196c20c3e000263cc87fb75 -Author: djm@openbsd.org -Date: Sun Apr 30 23:28:41 2017 +0000 +commit bb3e16ab25cb911238c2eb7455f9cf490cb143cc +Author: jmc@openbsd.org +Date: Wed Oct 18 05:36:59 2017 +0000 upstream commit - obliterate ssh1.h and some dead code that used it - - ok markus@ + remove unused Pp; - Upstream-ID: 1ca9159a9fb95618f9d51e069ac8e1131a087343 + Upstream-ID: 8ad26467f1f6a40be887234085a8e01a61a00550 -commit a3710d5d529a34b8f56aa62db798c70e85d576a0 +commit 05b69e99570553c8e1eafb895b1fbf1d098d2e14 Author: djm@openbsd.org -Date: Sun Apr 30 23:28:12 2017 +0000 +Date: Wed Oct 18 02:49:44 2017 +0000 upstream commit - exterminate the -1 flag from scp - - ok markus@ + In the description of pattern-lists, clarify negated + matches by explicitly stating that a negated match will never yield a + positive result, and that at least one positive term in the pattern-list must + match. bz#1918 - Upstream-ID: 26d247f7065da15056b209cef5f594ff591b89db + Upstream-ID: 652d2f9d993f158fc5f83cef4a95cd9d95ae6a14 -commit aebd0abfaa8a41e75d50f9f7934267b0a2d9acb4 +commit eb80e26a15c10bc65fed8b8cdb476819a713c0fd Author: djm@openbsd.org -Date: Sun Apr 30 23:26:54 2017 +0000 +Date: Fri Oct 13 21:13:54 2017 +0000 upstream commit - purge the last traces of SSHv1 from the TTY modes - handling code - - ok markus + log debug messages sent to peer; ok deraadt markus - Upstream-ID: 963a19f1e06577377c38a3b7ce468f121b966195 + Upstream-ID: 3b4fdc0a06ea5083f61d96e20043000f477103d9 -commit dfa641f758d4b8b2608ab1b00abaf88df0a8e36a -Author: djm@openbsd.org -Date: Sun Apr 30 23:26:16 2017 +0000 +commit 071325f458d615d7740da5c1c1d5a8b68a0b4605 +Author: jmc@openbsd.org +Date: Fri Oct 13 16:50:45 2017 +0000 upstream commit - remove the (in)famous SSHv1 CRC compensation attack - detector. - - Despite your cameo in The Matrix movies, you will not be missed. + trim permitrootlogin description somewhat, to avoid + ambiguity; original diff from walter alejandro iglesias, tweaked by sthen and + myself - ok markus + ok sthen schwarze deraadt - Upstream-ID: 44261fce51a56d93cdb2af7b6e184be629f667e0 + Upstream-ID: 1749418b2bc073f3fdd25fe21f8263c3637fe5d2 -commit e5d3bd36ef67d82092861f39b5bf422cb12b31a6 +commit 10727487becb897a15f658e0cb2d05466236e622 Author: djm@openbsd.org -Date: Sun Apr 30 23:25:03 2017 +0000 +Date: Fri Oct 13 06:45:18 2017 +0000 upstream commit - undo some local debugging stuff that I committed by - accident + mention SSH_USER_AUTH in the list of environment + variables - Upstream-ID: fe5b31f69a60d47171836911f144acff77810217 + Upstream-ID: 1083397c3ee54b4933121ab058c70a0fc6383691 -commit 3d6d09f2e90f4ad650ebda6520bf2da446f37f14 +commit 224f193d6a4b57e7a0cb2b9ecd3b6c54d721d8c2 Author: djm@openbsd.org -Date: Sun Apr 30 23:23:54 2017 +0000 +Date: Fri Oct 13 06:24:51 2017 +0000 upstream commit - remove SSHv1 support from packet and buffer APIs - - ok markus@ + BIO_get_mem_data() is supposed to take a char* as pointer + argument, so don't pass it a const char* - Upstream-ID: bfc290053d40b806ecac46317d300677d80e1dc9 + Upstream-ID: 1ccd91eb7f4dd4f0fa812d4f956987cd00b5f6ec -commit 05164358577c82de18ed7373196bc7dbd8a3f79c -Author: djm@openbsd.org -Date: Sun Apr 30 23:21:54 2017 +0000 +commit cfa46825b5ef7097373ed8e31b01a4538a8db565 +Author: benno@openbsd.org +Date: Mon Oct 9 20:12:51 2017 +0000 upstream commit - remove SSHv1-related buffers from client code + clarify the order in which config statements are used. ok + jmc@ djm@ - Upstream-ID: dca5d01108f891861ceaf7ba1c0f2eb274e0c7dd + Upstream-ID: e37e27bb6bbac71315e22cb9690fd8a556a501ed -commit 873d3e7d9a4707d0934fb4c4299354418f91b541 +commit dceabc7ad7ebc7769c8214a1647af64c9a1d92e5 Author: djm@openbsd.org -Date: Sun Apr 30 23:18:44 2017 +0000 +Date: Thu Oct 5 15:52:03 2017 +0000 upstream commit - remove KEY_RSA1 - - ok markus@ + replace statically-sized arrays in ServerOptions with + dynamic ones managed by xrecallocarray, removing some arbitrary (though + large) limits and saving a bit of memory; "much nicer" markus@ - Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133 + Upstream-ID: 1732720b2f478fe929d6687ac7b0a97ff2efe9d2 -commit 788ac799a6efa40517f2ac0d895a610394298ffc -Author: djm@openbsd.org -Date: Sun Apr 30 23:18:22 2017 +0000 +commit 2b4f3ab050c2aaf6977604dd037041372615178d +Author: jmc@openbsd.org +Date: Thu Oct 5 12:56:50 2017 +0000 upstream commit - remove SSHv1 configuration options and man pages bits - - ok markus@ + %C is hashed; from klemens nanni ok markus - Upstream-ID: 84638c23546c056727b7a7d653c72574e0f19424 + Upstream-ID: 6ebed7b2e1b6ee5402a67875d74f5e2859d8f998 -commit e6882463a8ae0594aacb6d6575a6318a41973d84 +commit a66714508b86d6814e9055fefe362d9fe4d49ab3 Author: djm@openbsd.org -Date: Sun Apr 30 23:17:37 2017 +0000 +Date: Wed Oct 4 18:50:23 2017 +0000 upstream commit - remove SSH1 make flag and associated files ok markus@ + exercise PermitOpen a little more thoroughly - Upstream-ID: ba9feacc5787337c413db7cf26ea3d53f854cfef + Upstream-Regress-ID: f41592334e227a4c1f9a983044522de4502d5eac -commit cdccebdf85204bf7542b7fcc1aa2ea3f36661833 -Author: djm@openbsd.org -Date: Sun Apr 30 23:15:04 2017 +0000 +commit 609ecc8e57eb88e2eac976bd3cae7f7889aaeff6 +Author: dtucker@openbsd.org +Date: Tue Sep 26 22:39:25 2017 +0000 upstream commit - remove SSHv1 ciphers; ok markus@ + UsePrivilegeSeparation is gone, stop trying to test it. - Upstream-ID: e5ebc5e540d7f23a8c1266db1839794d4d177890 + Upstream-Regress-ID: 796a5057cfd79456a20ea935cc53f6eb80ace191 -commit 97f4d3083b036ce3e68d6346a6140a22123d5864 +commit 69bda0228861f3dacd4fb3d28b60ce9d103d254b Author: djm@openbsd.org -Date: Sun Apr 30 23:13:25 2017 +0000 +Date: Wed Oct 4 18:49:30 2017 +0000 upstream commit - remove compat20/compat13/compat15 variables - - ok markus@ + fix (another) problem in PermitOpen introduced during the + channels.c refactor: the third and subsequent arguments to PermitOpen were + being silently ignored; ok markus@ - Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c + Upstream-ID: 067c89f1f53cbc381628012ba776d6861e6782fd -commit 99f95ba82673d33215dce17bfa1512b57f54ec09 +commit 66bf74a92131b7effe49fb0eefe5225151869dc5 Author: djm@openbsd.org -Date: Sun Apr 30 23:11:45 2017 +0000 +Date: Mon Oct 2 19:33:20 2017 +0000 upstream commit - remove options.protocol and client Protocol - configuration knob + Fix PermitOpen crash; spotted by benno@, ok dtucker@ deraadt@ - ok markus@ + Upstream-ID: c2cc84ffac070d2e1ff76182c70ca230a387983c + +commit d63b38160a59039708fd952adc75a0b3da141560 +Author: Damien Miller +Date: Sun Oct 1 10:32:25 2017 +1100 + + update URL again - Upstream-ID: 5a967f5d06e2d004b0235457b6de3a9a314e9366 + I spotted a typo in the draft so uploaded a new version... -commit 56912dea6ef63dae4eb1194e5d88973a7c6c5740 +commit 6f64f596430cd3576c529f07acaaf2800aa17d58 +Author: Damien Miller +Date: Sun Oct 1 10:01:56 2017 +1100 + + sync release notes URL + +commit 35ff70a04dd71663a5ac1e73b90d16d270a06e0d +Author: Damien Miller +Date: Sun Oct 1 10:01:25 2017 +1100 + + sync contrib/ssh-copy-id with upstream + +commit 290843b8ede85f8b30bf29cd7dceb805c3ea5b66 +Author: Damien Miller +Date: Sun Oct 1 09:59:19 2017 +1100 + + update version in RPM spec files + +commit 4e4e0bb223c5be88d87d5798c75cc6b0d4fef31d +Author: Damien Miller +Date: Sun Oct 1 09:58:24 2017 +1100 + + update agent draft URL + +commit e4a798f001d2ecd8bf025c1d07658079f27cc604 Author: djm@openbsd.org -Date: Sun Apr 30 23:10:43 2017 +0000 +Date: Sat Sep 30 22:26:33 2017 +0000 upstream commit - unifdef WITH_SSH1 ok markus@ + openssh-7.6; ok deraadt@ - Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7 + Upstream-ID: a39c3a5b63a1baae109ae1ae4c7c34c2a59acde0 -commit d4084cd230f7319056559b00db8b99296dad49d5 +commit 5fa1407e16e7e5fda9769d53b626ce39d5588d4d Author: jmc@openbsd.org -Date: Sat Apr 29 06:06:01 2017 +0000 +Date: Wed Sep 27 06:45:53 2017 +0000 upstream commit - tweak previous; + tweak EposeAuthinfo; diff from lars nooden - Upstream-ID: a3abc6857455299aa42a046d232b7984568bceb9 + tweaked by sthen; ok djm dtucker + + Upstream-ID: 8f2ea5d2065184363e8be7a0ba24d98a3b259748 -commit 249516e428e8461b46340a5df5d5ed1fbad2ccce -Author: djm@openbsd.org -Date: Sat Apr 29 04:12:25 2017 +0000 +commit bba69c246f0331f657fd6ec97724df99fc1ad174 +Author: Damien Miller +Date: Thu Sep 28 16:06:21 2017 -0700 - upstream commit - - allow ssh-keygen to include arbitrary string or flag - certificate extensions and critical options. ok markus@ dtucker@ - - Upstream-ID: 2cf28dd6c5489eb9fc136e0b667ac3ea10241646 + don't fatal ./configure for LibreSSL -commit 47a287bb6ac936c26b4f3ae63279c02902ded3b9 -Author: jmc@openbsd.org -Date: Fri Apr 28 06:15:03 2017 +0000 +commit 04dc070e8b4507d9d829f910b29be7e3b2414913 +Author: Damien Miller +Date: Thu Sep 28 14:54:34 2017 -0700 - upstream commit + abort in configure when only openssl-1.1.x found - sort; + We don't support openssl-1.1.x yet (see multiple threads on the + openssh-unix-dev@ mailing list for the reason), but previously + ./configure would accept it and the compilation would subsequently + fail. This makes ./configure display an explicit error message and + abort. - Upstream-ID: 7e6b56e52b039cf44d0418e9de9aca20a2d2d15a + ok dtucker@ -commit 36465a76a79ad5040800711b41cf5f32249d5120 +commit 74c1c3660acf996d9dc329e819179418dc115f2c Author: Darren Tucker -Date: Fri Apr 28 14:44:28 2017 +1000 +Date: Wed Sep 27 07:44:41 2017 +1000 - Typo. + Check for and handle calloc(p, 0) = NULL. - Upstream-Regress-ID: 1e6b51ddf767cbad0a4e63eb08026c127e654308 + On some platforms (AIX, maybe others) allocating zero bytes of memory + via the various *alloc functions returns NULL, which is permitted + by the standards. Autoconf has some macros for detecting this (with + the exception of calloc for some reason) so use these and if necessary + activate shims for them. ok djm@ -commit 9d18cb7bdeb00b20205fd13d412aae8c0e0457ed -Author: Darren Tucker -Date: Fri Apr 28 14:41:17 2017 +1000 +commit 6a9481258a77b0b54b2a313d1761c87360c5f1f5 +Author: markus@openbsd.org +Date: Thu Sep 21 19:18:12 2017 +0000 - Add 2 regress commits I applied by hand. + upstream commit - Upstream-Regress-ID: 30c20180c87cbc99fa1020489fe7fd8245b6420c - Upstream-Regress-ID: 1e6b51ddf767cbad0a4e63eb08026c127e654308 + test reverse dynamic forwarding with SOCKS + + Upstream-Regress-ID: 95cf290470f7e5e2f691e4bc6ba19b91eced2f79 -commit 9504ea6b27f9f0ece64e88582ebb9235e664a100 -Author: Darren Tucker -Date: Fri Apr 28 14:33:43 2017 +1000 +commit 1b9f321605733754df60fac8c1d3283c89b74455 +Author: Damien Miller +Date: Tue Sep 26 16:55:55 2017 +1000 - Merge integrity.sh rev 1.22. - - Merge missing bits from Colin Watson's patch in bz#2658 which make integrity - tests more robust against timeouts. ok djm@ + sync missing changes in dynamic-forward.sh -commit 06ec837a34542627e2183a412d6a9d2236f22140 +commit 44fc334c7a9ebdd08addb6d5fa005369897fddeb Author: Darren Tucker -Date: Fri Apr 28 14:30:03 2017 +1000 +Date: Mon Sep 25 09:48:10 2017 +1000 - Id sync for integrity.sh rev 1.21 which pulls in some shell portability fixes + Add minimal strsignal for platforms without it. -commit e0194b471efe7d3daedc9cc66686cb1ab69d3be8 -Author: jsg@openbsd.org -Date: Mon Apr 17 11:02:31 2017 +0000 +commit 218e6f98df566fb9bd363f6aa47018cb65ede196 +Author: djm@openbsd.org +Date: Sun Sep 24 13:45:34 2017 +0000 upstream commit - Change COMPILER_VERSION tests which limited additional - warnings to gcc4 to instead skip them on gcc3 as clang can handle - -Wpointer-sign and -Wold-style-definition. + fix inverted test on channel open failure path that + "upgraded" a transient failure into a fatal error; reported by sthen and also + seen by benno@; ok sthen@ - Upstream-Regress-ID: e48d7dc13e48d9334b8195ef884dfbc51316012f + Upstream-ID: b58b3fbb79ba224599c6cd6b60c934fc46c68472 -commit 6830be90e71f46bcd182a9202b151eaf2b299434 +commit c704f641f7b8777497dc82e81f2ac89afec7e401 Author: djm@openbsd.org -Date: Fri Apr 28 03:24:53 2017 +0000 +Date: Sun Sep 24 09:50:01 2017 +0000 upstream commit - include key fingerprint in "Offering public key" debug - message + write the correct buffer when tunnel forwarding; doesn't + matter on OpenBSD (they are the same) but does matter on portable where we + use an output filter to translate os-specific tun/tap headers - Upstream-ID: 964749f820c2ed4cf6a866268b1a05e907315c52 + Upstream-ID: f1ca94eff48404827b12e1d12f6139ee99a72284 -commit 066437187e16dcafcbc19f9402ef0e6575899b1d -Author: millert@openbsd.org -Date: Fri Apr 28 03:21:12 2017 +0000 +commit 55486f5cef117354f0c64f991895835077b7c7f7 +Author: djm@openbsd.org +Date: Sat Sep 23 22:04:07 2017 +0000 upstream commit - Avoid relying on implementation-specific behavior when - detecting whether the timestamp or file size overflowed. If time_t and off_t - are not either 32-bit or 64-bit scp will exit with an error. OK djm@ + fix tunnel forwarding problem introduced in refactor; + reported by stsp@ ok markus@ - Upstream-ID: f31caae73ddab6df496b7bbbf7da431e267ad135 + Upstream-ID: 81a731cdae1122c8522134095d1a8b60fa9dcd04 -commit 68d3a2a059183ebd83b15e54984ffaced04d2742 -Author: dtucker@openbsd.org -Date: Fri Apr 28 03:20:27 2017 +0000 +commit 609d7a66ce578abf259da2d5f6f68795c2bda731 +Author: markus@openbsd.org +Date: Thu Sep 21 19:16:53 2017 +0000 upstream commit - Add SyslogFacility option to ssh(1) matching the - equivalent option in sshd(8). bz#2705, patch from erahn at arista.com, ok - djm@ + Add 'reverse' dynamic forwarding which combines dynamic + forwarding (-D) with remote forwarding (-R) where the remote-forwarded port + expects SOCKS-requests. - Upstream-ID: d5115c2c0193ceb056ed857813b2a7222abda9ed + The SSH server code is unchanged and the parsing happens at the SSH + clients side. Thus the full SOCKS-request is sent over the forwarded + channel and the client parses c->output. Parsing happens in + channel_before_prepare_select(), _before_ the select bitmask is + computed in the pre[] handlers, but after network input processing + in the post[] handlers. + + help and ok djm@ + + Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89 -commit e13aad66e73a14b062d13aee4e98f1e21a3f6a14 -Author: jsg@openbsd.org -Date: Thu Apr 27 13:40:05 2017 +0000 +commit 36945fa103176c00b39731e1fc1919a0d0808b81 +Author: dtucker@openbsd.org +Date: Wed Sep 20 05:19:00 2017 +0000 upstream commit - remove a static array unused since rev 1.306 spotted by - clang ok djm@ + Use strsignal in debug message instead of casting for the + benefit of portable where sig_atomic_t might not be int. "much nicer" + deraadt@ - Upstream-ID: 249b3eed2446f6074ba2219ccc46919dd235a7b8 + Upstream-ID: 2dac6c1e40511c700bd90664cd263ed2299dcf79 -commit 91bd2181866659f00714903e78e1c3edd4c45f3d +commit 3e8d185af326bf183b6f78597d5e3d2eeb2dc40e Author: millert@openbsd.org -Date: Thu Apr 27 11:53:12 2017 +0000 +Date: Tue Sep 19 12:10:30 2017 +0000 upstream commit - Avoid potential signed int overflow when parsing the file - size. Use strtoul() instead of parsing manually. OK djm@ + Use explicit_bzero() instead of bzero() before free() to + prevent the compiler from optimizing away the bzero() call. OK djm@ - Upstream-ID: 1f82640861c7d905bbb05e7d935d46b0419ced02 + Upstream-ID: cdc6197e64c9684c7250e23d60863ee1b53cef1d -commit 17a54a03f5a1d35e33cc24e22cd7a9d0f6865dc4 -Author: Darren Tucker -Date: Tue Apr 25 08:32:27 2017 +1000 +commit 5b8da1f53854c0923ec6e927e86709e4d72737b6 +Author: djm@openbsd.org +Date: Tue Sep 19 04:24:22 2017 +0000 - Fix typo in "socketcall". + upstream commit - Pointed out by jjelen at redhat.com. + fix use-after-free in ~^Z escape handler path, introduced + in channels.c refactor; spotted by millert@ "makes sense" deraadt@ + + Upstream-ID: 8fa2cdc65c23ad6420c1e59444b0c955b0589b22 -commit 8b0eee148f7cf8b248c30d1bae57300f2cc5aafd -Author: Darren Tucker -Date: Mon Apr 24 19:40:31 2017 +1000 +commit a3839d8d2b89ff1a80cadd4dd654336710de2c9e +Author: dtucker@openbsd.org +Date: Mon Sep 18 12:03:24 2017 +0000 - Deny socketcall in seccomp filter on ppc64le. + upstream commit - OpenSSL is using socket() calls (in FIPS mode) when handling ECDSA keys - in privsep child. The socket() syscall is already denied in the seccomp - filter, but in ppc64le kernel, it is implemented using socketcall() - syscall, which is not denied yet (only SYS_SHUTDOWN is allowed) and - therefore fails hard. + Prevent type mismatch warning in debug on platforms where + sig_atomic_t != int. ok djm@ - Patch from jjelen at redhat.com. + Upstream-ID: 306e2375eb0364a4c68e48f091739bea4f4892ed -commit f8500b2be599053daa05248a86a743232ec6a536 -Author: schwarze@openbsd.org -Date: Mon Apr 17 14:31:23 2017 +0000 +commit 30484e5e5f0b63d2c6ba32c6b85f06b6c6fa55fc +Author: dtucker@openbsd.org +Date: Mon Sep 18 09:41:52 2017 +0000 upstream commit - Recognize nl_langinfo(CODESET) return values "646" and "" - as aliases for "US-ASCII", useful for different versions of NetBSD and - Solaris. Found by dtucker@ and by Tom G. Christensen . OK dtucker@ deraadt@ + Add braces missing after channels refactor. ok markus@ - Upstream-ID: 38c2133817cbcae75c88c63599ac54228f0fa384 + Upstream-ID: 72ab325c84e010680dbc88f226e2aa96b11a3980 -commit 7480dfedf8c5c93baaabef444b3def9331e86ad5 -Author: jsg@openbsd.org -Date: Mon Apr 17 11:02:31 2017 +0000 +commit b79569190b9b76dfacc6d996faa482f16e8fc026 +Author: Damien Miller +Date: Tue Sep 19 12:29:23 2017 +1000 - upstream commit + add freezero(3) replacement - Change COMPILER_VERSION tests which limited additional - warnings to gcc4 to instead skip them on gcc3 as clang can handle - -Wpointer-sign and -Wold-style-definition. + ok dtucker@ + +commit 161af8f5ec0961b10cc032efb5cc1b44ced5a92e +Author: Damien Miller +Date: Tue Sep 19 10:18:56 2017 +1000 + + move FORTIFY_SOURCE into hardening options group - Upstream-ID: 5cbe348aa76dc1adf55be6c0e388fafaa945439a + It's still on by default, but now it's possible to turn it off using + --without-hardening. This is useful since it's known to cause problems + with some -fsanitize options. ok dtucker@ -commit 4d827f0d75a53d3952288ab882efbddea7ffadfe -Author: djm@openbsd.org -Date: Tue Apr 4 00:24:56 2017 +0000 +commit 09eacf856e0fe1a6e3fe597ec8032b7046292914 +Author: bluhm@openbsd.org +Date: Wed Sep 13 14:58:26 2017 +0000 upstream commit - disallow creation (of empty files) in read-only mode; - reported by Michal Zalewski, feedback & ok deraadt@ + Print SKIPPED if sudo and doas configuration is missing. + Prevents that running the regression test with wrong environment is reported + as failure. Keep the fatal there to avoid interfering with other setups for + portable ssh. OK dtucker@ - Upstream-ID: 5d9c8f2fa8511d4ecf95322994ffe73e9283899b + Upstream-Regress-ID: f0dc60023caef496ded341ac5aade2a606fa234e -commit ef47843af0a904a21c920e619c5aec97b65dd9ac -Author: deraadt@openbsd.org -Date: Sun Mar 26 00:18:52 2017 +0000 +commit cdede10899892f25f1ccdccd7a3fe5e5ef0aa49a +Author: dtucker@openbsd.org +Date: Mon Aug 7 03:52:55 2017 +0000 upstream commit - incorrect renditions of this quote bother me + Remove obsolete privsep=no fallback test. - Upstream-ID: 1662be3ebb7a71d543da088119c31d4d463a9e49 + Upstream-Regress-ID: 7d6e1baa1678ac6be50c2a1555662eb1047638df -commit d9048861bea842c4eba9c2dbbf97064cc2a5ef02 -Author: Darren Tucker -Date: Fri Mar 31 11:04:43 2017 +1100 +commit ec218c105daa9f5b192f7aa890fdb2d4fdc4e9d8 +Author: dtucker@openbsd.org +Date: Mon Aug 7 00:53:51 2017 +0000 - Check for and use gcc's -pipe. + upstream commit - Speeds up configure and build by a couple of percent. ok djm@ - -commit 282cad2240c4fbc104c2f2df86d688192cbbe4bb -Author: Darren Tucker -Date: Wed Mar 29 16:34:44 2017 +1100 - - Import fmt_scaled.c rev 1.16 from OpenBSD. + Remove non-privsep test since disabling privsep is now + deprecated. - Fix overly-conservative overflow checks on mulitplications and add checks - on additions. This allows scan_scaled to work up to +/-LLONG_MAX (LLONG_MIN - will still be flagged as a range error). ok millert@ + Upstream-Regress-ID: 77ad3f3d8d52e87f514a80f285c6c1229b108ce8 -commit c73a229e4edf98920f395e19fd310684fc6bb951 -Author: Darren Tucker -Date: Wed Mar 29 16:34:02 2017 +1100 +commit 239c57d5bc2253e27e3e6ad7ac52ec8c377ee24e +Author: dtucker@openbsd.org +Date: Fri Jul 28 10:32:08 2017 +0000 - Import fmt_scaled.c rev 1.15 from OpenBSD. + upstream commit - Collapse underflow and overflow checks into a single block. - ok djm@ millert@ + Don't call fatal from stop_sshd since it calls cleanup + which calls stop_sshd which will probably fail in the same way. Instead, + just bail. Differentiate between sshd dying without cleanup and not shutting + down. + + Upstream-Regress-ID: f97315f538618b349e2b0bea02d6b0c9196c6bc4 -commit d427b73bf5a564f663d16546dbcbd84ba8b9d4af -Author: Darren Tucker -Date: Wed Mar 29 16:32:57 2017 +1100 +commit aea59a0d9f120f2a87c7f494a0d9c51eaa79b8ba +Author: djm@openbsd.org +Date: Thu Sep 14 04:32:21 2017 +0000 - Import fmt_scaled.c rev 1.14 from OpenBSD. + upstream commit - Catch integer underflow in scan_scaled reported by Nicolas Iooss. - ok deraadt@ djm@ + Revert commitid: gJtIN6rRTS3CHy9b. + + ------------- + identify the case where SSHFP records are missing but other DNS RR + types are present and display a more useful error message for this + case; patch by Thordur Bjornsson; bz#2501; ok dtucker@ + ------------- + + This caused unexpected failures when VerifyHostKeyDNS=yes, SSHFP results + are missing but the user already has the key in known_hosts + + Spotted by dtucker@ + + Upstream-ID: 97e31742fddaf72046f6ffef091ec0d823299920 -commit d13281f2964abc5f2e535e1613c77fc61b0c53e7 -Author: Darren Tucker -Date: Wed Mar 29 12:39:39 2017 +1100 +commit 871f1e4374420b07550041b329627c474abc3010 +Author: Damien Miller +Date: Tue Sep 12 18:01:35 2017 +1000 - Don't check privsep user or path when unprivileged - - If running with privsep (mandatory now) as a non-privileged user, we - don't chroot or change to an unprivileged user however we still checked - the existence of the user and directory. Don't do those checks if we're - not going to use them. Based in part on a patch from Lionel Fourquaux - via Corinna Vinschen, ok djm@ + adapt portable to channels API changes -commit f2742a481fe151e493765a3fbdef200df2ea7037 -Author: Darren Tucker -Date: Wed Mar 29 10:50:31 2017 +1100 +commit 4ec0bb9f9ad7b4eb0af110fa8eddf8fa199e46bb +Author: djm@openbsd.org +Date: Tue Sep 12 07:55:48 2017 +0000 - Remove SHA256 EVP wrapper implementation. + upstream commit - All supported versions of OpenSSL should now have SHA256 so remove our - EVP wrapper implementaion. ok djm@ + unused variable + + Upstream-ID: 2f9ba09f2708993d35eac5aa71df910dcc52bac1 -commit 5346f271fc76549caf4a8e65b5fba319be422fe9 -Author: Darren Tucker -Date: Wed Mar 29 10:23:58 2017 +1100 +commit 9145a73ce2ba30c82bbf91d7205bfd112529449f +Author: djm@openbsd.org +Date: Tue Sep 12 07:32:04 2017 +0000 - Remove check for OpenSSL < 0.9.8g. + upstream commit - We no longer support OpenSSL < 1.0.1 so remove check for unreliable ECC - in OpenSSL < 0.9.8g. + fix tun/tap forwarding case in previous + + Upstream-ID: 43ebe37a930320e24bca6900dccc39857840bc53 -commit 8fed0a5fe7b4e78a6810b133d8e91be9742ee0a1 -Author: Darren Tucker -Date: Wed Mar 29 10:16:15 2017 +1100 +commit 9f53229c2ac97dbc6f5a03657de08a1150a9ac7e +Author: djm@openbsd.org +Date: Tue Sep 12 06:35:31 2017 +0000 - Remove compat code for OpenSSL < 0.9.7. + upstream commit - Resyncs that code with OpenBSD upstream. - -commit 608ec1f62ff22fdccc3952e51463d79c43cbd0d3 -Author: Darren Tucker -Date: Wed Mar 29 09:50:54 2017 +1100 - - Remove SSHv1 code path. + Make remote channel ID a u_int - Server-side support for Protocol 1 has been removed so remove !compat20 - PAM code path. - -commit 7af27bf538cbc493d609753f9a6d43168d438f1b -Author: Darren Tucker -Date: Fri Mar 24 09:44:56 2017 +1100 - - Enable ldns when using ldns-config. + Previously we tracked the remote channel IDs in an int, but this is + strictly incorrect: the wire protocol uses uint32 and there is nothing + in-principle stopping a SSH implementation from sending, say, 0xffff0000. - Actually enable ldns when attempting to use ldns-config. bz#2697, patch - from fredrik at fornwall.net. - -commit 58b8cfa2a062b72139d7229ae8de567f55776f24 -Author: Damien Miller -Date: Wed Mar 22 12:43:02 2017 +1100 - - Missing header on Linux/s390 + In practice everyone numbers their channels sequentially, so this has + never been a problem. - Patch from Jakub Jelen + ok markus@ + + Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73 -commit 096fb65084593f9f3c1fc91b6d9052759a272a00 +commit dbee4119b502e3f8b6cd3282c69c537fd01d8e16 Author: djm@openbsd.org -Date: Mon Mar 20 22:08:06 2017 +0000 +Date: Tue Sep 12 06:32:07 2017 +0000 upstream commit - remove /usr/bin/time calls around tests, makes diffing test - runs harder. Based on patch from Mike Frysinger + refactor channels.c - Upstream-Regress-ID: 81c1083b14dcf473b23d2817882f40b346ebc95c - -commit 6b853c6f8ba5eecc50f3b57af8e63f8184eb0fa6 -Author: Damien Miller -Date: Tue Mar 21 08:47:55 2017 +1100 - - Fix syntax error on Linux/X32 + Move static state to a "struct ssh_channels" that is allocated at + runtime and tracked as a member of struct ssh. - Patch from Mike Frysinger - -commit d38f05dbdd291212bc95ea80648b72b7177e9f4e -Author: Darren Tucker -Date: Mon Mar 20 13:38:27 2017 +1100 - - Add llabs() implementation. - -commit 72536316a219b7394996a74691a5d4ec197480f7 -Author: Damien Miller -Date: Mon Mar 20 12:23:04 2017 +1100 - - crank version numbers + Explicitly pass "struct ssh" to all channels functions. + + Replace use of the legacy packet APIs in channels.c. + + Rework sshd_config PermitOpen handling: previously the configuration + parser would call directly into the channels layer. After the refactor + this is not possible, as the channels structures are allocated at + connection time and aren't available when the configuration is parsed. + The server config parser now tracks PermitOpen itself and explicitly + configures the channels code later. + + ok markus@ + + Upstream-ID: 11828f161656b965cc306576422613614bea2d8f -commit 3be52bc36bdfd24ded7e0f46999e7db520fb4e3f +commit abd59663df37a42152e37980113ccaa405b9a282 Author: djm@openbsd.org -Date: Mon Mar 20 01:18:59 2017 +0000 +Date: Thu Sep 7 23:48:09 2017 +0000 upstream commit - openssh-7.5 + typo in comment - Upstream-ID: b8b9a4a949427c393cd868215e1724ceb3467ee5 + Upstream-ID: a93b1e6f30f1f9b854b5b964b9fd092d0c422c47 -commit db84e52fe9cfad57f22e7e23c5fbf00092385129 -Author: Damien Miller -Date: Mon Mar 20 12:07:20 2017 +1100 +commit 149a8cd24ce9dd47c36f571738681df5f31a326c +Author: jmc@openbsd.org +Date: Mon Sep 4 06:34:43 2017 +0000 - I'm a doofus. + upstream commit - Unbreak obvious syntax error. - -commit 89f04852db27643717c9c3a2b0dde97ae50099ee -Author: Damien Miller -Date: Mon Mar 20 11:53:34 2017 +1100 - - on Cygwin, check paths from server for backslashes + tweak previous; - Pointed out by Jann Horn of Google Project Zero + Upstream-ID: bb8cc40b61b15f6a13d81da465ac5bfc65cbfc4b -commit 7ef1f9bafc2cc8d97ff2fbd4f280002b6e8ea5d9 +commit ec9d22cc251cc5acfe7b2bcef9cc7a1fe0e949d8 Author: Damien Miller -Date: Mon Mar 20 11:48:34 2017 +1100 +Date: Fri Sep 8 12:44:13 2017 +1000 - Yet another synonym for ASCII: "646" + Fuzzer harnesses for sig verify and pubkey parsing - Used by NetBSD; this unbreaks mprintf() and friends there for the C - locale (caught by dtucker@ and his menagerie of test systems). + These are some basic clang libfuzzer harnesses for signature + verification and public key parsing. Some assembly (metaphorical) + required. -commit 9165abfea3f68a0c684a6ed2e575e59bc31a3a6b +commit de35c382894964a896a63ecd5607d3a3b93af75d Author: Damien Miller -Date: Mon Mar 20 09:58:34 2017 +1100 +Date: Fri Sep 8 12:38:31 2017 +1000 - create test mux socket in /tmp + Give configure ability to set CFLAGS/LDFLAGS later - Creating the socket in $OBJ could blow past the (quite limited) - path limit for Unix domain sockets. As a bandaid for bz#2660, - reported by Colin Watson; ok dtucker@ + Some CFLAGS/LDFLAGS may disrupt the configure script's operation, + in particular santization and fuzzer options that break assumptions + about memory and file descriptor dispositions. + + This adds two flags to configure --with-cflags-after and + --with-ldflags-after that allow specifying additional compiler and + linker options that are added to the resultant Makefiles but not + used in the configure run itself. + + E.g. + + env CC=clang-3.9 ./configure \ + --with-cflags-after=-fsantize=address \ + --with-ldflags-after="-g -fsanitize=address" -commit 2adbe1e63bc313d03e8e84e652cc623af8ebb163 -Author: markus@openbsd.org -Date: Wed Mar 15 07:07:39 2017 +0000 +commit 22376d27a349f62c502fec3396dfe0fdcb2a40b7 +Author: djm@openbsd.org +Date: Sun Sep 3 23:33:13 2017 +0000 upstream commit - disallow KEXINIT before NEWKEYS; ok djm; report by - vegard.nossum at oracle.com + Expand ssh_config's StrictModes option with two new + settings: - Upstream-ID: 3668852d1f145050e62f1da08917de34cb0c5234 - -commit 2fbf91684d76d38b9cf06550b69c9e41bca5a71c -Author: Darren Tucker -Date: Thu Mar 16 14:05:46 2017 +1100 - - Include includes.h for compat bits. - -commit b55f634e96b9c5b0cd991e23a9ca181bec4bdbad -Author: Darren Tucker -Date: Thu Mar 16 13:45:17 2017 +1100 - - Wrap stdint.h in #ifdef HAVE_STDINT_H - -commit 55a1117d7342a0bf8b793250cf314bab6b482b99 -Author: Damien Miller -Date: Thu Mar 16 11:22:42 2017 +1100 - - Adapt Cygwin config script to privsep knob removal + StrictModes=accept-new will automatically accept hitherto-unseen keys + but will refuse connections for changed or invalid hostkeys. - Patch from Corinna Vinschen. + StrictModes=off is the same as StrictModes=no + + Motivation: + + StrictModes=no combines two behaviours for host key processing: + automatically learning new hostkeys and continuing to connect to hosts + with invalid/changed hostkeys. The latter behaviour is quite dangerous + since it removes most of the protections the SSH protocol is supposed to + provide. + + Quite a few users want to automatically learn hostkeys however, so + this makes that feature available with less danger. + + At some point in the future, StrictModes=no will change to be a synonym + for accept-new, with its current behaviour remaining available via + StrictModes=off. + + bz#2400, suggested by Michael Samuel; ok markus + + Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64 -commit 1a321bfdb91defe3c4d9cca5651724ae167e5436 -Author: deraadt@openbsd.org -Date: Wed Mar 15 03:52:30 2017 +0000 +commit ff3c42384033514e248ba5d7376aa033f4a2b99a +Author: jmc@openbsd.org +Date: Fri Sep 1 15:41:26 2017 +0000 upstream commit - accidents happen to the best of us; ok djm + remove blank line; - Upstream-ID: b7a9dbd71011ffde95e06f6945fe7197dedd1604 + Upstream-ID: 2f46b51a0ddb3730020791719e94d3e418e9f423 -commit 25f837646be8c2017c914d34be71ca435dfc0e07 +commit b828605d51f57851316d7ba402b4ae06cf37c55d Author: djm@openbsd.org -Date: Wed Mar 15 02:25:09 2017 +0000 +Date: Fri Sep 1 05:53:56 2017 +0000 upstream commit - fix regression in 7.4: deletion of PKCS#11-hosted keys - would fail unless they were specified by full physical pathname. Report and - fix from Jakub Jelen via bz#2682; ok dtucker@ + identify the case where SSHFP records are missing but + other DNS RR types are present and display a more useful error message for + this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@ - Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268 + Upstream-ID: 8f7a5a8344f684823d8317a9708b63e75be2c244 -commit a8c5eeacf032a7d3408957e45dd7603cc1baf55f +commit 8042bad97e2789a50e8f742c3bcd665ebf0add32 Author: djm@openbsd.org -Date: Wed Mar 15 02:19:09 2017 +0000 +Date: Fri Sep 1 05:50:48 2017 +0000 upstream commit - Fix segfault when sshd attempts to load RSA1 keys (can - only happen when protocol v.1 support is enabled for the client). Reported by - Jakub Jelen in bz#2686; ok dtucker + document available AuthenticationMethods; bz#2453 ok + dtucker@ - Upstream-ID: 8fdaec2ba4b5f65db1d094f6714ce64b25d871d7 + Upstream-ID: 2c70576f237bb699aff59889dbf2acba4276d3d0 -commit 66705948c0639a7061a0d0753266da7685badfec +commit 71e5a536ec815d542b199f2ae6d646c0db9f1b58 Author: djm@openbsd.org -Date: Tue Mar 14 07:19:07 2017 +0000 +Date: Wed Aug 30 03:59:08 2017 +0000 upstream commit - Mark the sshd_config UsePrivilegeSeparation option as - deprecated, effectively making privsep mandatory in sandboxing mode. ok - markus@ deraadt@ - - (note: this doesn't remove the !privsep code paths, though that will - happen eventually). + pass packet state down to some of the channels function + (more to come...); ok markus@ - Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a + Upstream-ID: d8ce7a94f4059d7ac1e01fb0eb01de0c4b36c81b -commit f86586b03fe6cd8f595289bde200a94bc2c191af -Author: Damien Miller -Date: Tue Mar 14 18:26:29 2017 +1100 +commit 6227fe5b362239c872b91bbdee4bf63cf85aebc5 +Author: jmc@openbsd.org +Date: Tue Aug 29 13:05:58 2017 +0000 - Make seccomp-bpf sandbox work on Linux/X32 + upstream commit - Allow clock_gettime syscall with X32 bit masked off. Apparently - this is required for at least some kernel versions. bz#2142 - Patch mostly by Colin Watson. ok dtucker@ - -commit 2429cf78dd2a9741ce27ba25ac41c535274a0af6 -Author: Damien Miller -Date: Tue Mar 14 18:01:52 2017 +1100 + sort options; + + Upstream-ID: cf21d68cf54e81968bca629aaeddc87f0c684f3c - require OpenSSL >=1.0.1 +commit 530591a5795a02d01c78877d58604723918aac87 +Author: dlg@openbsd.org +Date: Tue Aug 29 09:42:29 2017 +0000 -commit e3ea335abeab731c68f2b2141bee85a4b0bf680f -Author: Damien Miller -Date: Tue Mar 14 17:48:43 2017 +1100 - - Remove macro trickery; no binary change + upstream commit - This stops the SC_ALLOW(), SC_ALLOW_ARG() and SC_DENY() macros - prepending __NR_ to the syscall number parameter and just makes - them explicit in the macro invocations. + add a -q option to ssh-add to make it quiet on success. - No binary change in stripped object file before/after. + if you want to silence ssh-add without this you generally redirect + the output to /dev/null, but that can hide error output which you + should see. + + ok djm@ + + Upstream-ID: 2f31b9b13f99dcf587e9a8ba443458e6c0d8997c -commit 5f1596e11d55539678c41f68aed358628d33d86f -Author: Damien Miller -Date: Tue Mar 14 13:15:18 2017 +1100 +commit a54eb27dd64b5eca3ba94e15cec3535124bd5029 +Author: dtucker@openbsd.org +Date: Sun Aug 27 00:38:41 2017 +0000 - support ioctls for ICA crypto card on Linux/s390 + upstream commit - Based on patch from Eduardo Barretto; ok dtucker@ + Increase the buffer sizes for user prompts to ensure that + they won't be truncated by snprintf. Based on patch from cjwatson at + debian.org via bz#2768, ok djm@ + + Upstream-ID: 6ffacf1abec8f40b469de5b94bfb29997d96af3e -commit b1b22dd0df2668b322dda174e501dccba2cf5c44 +commit dd9d9b3381a4597b840d480b043823112039327e Author: Darren Tucker -Date: Tue Mar 14 14:19:36 2017 +1100 +Date: Mon Aug 28 16:48:27 2017 +1000 - Plumb conversion test into makefile. + Switch Capsicum header to sys/capsicum.h. + + FreeBSD's was renamed to in 2014 to + avoid future conflicts with POSIX capabilities (the last release that + didn't have it was 9.3) so switch to that. Patch from des at des.no. -commit f57783f1ddfb4cdfbd612c6beb5ec01cb5b9a6b9 -Author: dtucker@openbsd.org -Date: Tue Mar 14 01:20:29 2017 +0000 +commit f5e917ab105af5dd6429348d9bc463e52b263f92 +Author: Darren Tucker +Date: Sun Aug 27 08:55:40 2017 +1000 - upstream commit + Add missing includes for bsd-err.c. - Add unit test for convtime(). + Patch from cjwatson at debian.org via bz#2767. + +commit 878e029797cfc9754771d6f6ea17f8c89e11d225 +Author: Damien Miller +Date: Fri Aug 25 13:25:01 2017 +1000 + + Split platform_sys_dir_uid into its own file - Upstream-Regress-ID: 8717bc0ca4c21120f6dd3a1d3b7a363f707c31e1 + platform.o is too heavy for libssh.a use; it calls into the server on + many platforms. Move just the function needed by misc.c into its own + file. -commit 8884b7247d094cd11ff9e39c325ba928c5bdbc6c -Author: dtucker@openbsd.org -Date: Tue Mar 14 01:10:07 2017 +0000 +commit 07949bfe9133234eddd01715592aa0dde67745f0 +Author: Damien Miller +Date: Wed Aug 23 20:13:18 2017 +1000 + + misc.c needs functions from platform.c now + +commit b074c3c3f820000a21953441cea7699c4b17d72f +Author: djm@openbsd.org +Date: Fri Aug 18 05:48:04 2017 +0000 upstream commit - Add ASSERT_LONG_* helpers. + add a "quiet" flag to exited_cleanly() that supresses + errors about exit status (failure due to signal is still reported) - Upstream-Regress-ID: fe15beaea8f5063c7f21b0660c722648e3d76431 + Upstream-ID: db85c39c3aa08e6ff67fc1fb4ffa89f807a9d2f0 -commit c6774d21185220c0ba11e8fd204bf0ad1a432071 -Author: dtucker@openbsd.org -Date: Tue Mar 14 00:55:37 2017 +0000 +commit de4ae07f12dabf8815ecede54235fce5d22e3f63 +Author: djm@openbsd.org +Date: Fri Aug 18 05:36:45 2017 +0000 upstream commit - Fix convtime() overflow test on boundary condition, - spotted by & ok djm. + Move several subprocess-related functions from various + locations to misc.c. Extend subprocess() to offer a little more control over + stdio disposition. - Upstream-ID: 51f14c507ea87a3022e63f574100613ab2ba5708 + feedback & ok dtucker@ + + Upstream-ID: 3573dd7109d13ef9bd3bed93a3deb170fbfce049 -commit f5746b40cfe6d767c8e128fe50c43274b31cd594 -Author: dtucker@openbsd.org -Date: Tue Mar 14 00:25:03 2017 +0000 +commit 643c2ad82910691b2240551ea8b14472f60b5078 +Author: djm@openbsd.org +Date: Sat Aug 12 06:46:01 2017 +0000 upstream commit - Check for integer overflow when parsing times in - convtime(). Reported by nicolas.iooss at m4x.org, ok djm@ + make "--" before the hostname terminate command-line + option processing completely; previous behaviour would not prevent further + options appearing after the hostname (ssh has a supported options after the + hostname for >20 years, so that's too late to change). - Upstream-ID: 35e6a4e98f6fa24df50bfb8ba1307cf70e966f13 - -commit f5907982f42a8d88a430b8a46752cbb7859ba979 -Author: Darren Tucker -Date: Tue Mar 14 13:38:15 2017 +1100 - - Add a "unit" target to run only unit tests. + ok deraadt@ + + Upstream-ID: ef5ee50571b98ad94dcdf8282204e877ec88ad89 -commit 9e96b41682aed793fadbea5ccd472f862179fb02 -Author: Damien Miller -Date: Tue Mar 14 12:24:47 2017 +1100 +commit 0f3455356bc284d7c6f4d3c1614d31161bd5dcc2 +Author: djm@openbsd.org +Date: Sat Aug 12 06:42:52 2017 +0000 - Fix weakness in seccomp-bpf sandbox arg inspection - - Syscall arguments are passed via an array of 64-bit values in struct - seccomp_data, but we were only inspecting the bottom 32 bits and not - even those correctly for BE systems. + upstream commit - Fortunately, the only case argument inspection was used was in the - socketcall filtering so using this for sandbox escape seems - impossible. + Switch from aes256-cbc to aes256-ctr for encrypting + new-style private keys. The latter having the advantage of being supported + for no-OpenSSL builds; bz#2754 ok markus@ - ok dtucker + Upstream-ID: 54179a2afd28f93470471030567ac40431e56909 -commit 8ff3fc3f2f7c13e8968717bc2b895ee32c441275 +commit c4972d0a9bd6f898462906b4827e09b7caea2d9b Author: djm@openbsd.org -Date: Sat Mar 11 23:44:16 2017 +0000 +Date: Fri Aug 11 04:47:12 2017 +0000 upstream commit - regress tests for loading certificates without public keys; - bz#2617 based on patch from Adam Eijdenberg; ok markus@ dtucker@ + refuse to a private keys when its corresponding .pub key + does not match. bz#2737 ok dtucker@ - Upstream-Regress-ID: 0145d19328ed995b73fe2d9da33596b17429d0d0 + Upstream-ID: 54ff5e2db00037f9db8d61690f26ef8f16e0d913 -commit 1e24552716194db8f2f620587b876158a9ef56ad +commit 4b3ecbb663c919132dddb3758e17a23089413519 Author: djm@openbsd.org -Date: Sat Mar 11 23:40:26 2017 +0000 +Date: Fri Aug 11 04:41:08 2017 +0000 upstream commit - allow ssh to use certificates accompanied by a private - key file but no corresponding plain *.pub public key. bz#2617 based on patch - from Adam Eijdenberg; ok dtucker@ markus@ + don't print verbose error message when ssh disconnects + under sftp; bz#2750; ok dtucker@ - Upstream-ID: 295668dca2c39505281577217583ddd2bd4b00b9 + Upstream-ID: 6d83708aed77b933c47cf155a87dc753ec01f370 -commit 0fb1a617a07b8df5de188dd5a0c8bf293d4bfc0e -Author: markus@openbsd.org -Date: Sat Mar 11 13:07:35 2017 +0000 +commit 42a8f8bc288ef8cac504c5c73f09ed610bc74a34 +Author: dtucker@openbsd.org +Date: Fri Aug 11 04:16:35 2017 +0000 upstream commit - Don't count the initial block twice when computing how - many bytes to discard for the work around for the attacks against CBC-mode. - ok djm@; report from Jean Paul, Kenny, Martin and Torben @ RHUL + Tweak previous keepalive commit: if last_time + keepalive + <= now instead of just "<" so client_alive_check will fire if the select + happens to return on exact second of the timeout. ok djm@ - Upstream-ID: f445f509a4e0a7ba3b9c0dae7311cb42458dc1e2 + Upstream-ID: e02756bd6038d11bb8522bfd75a4761c3a684fcc -commit ef653dd5bd5777132d9f9ee356225f9ee3379504 +commit b60ff20051ef96dfb207b6bfa45c0ad6c34a542a Author: dtucker@openbsd.org -Date: Fri Mar 10 07:18:32 2017 +0000 +Date: Fri Aug 11 03:58:36 2017 +0000 upstream commit - krl.c + Keep track of the last time we actually heard from the + client and use this to also schedule a client_alive_check(). Prevents + activity on a forwarded port from indefinitely preventing the select timeout + so that client_alive_check() will eventually (although not optimally) be + called. - Upstream-ID: fc5e695d5d107d730182e2da7b23f00b489e0ee1 + Analysis by willchan at google com via bz#2756, feedback & ok djm@ + + Upstream-ID: c08721e0bbda55c6d18e2760f3fe1b17fb71169e -commit d94c1dfef2ea30ca67b1204ada7c3b537c54f4d0 +commit 94bc1e7ffba3cbdea8c7dcdab8376bf29283128f Author: Damien Miller -Date: Sun Mar 12 10:48:14 2017 +1100 +Date: Fri Jul 28 14:50:59 2017 +1000 - sync fmt_scaled.c with OpenBSD - - revision 1.13 - date: 2017/03/11 23:37:23; author: djm; state: Exp; lines: +14 -1; commitid: jnFKyHkB3CEiEZ2R; - fix signed integer overflow in scan_scaled. Found by Nicolas Iooss - using AFL against ssh_config. ok deraadt@ millert@ - ---------------------------- - revision 1.12 - date: 2013/11/29 19:00:51; author: deraadt; state: Exp; lines: +6 -5; - fairly simple unsigned char casts for ctype - ok krw - ---------------------------- - revision 1.11 - date: 2012/11/12 14:07:20; author: halex; state: Exp; lines: +4 -2; - make scan_scaled set errno to EINVAL rather than ERANGE if it encounters - an invalid multiplier, like the man page says it should + Expose list of completed auth methods to PAM - "looks sensible" deraadt@, ok ian@ - ---------------------------- - revision 1.10 - date: 2009/06/20 15:00:04; author: martynas; state: Exp; lines: +4 -4; - use llabs instead of the home-grown version; and some comment changes - ok ian@, millert@ - ---------------------------- + bz#2408; ok dtucker@ -commit 894221a63fa061e52e414ca58d47edc5fe645968 -Author: djm@openbsd.org -Date: Fri Mar 10 05:01:13 2017 +0000 +commit c78e6eec78c88acf8d51db90ae05a3e39458603d +Author: Damien Miller +Date: Fri Jul 21 14:38:16 2017 +1000 - upstream commit + fix problems in tunnel forwarding portability code - When updating hostkeys, accept RSA keys if - HostkeyAlgorithms contains any RSA keytype. Previously, ssh could ignore RSA - keys when any of the ssh-rsa-sha2-* methods was enabled in HostkeyAlgorithms - nit ssh-rsa (SHA1 signatures) was not. bz#2650 reported by Luis Ressel; ok - dtucker@ + This fixes a few problems in the tun forwarding code, mostly to do + with host/network byte order confusion. - Upstream-ID: c5e8cfee15c42f4a05d126158a0766ea06da79d2 + Based on a report and patch by stepe AT centaurus.uberspace.de; + bz#2735; ok dtucker@ -commit dd3e2298663f4cc1a06bc69582d00dcfee27d73c -Author: djm@openbsd.org -Date: Fri Mar 10 04:24:55 2017 +0000 +commit 2985d4062ebf4204bbd373456a810d558698f9f5 +Author: dtucker@openbsd.org +Date: Tue Jul 25 09:22:25 2017 +0000 upstream commit - make hostname matching really insensitive to case; - bz#2685, reported by Petr Cerny; ok dtucker@ + Make WinSCP patterns for SSH_OLD_DHGEX more specific to + exclude WinSCP 5.10.x and up. bz#2748, from martin at winscp.net, ok djm@ - Upstream-ID: e467622ff154269e36ba8b6c9e3d105e1c4a9253 + Upstream-ID: 6fd7c32e99af3952db007aa180e73142ddbc741a -commit 77a9be9446697fe8b5499fe651f4a82a71a4b51f +commit 9f0e44e1a0439ff4646495d5735baa61138930a9 Author: djm@openbsd.org -Date: Fri Mar 10 03:52:48 2017 +0000 +Date: Mon Jul 24 04:34:28 2017 +0000 upstream commit - reword a comment to make it fit 80 columns + g/c unused variable; make a little more portable - Upstream-ID: 4ef509a66b96c7314bbcc87027c2af71fa9d0ba4 + Upstream-ID: 3f5980481551cb823c6fb2858900f93fa9217dea -commit 61b8ef6a66efaec07e023342cb94a10bdc2254dc +commit 51676ec61491ec6d7cbd06082034e29b377b3bf6 Author: djm@openbsd.org -Date: Fri Mar 10 04:27:32 2017 +0000 +Date: Sun Jul 23 23:37:02 2017 +0000 upstream commit - better match sshd config parser behaviour: fatal() if - line is overlong, increase line buffer to match sshd's; bz#2651 reported by - Don Fong; ok dtucker@ + Allow IPQoS=none in ssh/sshd to not set an explicit + ToS/DSCP value and just use the operating system default; ok dtucker@ - Upstream-ID: b175ae7e0ba403833f1ee566edf10f67443ccd18 + Upstream-ID: 77906ff8c7b660b02ba7cb1e47b17d66f54f1f7e -commit db2597207e69912f2592cd86a1de8e948a9d7ffb -Author: djm@openbsd.org -Date: Fri Mar 10 04:26:06 2017 +0000 +commit 6c1fbd5a50d8d2415f06c920dd3b1279b741072d +Author: Damien Miller +Date: Fri Jul 21 14:24:26 2017 +1000 + + mention libedit + +commit dc2bd308768386b02c7337120203ca477e67ba62 +Author: markus@openbsd.org +Date: Wed Jul 19 08:30:41 2017 +0000 upstream commit - ensure hostname is lower-case before hashing it; - bz#2591 reported by Griff Miller II; ok dtucker@ + fix support for unknown key types; ok djm@ - Upstream-ID: c3b8b93804f376bd00d859b8bcd9fc0d86b4db17 + Upstream-ID: 53fb29394ed04d616d65b3748dee5aa06b07ab48 -commit df9936936c695f85c1038bd706d62edf752aca4b +commit fd0e8fa5f89d21290b1fb5f9d110ca4f113d81d9 Author: djm@openbsd.org -Date: Fri Mar 10 04:24:55 2017 +0000 +Date: Wed Jul 19 01:15:02 2017 +0000 upstream commit - make hostname matching really insensitive to case; - bz#2685, reported by Petr Cerny; ok dtucker@ + switch from select() to poll() for the ssh-agent + mainloop; ok markus - Upstream-ID: e632b7a9bf0d0558d5ff56dab98b7cca6c3db549 + Upstream-ID: 4a94888ee67b3fd948fd10693973beb12f802448 -commit 67eed24bfa7645d88fa0b883745fccb22a0e527e +commit b1e72df2b813ecc15bd0152167bf4af5f91c36d3 Author: dtucker@openbsd.org -Date: Fri Mar 10 04:11:00 2017 +0000 +Date: Fri Jul 14 03:18:21 2017 +0000 upstream commit - Remove old null check from config dumper. Patch from - jjelen at redhat.com vi bz#2687, ok djm@ + Make ""Killed by signal 1" LogLevel verbose so it's not + shown at the default level. Prevents it from appearing during ssh -J and + equivalent ProxyCommand configs. bz#1906, bz#2744, feedback&ok markus@ - Upstream-ID: 824ab71467b78c4bab0dd1b3a38e8bc5f63dd528 + Upstream-ID: debfaa7e859b272246c2f2633335d288d2e2ae28 -commit 183ba55aaaecca0206184b854ad6155df237adbe -Author: djm@openbsd.org -Date: Fri Mar 10 04:07:20 2017 +0000 +commit 1f3d202770a08ee6752ed2a234b7ca6f180eb498 +Author: jmc@openbsd.org +Date: Thu Jul 13 19:16:33 2017 +0000 upstream commit - fix regression in 7.4 server-sig-algs, where we were - accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno - Goncalves; ok dtucker@ + man pages with pseudo synopses which list filenames end + up creating very ugly output in man -k; after some discussion with ingo, we + feel the simplest fix is to remove such SYNOPSIS sections: the info is hardly + helpful at page top, is contained already in FILES, and there are + sufficiently few that just zapping them is simple; - Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8 + ok schwarze, who also helpfully ran things through a build to check + output; + + Upstream-ID: 3e211b99457e2f4c925c5927d608e6f97431336c -commit 66be4fe8c4435af5bbc82998501a142a831f1181 -Author: dtucker@openbsd.org -Date: Fri Mar 10 03:53:11 2017 +0000 +commit 7f13a4827fb28957161de4249bd6d71954f1f2ed +Author: espie@openbsd.org +Date: Mon Jul 10 14:09:59 2017 +0000 upstream commit - Check for NULL return value from key_new. Patch from - jjelen at redhat.com via bz#2687, ok djm@ + zap redundant Makefile variables. okay djm@ - Upstream-ID: 059e33cd43cba88dc8caf0b1936fd4dd88fd5b8e + Upstream-ID: e39b3902fe1d6c4a7ba6a3c58e072219f3c1e604 -commit ec2892b5c7fea199914cb3a6afb3af38f84990bf -Author: djm@openbsd.org -Date: Fri Mar 10 03:52:48 2017 +0000 +commit dc44dd3a9e2c9795394e6a7e1e71c929cbc70ce0 +Author: jmc@openbsd.org +Date: Sat Jul 8 18:32:54 2017 +0000 upstream commit - reword a comment to make it fit 80 columns + slightly rework previous, to avoid an article issue; - Upstream-ID: b4b48b4487c0821d16e812c40c9b09f03b28e349 + Upstream-ID: 15a315f0460ddd3d4e2ade1f16d6c640a8c41b30 -commit 7fadbb6da3f4122de689165651eb39985e1cba85 -Author: dtucker@openbsd.org -Date: Fri Mar 10 03:48:57 2017 +0000 +commit 853edbe057a84ebd0024c8003e4da21bf2b469f7 +Author: djm@openbsd.org +Date: Fri Jul 7 03:53:12 2017 +0000 upstream commit - Check for NULL argument to sshkey_read. Patch from - jjelen at redhat.com via bz#2687, ok djm@ + When generating all hostkeys (ssh-keygen -A), clobber + existing keys if they exist but are zero length. zero-length keys could + previously be made if ssh-keygen failed part way through generating them, so + avoid that case too. bz#2561 reported by Krzysztof Cieplucha; ok dtucker@ - Upstream-ID: c2d00c2ea50c4861d271d0a586f925cc64a87e0e + Upstream-ID: f662201c28ab8e1f086b5d43c59cddab5ade4044 -commit 5a06b9e019e2b0b0f65a223422935b66f3749de3 -Author: dtucker@openbsd.org -Date: Fri Mar 10 03:45:40 2017 +0000 +commit 43616876ba68a2ffaece6a6c792def4b039f2d6e +Author: djm@openbsd.org +Date: Sat Jul 1 22:55:44 2017 +0000 upstream commit - Plug some mem leaks mostly on error paths. From jjelen - at redhat.com via bz#2687, ok djm@ + actually remove these files - Upstream-ID: 3fb030149598957a51b7c8beb32bf92cf30c96f2 + Upstream-ID: 1bd41cba06a7752de4df304305a8153ebfb6b0ac -commit f6edbe9febff8121f26835996b1229b5064d31b7 -Author: dtucker@openbsd.org -Date: Fri Mar 10 03:24:48 2017 +0000 +commit 83fa3a044891887369ce8b487ce88d713a04df48 +Author: djm@openbsd.org +Date: Sat Jul 1 13:50:45 2017 +0000 upstream commit - Plug mem leak on GLOB_NOMATCH case. From jjelen at - redhat.com via bz#2687, ok djm@ + remove post-SSHv1 removal dead code from rsa.c and merge + the remaining bit that it still used into ssh-rsa.c; ok markus - Upstream-ID: 8016a7ae97719d3aa55fb723fc2ad3200058340d + Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f -commit 566b3a46e89a2fda2db46f04f2639e92da64a120 +commit 738c73dca2c99ee78c531b4cbeefc2008fe438f0 +Author: Damien Miller +Date: Fri Jul 14 14:26:36 2017 +1000 + + make explicit_bzero/memset safe for sz=0 + +commit 8433d51e067e0829f5521c0c646b6fd3fe17e732 +Author: Tim Rice +Date: Tue Jul 11 18:47:56 2017 -0700 + + modified: configure.ac + UnixWare needs BROKEN_TCGETATTR_ICANON like Solaris + Analysis by Robbie Zhang + +commit ff3507aea9c7d30cd098e7801e156c68faff7cc7 +Author: Damien Miller +Date: Fri Jul 7 11:21:27 2017 +1000 + + typo + +commit d79bceb9311a9c137d268f5bc481705db4151810 Author: dtucker@openbsd.org -Date: Fri Mar 10 03:22:40 2017 +0000 +Date: Fri Jun 30 04:17:23 2017 +0000 upstream commit - Plug descriptor leaks of auth_sock. From jjelen at - redhat.com via bz#2687, ok djm@ + Only call close once in confree(). ssh_packet_close will + close the FD so only explicitly close non-SSH channels. bz#2734, from + bagajjal at microsoft.com, ok djm@ - Upstream-ID: 248acb99a5ed2fdca37d1aa33c0fcee7be286d88 + Upstream-ID: a81ce0c8b023527167739fccf1732b154718ab02 -commit 8a2834454c73dfc1eb96453c0e97690595f3f4c2 +commit 197dc9728f062e23ce374f44c95a2b5f9ffa4075 +Author: Darren Tucker +Date: Thu Jun 29 15:40:25 2017 +1000 + + Update link for my patches. + +commit a98339edbc1fc21342a390f345179a9c3031bef7 Author: djm@openbsd.org -Date: Fri Mar 10 03:18:24 2017 +0000 +Date: Wed Jun 28 01:09:22 2017 +0000 upstream commit - correctly hash hosts with a port number. Reported by Josh - Powers in bz#2692; ok dtucker@ + Allow ssh-keygen to use a key held in ssh-agent as a CA when + signing certificates. bz#2377 ok markus - Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442 + Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f -commit 9747b9c742de409633d4753bf1a752cbd211e2d3 +commit c9cdef35524bd59007e17d5bd2502dade69e2dfb Author: djm@openbsd.org -Date: Fri Mar 10 03:15:58 2017 +0000 +Date: Sat Jun 24 06:35:24 2017 +0000 upstream commit - don't truncate off \r\n from long stderr lines; bz#2688, - reported by Brian Dyson; ok dtucker@ + regress test for ExposeAuthInfo - Upstream-ID: cdfdc4ba90639af807397ce996153c88af046ca4 + Upstream-Regress-ID: 190e5b6866376f4061c411ab157ca4d4e7ae86fd -commit 4a4b75adac862029a1064577eb5af299b1580cdd -Author: dtucker@openbsd.org -Date: Fri Mar 10 02:59:51 2017 +0000 +commit f17ee61cad25d210edab69d04ed447ad55fe80c1 +Author: djm@openbsd.org +Date: Sat Jun 24 07:08:57 2017 +0000 upstream commit - Validate digest arg in ssh_digest_final; from jjelen at - redhat.com via bz#2687, ok djm@ + correct env var name - Upstream-ID: dbe5494dfddfe523fab341a3dab5a79e7338f878 + Upstream-ID: 721e761c2b1d6a4dcf700179f16fd53a1dadb313 -commit bee0167be2340d8de4bdc1ab1064ec957c85a447 -Author: Darren Tucker -Date: Fri Mar 10 13:40:18 2017 +1100 +commit 40962198e3b132cecdb32e9350acd4294e6a1082 +Author: jmc@openbsd.org +Date: Sat Jun 24 06:57:04 2017 +0000 - Check for NULL from malloc. + upstream commit - Part of bz#2687, from jjelen at redhat.com. - -commit da39b09d43b137a5a3d071b51589e3efb3701238 -Author: Darren Tucker -Date: Fri Mar 10 13:22:32 2017 +1100 - - If OSX is using launchd, remove screen no. + spelling; - Check for socket with and without screen number. From Apple and Jakob - Schlyter via bz#2341, with contributions from Ron Frederick, ok djm@ + Upstream-ID: 606f933c8e2d0be902ea663946bc15e3eee40b25 -commit 8fb15311a011517eb2394bb95a467c209b8b336c +commit 33f86265d7e8a0e88d3a81745d746efbdd397370 Author: djm@openbsd.org -Date: Wed Mar 8 12:07:47 2017 +0000 +Date: Sat Jun 24 06:38:11 2017 +0000 upstream commit - quote [host]:port in generated ProxyJump commandline; the - [ / ] characters can confuse some shells (e.g. zsh). Reported by Lauri - Tirkkonen via bugs@ + don't pass pointer to struct sshcipher between privsep + processes, just redo the lookup in each using the already-passed cipher name. + bz#2704 based on patch from Brooks Davis; ok markus dtucker - Upstream-ID: 65cdd161460e1351c3d778e974c1c2a4fa4bc182 + Upstream-ID: 2eab434c09bdf549dafd7da3e32a0d2d540adbe0 -commit 18501151cf272a15b5f2c5e777f2e0933633c513 -Author: dtucker@openbsd.org -Date: Mon Mar 6 02:03:20 2017 +0000 +commit 8f574959272ac7fe9239c4f5d10fd913f8920ab0 +Author: djm@openbsd.org +Date: Sat Jun 24 06:34:38 2017 +0000 upstream commit - Check l->hosts before dereferencing; fixes potential null - pointer deref. ok djm@ + refactor authentication logging - Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301 + optionally record successful auth methods and public credentials + used in a file accessible to user sessions + + feedback and ok markus@ + + Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb -commit d072370793f1a20f01ad827ba8fcd3b8f2c46165 -Author: dtucker@openbsd.org -Date: Mon Mar 6 00:44:51 2017 +0000 +commit e2004d4bb7eb01c663dd3a3e7eb224f1ccdc9bba +Author: jmc@openbsd.org +Date: Sat Jun 24 06:28:50 2017 +0000 upstream commit - linenum is unsigned long so use %lu in log formats. ok - deraadt@ + word fix; - Upstream-ID: 9dc582d9bb887ebe0164e030d619fc20b1a4ea08 + Upstream-ID: 8539bdaf2366603a34a9b2f034527ca13bb795c5 -commit 12d3767ba4c84c32150cbe6ff6494498780f12c9 +commit 4540428cd0adf039bcf5a8a27f2d5cdf09191513 Author: djm@openbsd.org -Date: Fri Mar 3 06:13:11 2017 +0000 +Date: Sat Jun 24 05:37:44 2017 +0000 upstream commit - fix ssh-keygen -H accidentally corrupting known_hosts that - contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by - hostkeys_foreach() when hostname matching is in use, so we need to look for - the hash marker explicitly. + switch sshconnect.c from (slightly abused) select() to + poll(); ok deraadt@ a while back - Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528 + Upstream-ID: efc1937fc591bbe70ac9e9542bb984f354c8c175 -commit d7abb771bd5a941b26144ba400a34563a1afa589 +commit 6f8ca3b92540fa1a9b91670edc98d15448e3d765 Author: djm@openbsd.org -Date: Tue Feb 28 06:10:08 2017 +0000 - - upstream commit - - small memleak: free fd_set on connection timeout (though - we are heading to exit anyway). From Tom Rix in bz#2683 - - Upstream-ID: 10e3dadbb8199845b66581473711642d9e6741c4 - -commit 78142e3ab3887e53a968d6e199bcb18daaf2436e -Author: jmc@openbsd.org -Date: Mon Feb 27 14:30:33 2017 +0000 +Date: Sat Jun 24 05:35:05 2017 +0000 upstream commit - errant dot; from klemens nanni + use HostKeyAlias if specified instead of hostname for + matching host certificate principal names; bz#2728; ok dtucker@ - Upstream-ID: 83d93366a5acf47047298c5d3ebc5e7426f37921 + Upstream-ID: dc2e11c83ae9201bbe74872a0c895ae9725536dd -commit 8071a6924c12bb51406a9a64a4b2892675112c87 +commit 8904ffce057b80a7472955f1ec00d7d5c250076c Author: djm@openbsd.org -Date: Fri Feb 24 03:16:34 2017 +0000 +Date: Sat Jun 24 05:24:11 2017 +0000 upstream commit - might as well set the listener socket CLOEXEC + no need to call log_init to reinitialise logged PID in + child sessions, since we haven't called openlog() in log_init() since 1999; + ok markus@ - Upstream-ID: 9c538433d6a0ca79f5f21decc5620e46fb68ab57 + Upstream-ID: 0906e4002af5d83d3d544df75e1187c932a3cf2e -commit d5499190559ebe374bcdfa8805408646ceffad64 -Author: djm@openbsd.org -Date: Sun Feb 19 00:11:29 2017 +0000 +commit e238645d789cd7eb47541b66aea2a887ea122c9b +Author: mestre@openbsd.org +Date: Fri Jun 23 07:24:48 2017 +0000 upstream commit - add test cases for C locale; ok schwarze@ - - Upstream-Regress-ID: 783d75de35fbc923d46e2a5e6cee30f8f381ba87 - -commit 011c8ffbb0275281a0cf330054cf21be10c43e37 -Author: djm@openbsd.org -Date: Sun Feb 19 00:10:57 2017 +0000 - - upstream commit + When using the escape sequence &~ the code path is + client_loop() -> client_simple_escape_filter() -> process_escapes() -> fork() + and the pledge for this path lacks the proc promise and therefore aborts the + process. The solution is to just add proc the promise to this specific + pledge. - Add a common nl_langinfo(CODESET) alias for US-ASCII - "ANSI_X3.4-1968" that is used by Linux. Fixes mprintf output truncation for - non-UTF-8 locales on Linux spotted by dtucker@; ok deraadt@ schwarze@ + Reported by Gregoire Jadi gjadi ! omecha.info + Insight with tb@, OK jca@ - Upstream-ID: c6808956ebffd64066f9075d839f74ff0dd60719 + Upstream-ID: 63c05e30c28209519f476023b65b0b1b0387a05b -commit 0c4430a19b73058a569573492f55e4c9eeaae67b +commit 5abbb31c4e7a6caa922cc1cbb14e87a77f9d19d3 Author: dtucker@openbsd.org -Date: Tue Feb 7 23:03:11 2017 +0000 +Date: Fri Jun 23 03:30:42 2017 +0000 upstream commit - Remove deprecated SSH1 options RSAAuthentication and - RhostsRSAAuthentication from regression test sshd_config. + Import regenerated moduli. - Upstream-Regress-ID: 8066b753d9dce7cf02ff87af5c727ff680d99491 + Upstream-ID: b25bf747544265b39af74fe0716dc8d9f5b63b95 -commit 3baa4cdd197c95d972ec3d07f1c0d08f2d7d9199 +commit 849c5468b6d9b4365784c5dd88e3f1fb568ba38f Author: dtucker@openbsd.org -Date: Fri Feb 17 02:32:05 2017 +0000 +Date: Fri Jun 23 03:25:53 2017 +0000 upstream commit - Do not show rsa1 key type in usage when compiled without - SSH1 support. + Run the screen twice so we end up with more candidate + groups. ok djm@ - Upstream-ID: 068b5c41357a02f319957746fa4e84ea73960f57 + Upstream-ID: b92c93266d8234d493857bb822260dacf4366157 -commit ecc35893715f969e98fee118481f404772de4132 +commit 4626e39c7053c6486c1c8b708ec757e464623f5f Author: dtucker@openbsd.org -Date: Fri Feb 17 02:31:14 2017 +0000 +Date: Wed Jun 14 00:31:38 2017 +0000 upstream commit - ifdef out "rsa1" from the list of supported keytypes when - compiled without SSH1 support. Found by kdunlop at guralp.com, ok djm@ + Add user@host prefix to client's "Permisison denied" + messages, useful in particular when using "stacked" connections where it's + not clear which host is denying. bz#2720, ok djm@ markus@ - Upstream-ID: cea93a26433d235bb1d64b1d990f19a9c160a70f + Upstream-ID: de88e1e9dcb050c98e85377482d1287a9fe0d2be -commit 10577c6d96a55b877a960b2d0b75edef1b9945af +commit c948030d54911b2d3cddb96a7a8e9269e15d11cd Author: djm@openbsd.org -Date: Fri Feb 17 02:04:15 2017 +0000 - - upstream commit - - For ProxyJump/-J, surround host name with brackets to - allow literal IPv6 addresses. From Dick Visser; ok dtucker@ - - Upstream-ID: 3a5d3b0171250daf6a5235e91bce09c1d5746bf1 - -commit b2afdaf1b52231aa23d2153f4a8c5a60a694dda4 -Author: jsg@openbsd.org -Date: Wed Feb 15 23:38:31 2017 +0000 +Date: Tue Jun 13 12:13:59 2017 +0000 upstream commit - Fix memory leaks in match_filter_list() error paths. + Do not require that unknown EXT_INFO extension values not + contain \0 characters. This would cause fatal connection errors if an + implementation sent e.g. string-encoded sub-values inside a value. - ok dtucker@ markus@ + Reported by Denis Bider; ok markus@ - Upstream-ID: c7f96ac0877f6dc9188bbc908100a8d246cc7f0e + Upstream-ID: 030e10fdc605563c040244c4b4f1d8ae75811a5c -commit 6d5a41b38b55258213ecfaae9df7a758caa752a1 +commit 6026f48dfca78b713e4a7f681ffa42a0afe0929e Author: djm@openbsd.org -Date: Wed Feb 15 01:46:47 2017 +0000 +Date: Tue Jun 13 11:22:15 2017 +0000 upstream commit - fix division by zero crash in "df" output when server - returns zero total filesystem blocks/inodes. Spotted by Guido Vranken; ok - dtucker@ + missing prototype. - Upstream-ID: 6fb6c2ae6b289aa07b6232dbc0be54682ef5419f + Upstream-ID: f443d2be9910fd2165a0667956d03343c46f66c9 -commit bd5d7d239525d595ecea92765334af33a45d9d63 -Author: Darren Tucker -Date: Sun Feb 12 15:45:15 2017 +1100 +commit bcd1485075aa72ba9418003f5cc27af2b049c51b +Author: Damien Miller +Date: Sat Jun 10 23:41:25 2017 +1000 - ifdef out EVP_R_PRIVATE_KEY_DECODE_ERROR + portability for sftp globbed ls sort by mtime - EVP_R_PRIVATE_KEY_DECODE_ERROR was added in OpenSSL 1.0.0 so ifdef out - for the benefit of OpenSSL versions prior to that. + Include replacement timespeccmp() for systems that lack it. + Support time_t struct stat->st_mtime in addition to + timespec stat->st_mtim, as well as unsorted fallback. -commit 155d540d00ff55f063421ec182ec8ff2b7ab6cbe +commit 072e172f1d302d2a2c6043ecbfb4004406717b96 Author: djm@openbsd.org -Date: Fri Feb 10 04:34:50 2017 +0000 +Date: Sat Jun 10 06:36:46 2017 +0000 upstream commit - bring back r1.34 that was backed out for problems loading - public keys: - - translate OpenSSL error codes to something more - meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@ - - with additional fix from Jakub Jelen to solve the backout. - bz#2525 bz#2523 re-ok dtucker@ + print '?' instead of incorrect link count (that the + protocol doesn't provide) for remote listings. bz#2710 ok dtucker@ - Upstream-ID: a9d5bc0306f4473d9b4f4484f880e95f3c1cc031 + Upstream-ID: c611f98a66302cea452ef10f13fff8cf0385242e -commit a287c5ad1e0bf9811c7b9221979b969255076019 +commit 72be5b2f8e7dc37235e8c4b8d0bc7b5ee1301505 Author: djm@openbsd.org -Date: Fri Feb 10 03:36:40 2017 +0000 +Date: Sat Jun 10 06:33:34 2017 +0000 upstream commit - Sanitise escape sequences in key comments sent to printf - but preserve valid UTF-8 when the locale supports it; bz#2520 ok dtucker@ + implement sorting for globbed ls; bz#2649 ok dtucker@ - Upstream-ID: e8eed28712ba7b22d49be534237eed019875bd1e + Upstream-ID: ed3110f351cc9703411bf847ba864041fb7216a8 -commit e40269be388972848aafcca7060111c70aab5b87 -Author: millert@openbsd.org -Date: Wed Feb 8 20:32:43 2017 +0000 +commit 5b2f34a74aa6a524cd57e856b23e1b7b25007721 +Author: djm@openbsd.org +Date: Fri Jun 9 06:47:13 2017 +0000 upstream commit - Avoid printf %s NULL. From semarie@, OK djm@ + return failure rather than fatal() for more cases during + mux negotiations. Causes the session to fall back to a non-mux connection if + they occur. bz#2707 ok dtucker@ - Upstream-ID: 06beef7344da0208efa9275d504d60d2a5b9266c + Upstream-ID: d2a7892f464d434e1f615334a1c9d0cdb83b29ab -commit 5b90709ab8704dafdb31e5651073b259d98352bc +commit 7f5637c4a67a49ef256cb4eedf14e8590ac30976 Author: djm@openbsd.org -Date: Mon Feb 6 09:22:51 2017 +0000 +Date: Fri Jun 9 06:43:01 2017 +0000 upstream commit - Restore \r\n newline sequence for server ident string. The CR - got lost in the flensing of SSHv1. Pointed out by Stef Bon + in description of public key authentication, mention that + the server will send debug messages to the client for some error conditions + after authentication has completed. bz#2709 ok dtucker - Upstream-ID: 5333fd43ce5396bf5999496096fac5536e678fac + Upstream-ID: 750127dbd58c5a2672c2d28bc35fe221fcc8d1dd -commit 97c31c46ee2e6b46dfffdfc4f90bbbf188064cbc +commit 2076e4adb986512ce8c415dd194fd4e52136c4b4 Author: djm@openbsd.org -Date: Fri Feb 3 23:01:42 2017 +0000 +Date: Fri Jun 9 06:40:24 2017 +0000 upstream commit - unit test for match_filter_list() function; still want a - better name for this... + better translate libcrypto errors by looking deeper in + the accursed error stack for codes that indicate the wrong passphrase was + supplied for a PEM key. bz#2699 ok dtucker@ - Upstream-Regress-ID: 840ad6118552c35111f0a897af9c8d93ab8de92a + Upstream-ID: 4da4286326d570f4f0489459bb71f6297e54b681 -commit f1a193464a7b77646f0d0cedc929068e4a413ab4 -Author: djm@openbsd.org -Date: Fri Feb 3 23:05:57 2017 +0000 +commit ad0531614cbe8ec424af3c0fa90c34a8e1ebee4c +Author: dtucker@openbsd.org +Date: Fri Jun 9 04:40:04 2017 +0000 upstream commit - use ssh_packet_set_log_preamble() to include connection - username in packet log messages, e.g. - - Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth] + Add comments referring to the relevant RFC sections for + rekeying behaviour. - ok markus@ bz#113 + Upstream-ID: 6fc8e82485757a27633f9175ad00468f49a07d40 + +commit ce9134260b9b1247e2385a1afed00c26112ba479 +Author: Damien Miller +Date: Fri Jun 9 14:43:47 2017 +1000 + + drop two more privileges in the Solaris sandbox - Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15 + Drop PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO. + Patch from huieying.lee AT oracle.com via bz#2723 -commit 07edd7e9537ab32aa52abb5fb2a915c350fcf441 +commit e0f609c8a2ab940374689ab8c854199c3c285a76 +Author: Darren Tucker +Date: Fri Jun 9 13:36:29 2017 +1000 + + Wrap stdint.h include in #ifdef. + +commit 1de5e47a85850526a4fdaf77185134046c050f75 Author: djm@openbsd.org -Date: Fri Feb 3 23:03:33 2017 +0000 +Date: Wed Jun 7 01:48:15 2017 +0000 upstream commit - add ssh_packet_set_log_preamble() to allow inclusion of a - preamble string in disconnect messages; ok markus@ + unbreak after sshv1 purge - Upstream-ID: 34cb41182cd76d414c214ccb01c01707849afead + Upstream-Regress-ID: 8ea01a92d5f571b9fba88c1463a4254a7552d51b -commit 68bc8cfa7642d3ccbf2cd64281c16b8b9205be59 -Author: djm@openbsd.org -Date: Fri Feb 3 23:01:19 2017 +0000 +commit 550c053168123fcc0791f9952abad684704b5760 +Author: dtucker@openbsd.org +Date: Tue Jun 6 09:12:17 2017 +0000 upstream commit - support =- for removing methods from algorithms lists, - e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like - it" markus@ + Fix compression output stats broken in rev 1.201. Patch + originally by Russell Coker via Debian bug #797964 and Christoph Biedl. ok + djm@ - Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d + Upstream-ID: 83a1903b95ec2e4ed100703debb4b4a313b01016 -commit c924b2ef941028a1f31e6e94f54dfeeeef462a4e +commit 55d06c6e72a9abf1c06a7ac2749ba733134a1f39 Author: djm@openbsd.org -Date: Fri Feb 3 05:05:56 2017 +0000 +Date: Fri Jun 2 06:06:10 2017 +0000 upstream commit - allow form-feed characters at EOL; bz#2431 ok dtucker@ + rationalise the long list of manual CDIAGFLAGS that we + add; most of these were redundant to -Wall -Wextra - Upstream-ID: 1f453afaba6da2ae69d6afdf1ae79a917552f1a2 + Upstream-ID: ea80f445e819719ccdcb237022cacfac990fdc5c -commit 523db8540b720c4d21ab0ff6f928476c70c38aab -Author: Damien Miller -Date: Fri Feb 3 16:01:22 2017 +1100 +commit 1527d9f61e6d50f6c2b4a3fa5b45829034b1b0b1 +Author: djm@openbsd.org +Date: Thu Jun 1 06:59:21 2017 +0000 - prefer to use ldns-config to find libldns + upstream commit - Should fix bz#2603 - "Build with ldns and without kerberos support - fails if ldns compiled with kerberos support" by including correct - cflags/libs + no need to bzero allocated space now that we use use + recallocarray; ok deraadt@ - ok dtucker@ + Upstream-ID: 53333c62ccf97de60b8cb570608c1ba5ca5803c8 -commit c998bf0afa1a01257a53793eba57941182e9e0b7 -Author: dtucker@openbsd.org -Date: Fri Feb 3 02:56:00 2017 +0000 +commit cc812baf39b93d5355565da98648d8c31f955990 +Author: djm@openbsd.org +Date: Thu Jun 1 06:58:25 2017 +0000 upstream commit - Make ssh_packet_set_rekey_limits take u32 for the number of - seconds until rekeying (negative values are rejected at config parse time). - This allows the removal of some casts and a signed vs unsigned comparison - warning. - - rekey_time is cast to int64 for the comparison which is a no-op - on OpenBSD, but should also do the right thing in -portable on - anything still using 32bit time_t (until the system time actually - wraps, anyway). - - some early guidance deraadt@, ok djm@ + unconditionally zero init size of buffer; ok markus@ + deraadt@ - Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c + Upstream-ID: 218963e846d8f26763ba25afe79294547b99da29 -commit 3ec5fa4ba97d4c4853620daea26a33b9f1fe3422 -Author: jsg@openbsd.org -Date: Thu Feb 2 10:54:25 2017 +0000 +commit 65eb8fae0d7ba45ef4483a3cf0ae7fd0dbc7c226 +Author: Damien Miller +Date: Thu Jun 1 16:25:09 2017 +1000 + + avoid compiler warning + +commit 2d75d74272dc2a0521fce13cfe6388800c9a2406 +Author: djm@openbsd.org +Date: Thu Jun 1 06:16:43 2017 +0000 upstream commit - In vasnmprintf() return an error if malloc fails and - don't set a function argument to the address of free'd memory. + some warnings spotted by clang; ok markus@ - ok djm@ + Upstream-ID: 24381d68ca249c5cee4388ceb0f383fa5b43991b + +commit 151c6e433a5f5af761c78de87d7b5d30a453cf5e +Author: Damien Miller +Date: Thu Jun 1 15:25:13 2017 +1000 + + add recallocarray replacement and dependency - Upstream-ID: 1efffffff2f51d53c9141f245b90ac23d33b9779 + recallocarray() needs getpagesize() so add a tiny replacement for that. -commit 858252fb1d451ebb0969cf9749116c8f0ee42753 -Author: dtucker@openbsd.org -Date: Wed Feb 1 02:59:09 2017 +0000 +commit 01e6f78924da308447e71e9a32c8a6104ef4e888 +Author: Damien Miller +Date: Thu Jun 1 15:16:24 2017 +1000 + + add *.0 manpage droppings + +commit 4b2e2d3fd9dccff357e1e26ce9a5f2e103837a36 +Author: djm@openbsd.org +Date: Thu Jun 1 04:51:58 2017 +0000 upstream commit - Return true reason for port forwarding failures where - feasible rather than always "administratively prohibited". bz#2674, ok djm@ + fix casts re constness - Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419 + Upstream-ID: e38f2bac162b37dbaf784d349c8327a6626fa266 -commit 6ba9f893838489add6ec4213c7a997b425e4a9e0 -Author: dtucker@openbsd.org -Date: Mon Jan 30 23:27:39 2017 +0000 +commit 75b8af8de805c0694b37fcf80ce82783b2acc86f +Author: markus@openbsd.org +Date: Wed May 31 10:54:00 2017 +0000 upstream commit - Small correction to the known_hosts section on when it is - updated. Patch from lkppo at free.fr some time ago, pointed out by smallm at - sdf.org + make sure we don't pass a NULL string to vfprintf + (triggered by the principals-command regress test); ok bluhm - Upstream-ID: 1834d7af179dea1a12ad2137f84566664af225d5 + Upstream-ID: eb49854f274ab37a0b57056a6af379a0b7111990 -commit c61d5ec3c11e7ff9779b6127421d9f166cf10915 -Author: Darren Tucker -Date: Fri Feb 3 14:10:34 2017 +1100 +commit 84008608c9ee944d9f72f5100f31ccff743b10f2 +Author: markus@openbsd.org +Date: Wed May 31 10:04:29 2017 +0000 - Remove _XOPEN_SOURCE from wide char detection. + upstream commit - Having _XOPEN_SOURCE unconditionally causes problems on some platforms - and configurations, notably Solaris 64-bit binaries. It was there for - the benefit of Linux put the required bits in the *-*linux* section. + use SO_ZEROIZE for privsep communication (if available) - Patch from yvoinov at gmail.com. + Upstream-ID: abcbb6d2f8039fc4367a6a78096e5d5c39de4a62 -commit f25ee13b3e81fd80efeb871dc150fe49d7fc8afd -Author: djm@openbsd.org -Date: Mon Jan 30 05:22:14 2017 +0000 +commit 9e509d4ec97cb3d71696f1a2f1fdad254cbbce11 +Author: deraadt@openbsd.org +Date: Wed May 31 09:15:42 2017 +0000 upstream commit - fully unbreak: some $SSH invocations did not have -F - specified and could pick up the ~/.ssh/config of the user running the tests + Switch to recallocarray() for a few operations. Both + growth and shrinkage are handled safely, and there also is no need for + preallocation dances. Future changes in this area will be less error prone. + Review and one bug found by markus - Upstream-Regress-ID: f362d1892c0d3e66212d5d3fc02d915c58ef6b89 + Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065 -commit 6956e21fb26652887475fe77ea40d2efcf25908b -Author: djm@openbsd.org -Date: Mon Jan 30 04:54:07 2017 +0000 +commit dc5dc45662773c0f7745c29cf77ae2d52723e55e +Author: deraadt@openbsd.org +Date: Wed May 31 08:58:52 2017 +0000 upstream commit - partially unbreak: was not specifying hostname on some - $SSH invocations + These shutdown() SHUT_RDWR are not needed before close() + ok djm markus claudio - Upstream-Regress-ID: bc8a5e98e57bad0a92ef4f34ed91c1d18294e2cc + Upstream-ID: 36f13ae4ba10f5618cb9347933101eb4a98dbcb5 -commit 52763dd3fe0a4678dafdf7aeb32286e514130afc -Author: djm@openbsd.org -Date: Mon Jan 30 01:03:00 2017 +0000 +commit 1e0cdf8efb745d0d1116e1aa22bdc99ee731695e +Author: markus@openbsd.org +Date: Wed May 31 08:09:45 2017 +0000 upstream commit - revise keys/principals command hang fix (bz#2655) to - consume entire output, avoiding sending SIGPIPE to subprocesses early; ok - dtucker@ + clear session keys from memory; ok djm@ - Upstream-ID: 7cb04b31a61f8c78c4e48ceededcd2fd5c4ee1bc + Upstream-ID: ecd178819868975affd5fd6637458b7c712b6a0f -commit 381a2615a154a82c4c53b787f4a564ef894fe9ac -Author: djm@openbsd.org -Date: Mon Jan 30 00:38:50 2017 +0000 +commit 92e9fe633130376a95dd533df6e5e6a578c1e6b8 +Author: markus@openbsd.org +Date: Wed May 31 07:00:13 2017 +0000 upstream commit - small cleanup post SSHv1 removal: - - remove SSHv1-isms in commented examples - - reorder token table to group deprecated and compile-time conditional tokens - better - - fix config dumping code for some compile-time conditional options that - weren't being correctly skipped (SSHv1 and PKCS#11) + remove now obsolete ctx from ssh_dispatch_run; ok djm@ - Upstream-ID: f2e96b3cb3158d857c5a91ad2e15925df3060105 + Upstream-ID: 9870aabf7f4d71660c31fda91b942b19a8e68d29 -commit 4833d01591b7eb049489d9558b65f5553387ed43 -Author: djm@openbsd.org -Date: Mon Jan 30 00:34:01 2017 +0000 +commit 17ad5b346043c5bbc5befa864d0dbeb76be39390 +Author: markus@openbsd.org +Date: Wed May 31 05:34:14 2017 +0000 upstream commit - some explicit NULL tests when dumping configured - forwardings; from Karsten Weiss + use the ssh_dispatch_run_fatal variant - Upstream-ID: 40957b8dea69672b0e50df6b4a91a94e3e37f72d + Upstream-ID: 28c5b364e37c755d1b22652b8cd6735a05c625d8 -commit 326e2fae9f2e3e067b5651365eba86b35ee5a6b2 +commit 39896b777320a6574dd06707aebac5fb98e666da Author: djm@openbsd.org -Date: Mon Jan 30 00:32:28 2017 +0000 +Date: Wed May 31 05:08:46 2017 +0000 upstream commit - misplaced braces in test; from Karsten Weiss + another ctx => ssh conversion (in GSSAPI code) - Upstream-ID: f7b794074d3aae8e35b69a91d211c599c94afaae + Upstream-ID: 4d6574c3948075c60608d8e045af42fe5b5d8ae0 -commit 3e032a95e46bfaea9f9e857678ac8fa5f63997fb +commit 6116bd4ed354a71a733c8fd0f0467ce612f12911 +Author: Damien Miller +Date: Wed May 31 14:56:07 2017 +1000 + + fix conversion of kexc25519s.c to struct ssh too + + git cvsimport missed this commit for some reason + +commit d40dbdc85b6fb2fd78485ba02225511b8cbf20d7 Author: djm@openbsd.org -Date: Mon Jan 30 00:32:03 2017 +0000 +Date: Wed May 31 04:29:44 2017 +0000 upstream commit - don't dereference authctxt before testing != NULL, it - causes compilers to make assumptions; from Karsten Weiss + spell out that custom options/extensions should follow the + usual SSH naming rules, e.g. "extension@example.com" - Upstream-ID: 794243aad1e976ebc717885b7a97a25e00c031b2 + Upstream-ID: ab326666d2fad40769ec96b5a6de4015ffd97b8d -commit 01cfaa2b1cfb84f3cdd32d1bf82b120a8d30e057 +commit 2a108277f976e8d0955c8b29d1dfde04dcbb3d5b Author: djm@openbsd.org -Date: Fri Jan 6 02:51:16 2017 +0000 +Date: Wed May 31 04:17:12 2017 +0000 upstream commit - use correct ssh-add program; bz#2654, from Colin Watson + one more void *ctx => struct ssh *ssh conversion - Upstream-Regress-ID: 7042a36e1bdaec6562f6e57e9d047efe9c7a6030 + Upstream-ID: d299d043471c10214cf52c03daa10f1c232759e2 -commit e5c7ec67cdc42ae2584085e0fc5cc5ee91133cf5 -Author: dtucker@openbsd.org -Date: Fri Jan 6 02:26:10 2017 +0000 +commit c04e979503e97f52b750d3b98caa6fe004ab2ab9 +Author: djm@openbsd.org +Date: Wed May 31 00:43:04 2017 +0000 upstream commit - Account for timeouts in the integrity tests as failures. - - If the first test in a series for a given MAC happens to modify the low - bytes of a packet length, then ssh will time out and this will be - interpreted as a test failure. Patch from cjwatson at debian.org via - bz#2658. + fix possible OOB strlen() in SOCKS4A hostname parsing; + ok markus@ - Upstream-Regress-ID: e7467613b0badedaa300bc6fc7495ec2f44e2fb9 + Upstream-ID: c67297cbeb0e5a19d81752aa18ec44d31270cd11 -commit dbaf599b61bd6e0f8469363a8c8e7f633b334018 -Author: dtucker@openbsd.org -Date: Fri Jan 6 02:09:25 2017 +0000 +commit a3bb250c93bfe556838c46ed965066afce61cffa +Author: jmc@openbsd.org +Date: Tue May 30 19:38:17 2017 +0000 upstream commit - Make forwarding test less racy by using unix domain - sockets instead of TCP ports where possible. Patch from cjwatson at - debian.org via bz#2659. + tweak previous; - Upstream-Regress-ID: 4756375aac5916ef9d25452a1c1d5fa9e90299a9 + Upstream-ID: 66987651046c42d142f7318c9695fb81a6d14031 -commit 9390b0031ebd6eb5488d3bc4d4333c528dffc0a6 -Author: dtucker@openbsd.org -Date: Sun Jan 29 21:35:23 2017 +0000 +commit 1112b534a6a7a07190e497e6bf86b0d5c5fb02dc +Author: bluhm@openbsd.org +Date: Tue May 30 18:58:37 2017 +0000 upstream commit - Fix typo in ~C error message for bad port forward - cancellation. bz#2672, from Brad Marshall via Colin Watson and Ubuntu's - bugtracker. + Add RemoteCommand option to specify a command in the + ssh config file instead of giving it on the client's command line. This + command will be executed on the remote host. The feature allows to automate + tasks using ssh config. OK markus@ - Upstream-ID: 0d4a7e5ead6cc59c9a44b4c1e5435ab3aada09af + Upstream-ID: 5d982fc17adea373a9c68cae1021ce0a0904a5ee -commit 4ba15462ca38883b8a61a1eccc093c79462d5414 -Author: guenther@openbsd.org -Date: Sat Jan 21 11:32:04 2017 +0000 +commit eb272ea4099fd6157846f15c129ac5727933aa69 +Author: markus@openbsd.org +Date: Tue May 30 14:29:59 2017 +0000 upstream commit - The POSIX APIs that that sockaddrs all ignore the s*_len - field in the incoming socket, so userspace doesn't need to set it unless it - has its own reasons for tracking the size along with the sockaddr. - - ok phessler@ deraadt@ florian@ + switch auth2 to ssh_dispatch API; ok djm@ - Upstream-ID: ca6e49e2f22f2b9e81d6d924b90ecd7e422e7437 + Upstream-ID: a752ca19e2782900dd83060b5c6344008106215f -commit a1187bd3ef3e4940af849ca953a1b849dae78445 -Author: jmc@openbsd.org -Date: Fri Jan 6 16:28:12 2017 +0000 +commit 5a146bbd4fdf5c571f9fb438e5210d28cead76d9 +Author: markus@openbsd.org +Date: Tue May 30 14:27:22 2017 +0000 upstream commit - keep the tokens list sorted; + switch auth2-none.c to modern APIs; ok djm@ - Upstream-ID: b96239dae4fb3aa94146bb381afabcc7740a1638 + Upstream-ID: 07252b58e064d332214bcabbeae8e08c44b2001b -commit b64077f9767634715402014f509e58decf1e140d -Author: djm@openbsd.org -Date: Fri Jan 6 09:27:52 2017 +0000 +commit 60306b2d2f029f91927c6aa7c8e08068519a0fa2 +Author: markus@openbsd.org +Date: Tue May 30 14:26:49 2017 +0000 upstream commit - fix previous + switch auth2-passwd.c to modern APIs; ok djm@ - Upstream-ID: c107d6a69bc22325d79fbf78a2a62e04bcac6895 + Upstream-ID: cba0a8b72b4f97adfb7e3b3fd2f8ba3159981fc7 -commit 5e820e9ea2e949aeb93071fe31c80b0c42f2b2de -Author: djm@openbsd.org -Date: Fri Jan 6 03:53:58 2017 +0000 +commit eb76698b91338bd798c978d4db2d6af624d185e4 +Author: markus@openbsd.org +Date: Tue May 30 14:25:42 2017 +0000 upstream commit - show a useful error message when included config files - can't be opened; bz#2653, ok dtucker@ + switch auth2-hostbased.c to modern APIs; ok djm@ - Upstream-ID: f598b73b5dfe497344cec9efc9386b4e5a3cb95b + Upstream-ID: 146af25c36daeeb83d5dbbb8ca52b5d25de88f4e -commit 13bd2e2d622d01dc85d22b94520a5b243d006049 -Author: djm@openbsd.org -Date: Fri Jan 6 03:45:41 2017 +0000 +commit 2ae666a8fc20b3b871b2f1b90ad65cc027336ccd +Author: markus@openbsd.org +Date: Tue May 30 14:23:52 2017 +0000 upstream commit - sshd_config is documented to set - GSSAPIStrictAcceptorCheck=yes by default, so actually make it do this. - bz#2637 ok dtucker + protocol handlers all get struct ssh passed; ok djm@ - Upstream-ID: 99ef8ac51f17f0f7aec166cb2e34228d4d72a665 + Upstream-ID: 0ca9ea2a5d01a6d2ded94c5024456a930c5bfb5d -commit f89b928534c9e77f608806a217d39a2960cc7fd0 -Author: djm@openbsd.org -Date: Fri Jan 6 03:41:58 2017 +0000 +commit 94583beb24a6c5fd19cedb9104ab2d2d5cd052b6 +Author: markus@openbsd.org +Date: Tue May 30 14:19:15 2017 +0000 upstream commit - Avoid confusing error message when attempting to use - ssh-keyscan built without SSH protocol v.1 to scan for v.1 keys; bz#2583 + ssh: pass struct ssh to auth functions, too; ok djm@ - Upstream-ID: 5d214abd3a21337d67c6dcc5aa6f313298d0d165 + Upstream-ID: d13c509cc782f8f19728fbea47ac7cf36f6e85dd -commit 0999533014784579aa6f01c2d3a06e3e8804b680 -Author: dtucker@openbsd.org -Date: Fri Jan 6 02:34:54 2017 +0000 +commit 5f4082d886c6173b9e90b9768c9a38a3bfd92c2b +Author: markus@openbsd.org +Date: Tue May 30 14:18:15 2017 +0000 upstream commit - Re-add '%k' token for AuthorizedKeysCommand which was - lost during the re-org in rev 1.235. bz#2656, from jboning at gmail.com. + sshd: pass struct ssh to auth functions; ok djm@ - Upstream-ID: 2884e203c02764d7b3fe7472710d9c24bdc73e38 + Upstream-ID: b00a80c3460884ebcdd14ef550154c761aebe488 -commit 51045869fa084cdd016fdd721ea760417c0a3bf3 -Author: djm@openbsd.org -Date: Wed Jan 4 05:37:40 2017 +0000 +commit 7da5df11ac788bc1133d8d598d298e33500524cc +Author: markus@openbsd.org +Date: Tue May 30 14:16:41 2017 +0000 upstream commit - unbreak Unix domain socket forwarding for root; ok - markus@ + remove unused wrapper functions from key.[ch]; ok djm@ - Upstream-ID: 6649c76eb7a3fa15409373295ca71badf56920a2 + Upstream-ID: ea0f4016666a6817fc11f439dd4be06bab69707e -commit 58fca12ba967ea5c768653535604e1522d177e44 -Author: Darren Tucker -Date: Mon Jan 16 09:08:32 2017 +1100 +commit ff7371afd08ac0bbd957d90451d4dcd0da087ef5 +Author: markus@openbsd.org +Date: Tue May 30 14:15:17 2017 +0000 - Remove LOGIN_PROGRAM. + upstream commit - UseLogin is gone, remove leftover. bz#2665, from cjwatson at debian.org + sshkey_new() might return NULL (pkcs#11 code only); ok + djm@ + + Upstream-ID: de9f2ad4a42c0b430caaa7d08dea7bac943075dd -commit b108ce92aae0ca0376dce9513d953be60e449ae1 -Author: djm@openbsd.org -Date: Wed Jan 4 02:21:43 2017 +0000 +commit beb965bbc5a984fa69fb1e2b45ebe766ae09d1ef +Author: markus@openbsd.org +Date: Tue May 30 14:13:40 2017 +0000 upstream commit - relax PKCS#11 whitelist a bit to allow libexec as well as - lib directories. + switch sshconnect.c to modern APIs; ok djm@ - Upstream-ID: cf5617958e2e2d39f8285fd3bc63b557da484702 + Upstream-ID: 27be17f84b950d5e139b7a9b281aa487187945ad -commit c7995f296b9222df2846f56ecf61e5ae13d7a53d -Author: djm@openbsd.org -Date: Tue Jan 3 05:46:51 2017 +0000 +commit 00ed75c92d1f95fe50032835106c368fa22f0f02 +Author: markus@openbsd.org +Date: Tue May 30 14:10:53 2017 +0000 upstream commit - check number of entries in SSH2_FXP_NAME response; avoids - unreachable overflow later. Reported by Jann Horn + switch auth2-pubkey.c to modern APIs; with & ok djm@ - Upstream-ID: b6b2b434a6d6035b1644ca44f24cd8104057420f + Upstream-ID: 8f08d4316eb1b0c4ffe4a206c05cdd45ed1daf07 -commit ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2 -Author: djm@openbsd.org -Date: Fri Dec 30 22:08:02 2016 +0000 +commit 54d90ace1d3535b44d92a8611952dc109a74a031 +Author: markus@openbsd.org +Date: Tue May 30 08:52:19 2017 +0000 upstream commit - fix deadlock when keys/principals command produces a lot of - output and a key is matched early; bz#2655, patch from jboning AT gmail.com + switch from Key typedef with struct sshkey; ok djm@ - Upstream-ID: e19456429bf99087ea994432c16d00a642060afe + Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f -commit 30eee7d1b2fec33c14870cc11910610be5d2aa6f -Author: Darren Tucker -Date: Tue Dec 20 12:16:11 2016 +1100 +commit c221219b1fbee47028dcaf66613f4f8d6b7640e9 +Author: markus@openbsd.org +Date: Tue May 30 08:49:58 2017 +0000 - Re-add missing "Prerequisites" header and fix typo + upstream commit - Patch from HARUYAMA Seigo . + remove ssh1 references; ok djm@ + + Upstream-ID: fc23b7578e7b0a8daaec72946d7f5e58ffff5a3d -commit c8c60f3663165edd6a52632c6ddbfabfce1ca865 -Author: djm@openbsd.org -Date: Mon Dec 19 22:35:23 2016 +0000 +commit afbfa68fa18081ef05a9cd294958509a5d3cda8b +Author: markus@openbsd.org +Date: Tue May 30 08:49:32 2017 +0000 upstream commit - use standard /bin/sh equality test; from Mike Frysinger + revise sshkey_load_public(): remove ssh1 related + comments, remove extra open()/close() on keyfile, prevent leak of 'pub' if + 'keyp' is NULL, replace strlcpy+cat with asprintf; ok djm@ - Upstream-Regress-ID: 7b6f0b63525f399844c8ac211003acb8e4b0bec2 - -commit 4a354fc231174901f2629437c2a6e924a2dd6772 -Author: Damien Miller -Date: Mon Dec 19 15:59:26 2016 +1100 - - crank version numbers for release + Upstream-ID: 6175e47cab5b4794dcd99c1175549a483ec673ca -commit 5f8d0bb8413d4d909cc7aa3c616fb0538224c3c9 -Author: djm@openbsd.org -Date: Mon Dec 19 04:55:51 2016 +0000 +commit 813f55336a24fdfc45e7ed655fccc7d792e8f859 +Author: markus@openbsd.org +Date: Fri May 26 20:34:49 2017 +0000 upstream commit - openssh-7.4 + sshbuf_consume: reset empty buffer; ok djm@ - Upstream-ID: 1ee404adba6bbe10ae9277cbae3a94abe2867b79 + Upstream-ID: 0d4583ba57f69e369d38bbd7843d85cac37fa821 -commit 3a8213ea0ed843523e34e55ab9c852332bab4c7b -Author: djm@openbsd.org -Date: Mon Dec 19 04:55:18 2016 +0000 +commit 6cf711752cc2a7ffaad1fb4de18cae65715ed8bb +Author: markus@openbsd.org +Date: Fri May 26 19:35:50 2017 +0000 upstream commit - remove testcase that depends on exact output and - behaviour of snprintf(..., "%s", NULL) + remove SSH_CHANNEL_XXX_DRAINING (ssh1 only); ok djm@ - Upstream-Regress-ID: cab4288531766bd9593cb556613b91a2eeefb56f + Upstream-ID: e2e225b6ac67b84dd024f38819afff2554fafe42 -commit eae735a82d759054f6ec7b4e887fb7a5692c66d7 -Author: dtucker@openbsd.org -Date: Mon Dec 19 03:32:57 2016 +0000 +commit 364f0d5edea27767fb0f915ea7fc61aded88d3e8 +Author: markus@openbsd.org +Date: Fri May 26 19:34:12 2017 +0000 upstream commit - Use LOGNAME to get current user and fall back to whoami if - not set. Mainly to benefit -portable since some platforms don't have whoami. + remove channel_input_close_confirmation (ssh1 only); ok + djm@ - Upstream-Regress-ID: e3a16b7836a3ae24dc8f8a4e43fdf8127a60bdfa + Upstream-ID: 8e7c8c38f322d255bb0294a5c0ebef53fdf576f1 -commit 0d2f88428487518eea60602bd593989013831dcf -Author: dtucker@openbsd.org -Date: Fri Dec 16 03:51:19 2016 +0000 +commit 8ba0fd40082751dbbc23a830433488bbfb1abdca +Author: djm@openbsd.org +Date: Fri May 26 01:40:07 2017 +0000 upstream commit - Add regression test for AllowUsers and DenyUsers. Patch from - Zev Weiss + fix references to obsolete v00 cert format; spotted by + Jakub Jelen - Upstream-Regress-ID: 8f1aac24d52728398871dac14ad26ea38b533fb9 + Upstream-ID: 7600ce193ab8fd19451acfe24fc2eb39d46b2c4f -commit 3bc8180a008929f6fe98af4a56fb37d04444b417 -Author: Darren Tucker -Date: Fri Dec 16 15:02:24 2016 +1100 +commit dcc714c65cfb81eb6903095b4590719e8690f3da +Author: Mike Frysinger +Date: Wed May 24 23:21:19 2017 -0400 - Add missing monitor.h include. + configure: actually set cache vars when cross-compiling - Fixes warning pointed out by Zev Weiss + The cross-compiling fallback message says it's assuming the test + passed, but it didn't actually set the cache var which causes + later tests to fail. -commit 410681f9015d76cc7b137dd90dac897f673244a0 +commit 947a3e829a5b8832a4768fd764283709a4ca7955 Author: djm@openbsd.org -Date: Fri Dec 16 02:48:55 2016 +0000 +Date: Sat May 20 02:35:47 2017 +0000 upstream commit - revert to rev1.2; the new bits in this test depend on changes - to ssh that aren't yet committed + there's no reason to artificially limit the key path + here, just check that it fits PATH_MAX; spotted by Matthew Patton - Upstream-Regress-ID: 828ffc2c7afcf65d50ff2cf3dfc47a073ad39123 + Upstream-ID: 858addaf2009c9cf04d80164a41b2088edb30b58 -commit 2f2ffa4fbe4b671bbffa0611f15ba44cff64d58e -Author: dtucker@openbsd.org -Date: Fri Dec 16 01:06:27 2016 +0000 +commit 773224802d7cb250bb8b461546fcce10567b4b2e +Author: djm@openbsd.org +Date: Fri May 19 21:07:17 2017 +0000 upstream commit - Move the "stop sshd" code into its own helper function. - Patch from Zev Weiss , ok djm@ + Now that we no longer support SSHv1, replace the contents + of this file with a pointer to + https://tools.ietf.org/html/draft-miller-ssh-agent-00 It's better edited, + doesn't need to document stuff we no longer implement and does document stuff + that we do implement (RSA SHA256/512 signature flags) - Upstream-Regress-ID: a113dea77df5bd97fb4633ea31f3d72dbe356329 + Upstream-ID: da8cdc46bbcc266efabd565ddddd0d8e556f846e -commit e15e7152331e3976b35475fd4e9c72897ad0f074 +commit 54cd41a4663fad66406dd3c8fe0e4760ccd8a899 Author: djm@openbsd.org -Date: Fri Dec 16 01:01:07 2016 +0000 +Date: Wed May 17 01:24:17 2017 +0000 upstream commit - regression test for certificates along with private key - with no public half. bz#2617, mostly from Adam Eijdenberg + allow LogLevel in sshd_config Match blocks; ok dtucker + bz#2717 - Upstream-Regress-ID: 2e74dc2c726f4dc839609b3ce045466b69f01115 + Upstream-ID: 662e303be63148f47db1aa78ab81c5c2e732baa8 -commit 9a70ec085faf6e55db311cd1a329f1a35ad2a500 -Author: dtucker@openbsd.org -Date: Thu Dec 15 23:50:37 2016 +0000 +commit 277abcda3f1b08d2376686f0ef20320160d4c8ab +Author: djm@openbsd.org +Date: Tue May 16 16:56:15 2017 +0000 upstream commit - Use $SUDO to read pidfile in case root's umask is - restricted. From portable. + remove duplicate check; spotted by Jakub Jelen - Upstream-Regress-ID: f6b1c7ffbc5a0dfb7d430adb2883344899174a98 + Upstream-ID: 30c2996c1767616a8fdc49d4cee088efac69c3b0 -commit fe06b68f824f8f55670442fb31f2c03526dd326c -Author: dtucker@openbsd.org -Date: Thu Dec 15 21:29:05 2016 +0000 +commit adb47ce839c977fa197e770c1be8f852508d65aa +Author: djm@openbsd.org +Date: Tue May 16 16:54:05 2017 +0000 upstream commit - Add missing braces in DenyUsers code. Patch from zev at - bewilderbeest.net, ok deraadt@ + mention that Ed25519 keys are valid as CA keys; spotted + by Jakub Jelen - Upstream-ID: d747ace338dcf943b077925f90f85f789714b54e + Upstream-ID: d3f6db58b30418cb1c3058211b893a1ffed3dfd4 -commit dcc7d74242a574fd5c4afbb4224795b1644321e7 -Author: dtucker@openbsd.org -Date: Thu Dec 15 21:20:41 2016 +0000 +commit 6bdf70f01e700348bb4d8c064c31a0ab90896df6 +Author: Damien Miller +Date: Tue May 9 14:35:03 2017 +1000 + + clean up regress files and add a .gitignore + +commit 7bdb2eeb1d3c26acdc409bd94532eefa252e440b +Author: djm@openbsd.org +Date: Mon May 8 22:57:38 2017 +0000 upstream commit - Fix text in error message. Patch from zev at - bewilderbeest.net. + remove hmac-ripemd160; ok dtucker - Upstream-ID: deb0486e175e7282f98f9a15035d76c55c84f7f6 + Upstream-ID: 896e737ea0bad6e23327d1c127e02d5e9e9c654d -commit b737e4d7433577403a31cff6614f6a1b0b5e22f4 +commit 5f02bb1f99f70bb422be8a5c2b77ef853f1db554 Author: djm@openbsd.org -Date: Wed Dec 14 00:36:34 2016 +0000 +Date: Mon May 8 06:11:06 2017 +0000 upstream commit - disable Unix-domain socket forwarding when privsep is - disabled + make requesting bad ECDSA bits yield the same error + (SSH_ERR_KEY_LENGTH) as the same mistake for RSA/DSA - Upstream-ID: ab61516ae0faadad407857808517efa900a0d6d0 + Upstream-ID: bf40d3fee567c271e33f05ef8e4e0fa0b6f0ece6 -commit 08a1e7014d65c5b59416a0e138c1f73f417496eb +commit d757a4b633e8874629a1442c7c2e7b1b55d28c19 Author: djm@openbsd.org -Date: Fri Dec 9 03:04:29 2016 +0000 +Date: Mon May 8 06:08:42 2017 +0000 upstream commit - log connections dropped in excess of MaxStartups at - verbose LogLevel; bz#2613 based on diff from Tomas Kuthan; ok dtucker@ + fix for new SSH_ERR_KEY_LENGTH error value - Upstream-ID: 703ae690dbf9b56620a6018f8a3b2389ce76d92b - -commit 10e290ec00964b2bf70faab15a10a5574bb80527 -Author: Darren Tucker -Date: Tue Dec 13 13:51:32 2016 +1100 - - Get default of TEST_SSH_UTF8 from environment. + Upstream-Regress-ID: c38a6e6174d4c3feca3518df150d4fbae0dca8dc -commit b9b8ba3f9ed92c6220b58d70d1e6d8aa3eea1104 -Author: Darren Tucker -Date: Tue Dec 13 12:56:40 2016 +1100 +commit 2e58a69508ac49c02d1bb6057300fa6a76db1045 +Author: djm@openbsd.org +Date: Mon May 8 06:03:39 2017 +0000 - Remove commented-out includes. + upstream commit - These commented-out includes have "Still needed?" comments. Since - they've been commented out for ~13 years I assert that they're not. - -commit 25275f1c9d5f01a0877d39444e8f90521a598ea0 -Author: Darren Tucker -Date: Tue Dec 13 12:54:23 2016 +1100 - - Add prototype for strcasestr in compat library. - -commit afec07732aa2985142f3e0b9a01eb6391f523dec -Author: Darren Tucker -Date: Tue Dec 13 10:23:03 2016 +1100 - - Add strcasestr to compat library. + helps if I commit the correct version of the file. fix + missing return statement. - Fixes build on (at least) Solaris 10. + Upstream-ID: c86394a3beeb1ec6611e659bfa830254f325546c -commit dda78a03af32e7994f132d923c2046e98b7c56c8 -Author: Damien Miller -Date: Mon Dec 12 13:57:10 2016 +1100 +commit effaf526bfa57c0ac9056ca236becf52385ce8af +Author: djm@openbsd.org +Date: Mon May 8 01:52:49 2017 +0000 - Force Turkish locales back to C/POSIX; bz#2643 + upstream commit - Turkish locales are unique in their handling of the letters 'i' and - 'I' (yes, they are different letters) and OpenSSH isn't remotely - prepared to deal with that. For now, the best we can do is to force - OpenSSH to use the C/POSIX locale and try to preserve the UTF-8 - encoding if possible. + remove arcfour, blowfish and CAST here too - ok dtucker@ - -commit c35995048f41239fc8895aadc3374c5f75180554 -Author: Darren Tucker -Date: Fri Dec 9 12:52:02 2016 +1100 - - exit is in stdlib.h not unistd.h (that's _exit). - -commit d399a8b914aace62418c0cfa20341aa37a192f98 -Author: Darren Tucker -Date: Fri Dec 9 12:33:25 2016 +1100 - - Include for exit in utf8 locale test. + Upstream-Regress-ID: c613b3bcbef75df1fe84ca4dc2d3ef253dc5e920 -commit 47b8c99ab3221188ad3926108dd9d36da3b528ec -Author: Darren Tucker -Date: Thu Dec 8 15:48:34 2016 +1100 +commit 7461a5bc571696273252df28a1f1578968cae506 +Author: djm@openbsd.org +Date: Mon May 8 00:21:36 2017 +0000 - Check for utf8 local support before testing it. + upstream commit - Check for utf8 local support and if not found, do not attempt to run the - utf8 tests. Suggested by djm@ - -commit 4089fc1885b3a2822204effbb02b74e3da58240d -Author: Darren Tucker -Date: Thu Dec 8 12:57:24 2016 +1100 - - Use AC_PATH_TOOL for krb5-config. + I was too aggressive with the scalpel in the last commit; + unbreak sshd, spotted quickly by naddy@ - This will use the host-prefixed version when cross compiling; patch from - david.michael at coreos.com. + Upstream-ID: fb7e75d2b2c7e6ca57dee00ca645e322dd49adbf -commit b4867e0712c89b93be905220c82f0a15e6865d1e +commit bd636f40911094a39c2920bf87d2ec340533c152 Author: djm@openbsd.org -Date: Tue Dec 6 07:48:01 2016 +0000 +Date: Sun May 7 23:15:59 2017 +0000 upstream commit - make IdentityFile successfully load and use certificates that - have no corresponding bare public key. E.g. just a private id_rsa and - certificate id_rsa-cert.pub (and no id_rsa.pub). - - bz#2617 ok dtucker@ + Refuse RSA keys <1024 bits in length. Improve reporting + for keys that do not meet this requirement. ok markus@ - Upstream-ID: c1e9699b8c0e3b63cc4189e6972e3522b6292604 + Upstream-ID: b385e2a7b13b1484792ee681daaf79e1e203df6c -commit c9792783a98881eb7ed295680013ca97a958f8ac -Author: Damien Miller -Date: Fri Nov 25 14:04:21 2016 +1100 +commit 70c1218fc45757a030285051eb4d209403f54785 +Author: djm@openbsd.org +Date: Sun May 7 23:13:42 2017 +0000 - Add a gnome-ssh-askpass3 target for GTK+3 version + upstream commit - Based on patch from Colin Watson via bz#2640 - -commit 7be85ae02b9de0993ce0a1d1e978e11329f6e763 -Author: Damien Miller -Date: Fri Nov 25 14:03:53 2016 +1100 - - Make gnome-ssh-askpass2.c GTK+3-friendly + Don't offer CBC ciphers by default in the client. ok + markus@ - Patch from Colin Watson via bz#2640 + Upstream-ID: 94c9ce8d0d1a085052e11c7f3307950fdc0901ef -commit b9844a45c7f0162fd1b5465683879793d4cc4aaa +commit acaf34fd823235d549c633c0146ee03ac5956e82 Author: djm@openbsd.org -Date: Sun Dec 4 23:54:02 2016 +0000 +Date: Sun May 7 23:12:57 2017 +0000 upstream commit - Fix public key authentication when multiple - authentication is in use. Instead of deleting and re-preparing the entire - keys list, just reset the 'used' flags; the keys list is already in a good - order (with already- tried keys at the back) - - Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@ + As promised in last release announcement: remove + support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@ - Upstream-ID: 7123f12dc2f3bcaae715853035a97923d7300176 + Upstream-ID: 21f8facdba3fd8da248df6417000867cec6ba222 -commit f2398eb774075c687b13af5bc22009eb08889abe -Author: dtucker@openbsd.org -Date: Sun Dec 4 22:27:25 2016 +0000 +commit 3e371bd2124427403971db853fb2e36ce789b6fd +Author: naddy@openbsd.org +Date: Fri May 5 10:42:49 2017 +0000 upstream commit - Unlink PidFile on SIGHUP and always recreate it when the - new sshd starts. Regression tests (and possibly other things) depend on the - pidfile being recreated after SIGHUP, and unlinking it means it won't contain - a stale pid if sshd fails to restart. ok djm@ markus@ + more simplification and removal of SSHv1-related code; + ok djm@ - Upstream-ID: 132dd6dda0c77dd49d2f15b2573b5794f6160870 + Upstream-ID: d2f041aa0b79c0ebd98c68a01e5a0bfab2cf3b55 -commit 85aa2efeba51a96bf6834f9accf2935d96150296 -Author: djm@openbsd.org -Date: Wed Nov 30 03:01:33 2016 +0000 +commit 2e9c324b3a7f15c092d118c2ac9490939f6228fd +Author: naddy@openbsd.org +Date: Fri May 5 10:41:58 2017 +0000 upstream commit - test new behaviour of cert force-command restriction vs. - authorized_key/ principals + remove superfluous protocol 2 mentions; ok jmc@ - Upstream-Regress-ID: 399efa7469d40c404c0b0a295064ce75d495387c + Upstream-ID: 0aaf7567c9f2e50fac5906b6a500a39c33c4664d -commit 5d333131cd8519d022389cfd3236280818dae1bc -Author: jmc@openbsd.org -Date: Wed Nov 30 06:54:26 2016 +0000 +commit 744bde79c3361e2153cb395a2ecdcee6c713585d +Author: djm@openbsd.org +Date: Thu May 4 06:10:57 2017 +0000 upstream commit - tweak previous; while here fix up FILES and AUTHORS; + since a couple of people have asked, leave a comment + explaining why we retain SSH v.1 support in the "delete all keys from agent" + path. - Upstream-ID: 93f6e54086145a75df8d8ec7d8689bdadbbac8fa + Upstream-ID: 4b42dcfa339813c15fe9248a2c1b7ed41c21bbb4 -commit 786d5994da79151180cb14a6cf157ebbba61c0cc +commit 0c378ff6d98d80bc465a4a6a787670fb9cc701ee Author: djm@openbsd.org -Date: Wed Nov 30 03:07:37 2016 +0000 +Date: Thu May 4 01:33:21 2017 +0000 upstream commit - add a whitelist of paths from which ssh-agent will load - (via ssh-pkcs11-helper) a PKCS#11 module; ok markus@ + another tentacle: cipher_set_key_string() was only ever + used for SSHv1 - Upstream-ID: fe79769469d9cd6d26fe0dc15751b83ef2a06e8f + Upstream-ID: 7fd31eb6c48946f7e7cc12af0699fe8eb637e94a -commit 7844f357cdd90530eec81340847783f1f1da010b -Author: djm@openbsd.org -Date: Wed Nov 30 03:00:05 2016 +0000 +commit 9a82e24b986e3e0dc70849dbb2c19aa6c707b37f +Author: naddy@openbsd.org +Date: Wed May 3 21:49:18 2017 +0000 upstream commit - Add a sshd_config DisableForwaring option that disables - X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as - anything else we might implement in the future. - - This, like the 'restrict' authorized_keys flag, is intended to be a - simple and future-proof way of restricting an account. Suggested as - a complement to 'restrict' by Jann Horn; ok markus@ + restore mistakenly deleted description of the + ConnectionAttempts option ok markus@ - Upstream-ID: 203803f66e533a474086b38a59ceb4cf2410fcf7 + Upstream-ID: 943002b1b7c470caea3253ba7b7348c359de0348 -commit fd6dcef2030d23c43f986d26979f84619c10589d -Author: djm@openbsd.org -Date: Wed Nov 30 02:57:40 2016 +0000 +commit 768405fddf64ff83aa6ef701ebb3c1f82d98a2f3 +Author: naddy@openbsd.org +Date: Wed May 3 21:08:09 2017 +0000 upstream commit - When a forced-command appears in both a certificate and - an authorized keys/principals command= restriction, refuse to accept the - certificate unless they are identical. + remove miscellaneous SSH1 leftovers; ok markus@ - The previous (documented) behaviour of having the certificate forced- - command override the other could be a bit confused and more error-prone. + Upstream-ID: af23696022ae4d45a1abc2fb8b490d8d9dd63b7c + +commit 1a1b24f8229bf7a21f89df21987433283265527a +Author: jmc@openbsd.org +Date: Wed May 3 10:01:44 2017 +0000 + + upstream commit - Pointed out by Jann Horn of Project Zero; ok dtucker@ + more protocol 1 bits removed; ok djm - Upstream-ID: 79d811b6eb6bbe1221bf146dde6928f92d2cd05f + Upstream-ID: b5b977eaf756915acb56aef3604a650e27f7c2b9 -commit 7fc4766ac78abae81ee75b22b7550720bfa28a33 -Author: dtucker@openbsd.org -Date: Wed Nov 30 00:28:31 2016 +0000 +commit 2b6f799e9b230cf13a7eefc05ecead7d8569d6b5 +Author: jmc@openbsd.org +Date: Wed May 3 06:32:02 2017 +0000 upstream commit - On startup, check to see if sshd is already daemonized - and if so, skip the call to daemon() and do not rewrite the PidFile. This - means that when sshd re-execs itself on SIGHUP the process ID will no longer - change. Should address bz#2641. ok djm@ markus@. + more protocol 1 stuff to go; ok djm - Upstream-ID: 5ea0355580056fb3b25c1fd6364307d9638a37b9 + Upstream-ID: 307a30441d2edda480fd1661d998d36665671e47 -commit c9f880c195c65f1dddcbc4ce9d6bfea7747debcc -Author: Damien Miller -Date: Wed Nov 30 13:51:49 2016 +1100 +commit f10c0d32cde2084d2a0b19bc47d80cb93e85a093 +Author: jmc@openbsd.org +Date: Tue May 2 17:04:09 2017 +0000 - factor out common PRNG reseed before privdrop + upstream commit - Add a call to RAND_poll() to ensure than more than pid+time gets - stirred into child processes states. Prompted by analysis from Jann - Horn at Project Zero. ok dtucker@ + rsa1 is no longer valid; + + Upstream-ID: 9953d09ed9841c44b7dcf7019fa874783a709d89 -commit 79e4829ec81dead1b30999e1626eca589319a47f -Author: dtucker@openbsd.org -Date: Fri Nov 25 03:02:01 2016 +0000 +commit 42b690b4fd0faef78c4d68225948b6e5c46c5163 +Author: jmc@openbsd.org +Date: Tue May 2 14:06:37 2017 +0000 upstream commit - Allow PuTTY interop tests to run unattended. bz#2639, - patch from cjwatson at debian.org. + add PubKeyAcceptedKeyTypes to the -o list: scp(1) has + it, so i guess this should too; - Upstream-Regress-ID: 4345253558ac23b2082aebabccd48377433b6fe0 + Upstream-ID: 7fab32e869ca5831d09ab0c40d210b461d527a2c -commit 504c3a9a1bf090f6b27260fc3e8ea7d984d163dc -Author: dtucker@openbsd.org -Date: Fri Nov 25 02:56:49 2016 +0000 +commit d852603214defd93e054de2877b20cc79c19d0c6 +Author: jmc@openbsd.org +Date: Tue May 2 13:44:51 2017 +0000 upstream commit - Reverse args to sshd-log-wrapper. Matches change in - portable, where it allows sshd do be optionally run under Valgrind. + remove now obsolete protocol1 options from the -o + lists; - Upstream-Regress-ID: b438d1c6726dc5caa2a45153e6103a0393faa906 + Upstream-ID: 828e478a440bc5f9947672c392420510a362b3dd -commit bd13017736ec2f8f9ca498fe109fb0035f322733 -Author: dtucker@openbsd.org -Date: Fri Nov 25 02:49:18 2016 +0000 +commit 8b60ce8d8111e604c711c4cdd9579ffe0edced74 +Author: jmc@openbsd.org +Date: Tue May 2 09:05:58 2017 +0000 upstream commit - Fix typo in trace message; from portable. + more -O shuffle; ok djm - Upstream-Regress-ID: 4c4a2ba0d37faf5fd230a91b4c7edb5699fbd73a + Upstream-ID: c239991a3a025cdbb030b73e990188dd9bfbeceb -commit 7da751d8b007c7f3e814fd5737c2351440d78b4c -Author: tb@openbsd.org -Date: Tue Nov 1 13:43:27 2016 +0000 +commit 3575f0b12afe6b561681582fd3c34067d1196231 +Author: djm@openbsd.org +Date: Tue May 2 08:54:19 2017 +0000 upstream commit - Clean up MALLOC_OPTIONS. For the unittests, move - MALLOC_OPTIONS and TEST_ENV to unittets/Makefile.inc. - - ok otto + remove -1 / -2 options; pointed out by jmc@ - Upstream-Regress-ID: 890d497e0a38eeddfebb11cc429098d76cf29f12 + Upstream-ID: 65d2a816000741a95df1c7cfdb5fa8469fcc7daa -commit 36f58e68221bced35e06d1cca8d97c48807a8b71 -Author: tb@openbsd.org -Date: Mon Oct 31 23:45:08 2016 +0000 +commit 4f1ca823bad12e4f9614895eefe0d0073b84a28f +Author: jmc@openbsd.org +Date: Tue May 2 08:06:33 2017 +0000 upstream commit - Remove the obsolete A and P flags from MALLOC_OPTIONS. - - ok dtucker + remove options -12 from usage(); - Upstream-Regress-ID: 6cc25024c8174a87e5734a0dc830194be216dd59 + Upstream-ID: db7ceef25132e63b50ed05289bf447fece1d1270 -commit b0899ee26a6630883c0f2350098b6a35e647f512 -Author: dtucker@openbsd.org -Date: Tue Nov 29 03:54:50 2016 +0000 +commit 6b84897f7fd39956b849eac7810319d8a9958568 +Author: jmc@openbsd.org +Date: Tue May 2 07:13:31 2017 +0000 upstream commit - Factor out code to disconnect from controlling terminal - into its own function. ok djm@ + tidy up -O somewhat; ok djm - Upstream-ID: 39fd9e8ebd7222615a837312face5cc7ae962885 + Upstream-ID: 804405f716bf7ef15c1f36ab48581ca16aeb4d52 -commit 54d022026aae4f53fa74cc636e4a032d9689b64d +commit d1c6b7fdbdfe4a7a37ecd48a97f0796b061c2868 Author: djm@openbsd.org -Date: Fri Nov 25 23:24:45 2016 +0000 +Date: Mon May 1 22:09:48 2017 +0000 upstream commit - use sshbuf_allocate() to pre-allocate the buffer used for - loading keys. This avoids implicit realloc inside the buffer code, which - might theoretically leave fragments of the key on the heap. This doesn't - appear to happen in practice for normal sized keys, but was observed for - novelty oversize ones. - - Pointed out by Jann Horn of Project Zero; ok markus@ + when freeing a bitmap, zero all it bytes; spotted by Ilya + Kaliman - Upstream-ID: d620e1d46a29fdea56aeadeda120879eddc60ab1 + Upstream-ID: 834ac024f2c82389d6ea6b1c7d6701b3836e28e4 -commit a9c746088787549bb5b1ae3add7d06a1b6d93d5e +commit 0f163983016c2988a92e039d18a7569f9ea8e071 Author: djm@openbsd.org -Date: Fri Nov 25 23:22:04 2016 +0000 +Date: Mon May 1 14:08:26 2017 +0000 upstream commit - split allocation out of sshbuf_reserve() into a separate - sshbuf_allocate() function; ok markus@ + this one I did forget to "cvs rm" - Upstream-ID: 11b8a2795afeeb1418d508a2c8095b3355577ec2 + Upstream-ID: 5781670c0578fe89663c9085ed3ba477cf7e7913 -commit f0ddedee460486fa0e32fefb2950548009e5026e -Author: markus@openbsd.org -Date: Wed Nov 23 23:14:15 2016 +0000 +commit 21ed00a8e26fe8a772bcca782175fafc2b0890ed +Author: djm@openbsd.org +Date: Mon May 1 09:27:45 2017 +0000 upstream commit - allow ClientAlive{Interval,CountMax} in Match; ok dtucker, - djm + don't know why cvs didn't exterminate these the first + time around, I use rm -f and everuthing... - Upstream-ID: 8beb4c1eadd588f1080b58932281983864979f55 + pointed out by sobrado@ + + Upstream-ID: a6c44a0c2885330d322ee01fcfd7f6f209b1e15d -commit 1a6f9d2e2493d445cd9ee496e6e3c2a2f283f66a +commit d29ba6f45086703fdcb894532848ada3427dfde6 +Author: Darren Tucker +Date: Mon May 1 13:53:07 2017 +1000 + + Define INT32_MAX and INT64_MAX if needed. + +commit 329037e389f02ec95c8e16bf93ffede94d3d44ce +Author: Darren Tucker +Date: Mon May 1 13:19:41 2017 +1000 + + Wrap stdint.h in HAVE_STDINT_H + +commit f382362e8dfb6b277f16779ab1936399d7f2af78 Author: djm@openbsd.org -Date: Tue Nov 8 22:04:34 2016 +0000 +Date: Mon May 1 02:27:11 2017 +0000 upstream commit - unbreak DenyUsers; reported by henning@ + remove unused variable - Upstream-ID: 1c67d4148f5e953c35acdb62e7c08ae8e33f7cb2 + Upstream-ID: 66011f00819d0e71b14700449a98414033284516 -commit 010359b32659f455fddd2bd85fd7cc4d7a3b994a +commit dd369320d2435b630a5974ab270d686dcd92d024 Author: djm@openbsd.org -Date: Sun Nov 6 05:46:37 2016 +0000 +Date: Sun Apr 30 23:34:55 2017 +0000 upstream commit - Validate address ranges for AllowUser/DenyUsers at - configuration load time and refuse to accept bad ones. It was previously - possible to specify invalid CIDR address ranges (e.g. djm@127.1.2.3/55) and - these would always match. - - Thanks to Laurence Parry for a detailed bug report. ok markus (for - a previous diff version) + eliminate explicit specification of protocol in tests and + loops over protocol. We only support SSHv2 now. - Upstream-ID: 9dfcdd9672b06e65233ea4434c38226680d40bfb + Upstream-Regress-ID: 0082838a9b8a382b7ee9cbf0c1b9db727784fadd -commit efb494e81d1317209256b38b49f4280897c61e69 +commit 557f921aad004be15805e09fd9572969eb3d9321 Author: djm@openbsd.org -Date: Fri Oct 28 03:33:52 2016 +0000 +Date: Sun Apr 30 23:33:48 2017 +0000 upstream commit - Improve pkcs11_add_provider() logging: demote some - excessively verbose error()s to debug()s, include PKCS#11 provider name and - slot in log messages where possible. bz#2610, based on patch from Jakub Jelen + remove SSHv1 support from unit tests - Upstream-ID: 3223ef693cfcbff9079edfc7e89f55bf63e1973d - -commit 5ee3fb5affd7646f141749483205ade5fc54adaf -Author: Darren Tucker -Date: Tue Nov 1 08:12:33 2016 +1100 - - Use ptrace(PT_DENY_ATTACH, ..) on OS X. + Upstream-Regress-ID: 395ca2aa48f1f7d23eefff6cb849ea733ca8bbfe -commit 315d2a4e674d0b7115574645cb51f968420ebb34 -Author: Damien Miller -Date: Fri Oct 28 14:34:07 2016 +1100 +commit e77e1562716fb3da413e4c2397811017b762f5e3 +Author: djm@openbsd.org +Date: Mon May 1 00:03:18 2017 +0000 - Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL + upstream commit - ok dtucker@ - -commit a9ff3950b8e80ff971b4d44bbce96df27aed28af -Author: Darren Tucker -Date: Fri Oct 28 14:26:58 2016 +1100 - - Move OPENSSL_NO_RIPEMD160 to compat. + fixup setting ciphercontext->plaintext (lost in SSHv1 purge), + though it isn't really used for much anymore. - Move OPENSSL_NO_RIPEMD160 to compat and add ifdefs to mac.c around the - ripemd160 MACs. - -commit bce58885160e5db2adda3054c3b81fe770f7285a -Author: Darren Tucker -Date: Fri Oct 28 13:52:31 2016 +1100 - - Check if RIPEMD160 is disabled in OpenSSL. + Upstream-ID: 859b8bce84ff4865b32097db5430349d04b9b747 -commit d924640d4c355d1b5eca1f4cc60146a9975dbbff -Author: Darren Tucker -Date: Fri Oct 28 13:38:19 2016 +1100 +commit f7849e6c83a4e0f602dea6c834a24091c622d68e +Author: Damien Miller +Date: Mon May 1 09:55:56 2017 +1000 - Skip ssh1 specfic ciphers. - - cipher-3des1.c and cipher-bf1.c are specific to sshv1 so don't even try - to compile them when Protocol 1 is not enabled. + remove configure --with-ssh1 -commit 79d078e7a49caef746516d9710ec369ba45feab6 -Author: jsg@openbsd.org -Date: Tue Oct 25 04:08:13 2016 +0000 +commit f4a6a88ddb6dba6d2f7bfb9e2c9879fcc9633043 +Author: djm@openbsd.org +Date: Sun Apr 30 23:29:10 2017 +0000 upstream commit - Fix logic in add_local_forward() that inverted a test - when code was refactored out into bind_permitted(). This broke ssh port - forwarding for non-priv ports as a non root user. + flense SSHv1 support from ssh-agent, considerably + simplifying it - ok dtucker@ 'looks good' deraadt@ + ok markus - Upstream-ID: ddb8156ca03cc99997de284ce7777536ff9570c9 + Upstream-ID: 71d772cdcefcb29f76e01252e8361e6fc2dfc365 -commit a903e315dee483e555c8a3a02c2946937f9b4e5d -Author: dtucker@openbsd.org -Date: Mon Oct 24 01:09:17 2016 +0000 +commit 930e8d2827853bc2e196c20c3e000263cc87fb75 +Author: djm@openbsd.org +Date: Sun Apr 30 23:28:41 2017 +0000 upstream commit - Remove dead breaks, found via opencoverage.net. ok - deraadt@ + obliterate ssh1.h and some dead code that used it - Upstream-ID: ad9cc655829d67fad219762810770787ba913069 - -commit b4e96b4c9bea4182846e4942ba2048e6d708ee54 -Author: Darren Tucker -Date: Wed Oct 26 08:43:25 2016 +1100 - - Use !=NULL instead of >0 for getdefaultproj. + ok markus@ - getdefaultproj() returns a pointer so test it for NULL inequality - instead of >0. Fixes compiler warning and is more correct. Patch from - David Binderman. + Upstream-ID: 1ca9159a9fb95618f9d51e069ac8e1131a087343 -commit 1c4ef0b808d3d38232aeeb1cebb7e9a43def42c5 -Author: dtucker@openbsd.org -Date: Sun Oct 23 22:04:05 2016 +0000 +commit a3710d5d529a34b8f56aa62db798c70e85d576a0 +Author: djm@openbsd.org +Date: Sun Apr 30 23:28:12 2017 +0000 upstream commit - Factor out "can bind to low ports" check into its own function. This will - make it easier for Portable to support platforms with permissions models - other than uid==0 (eg bz#2625). ok djm@, "doesn't offend me too much" - deraadt@. + exterminate the -1 flag from scp - Upstream-ID: 86213df4183e92b8f189a6d2dac858c994bfface + ok markus@ + + Upstream-ID: 26d247f7065da15056b209cef5f594ff591b89db -commit 0b9ee623d57e5de7e83e66fd61a7ba9a5be98894 -Author: dtucker@openbsd.org -Date: Wed Oct 19 23:21:56 2016 +0000 +commit aebd0abfaa8a41e75d50f9f7934267b0a2d9acb4 +Author: djm@openbsd.org +Date: Sun Apr 30 23:26:54 2017 +0000 upstream commit - When tearing down ControlMaster connecctions, don't - pollute stderr when LogLevel=quiet. Patch from Tim Kuijsten via tech@. + purge the last traces of SSHv1 from the TTY modes + handling code - Upstream-ID: d9b3a68b2a7c2f2fc7f74678e29a4618d55ceced - -commit 09e6a7d8354224933febc08ddcbc2010f542284e -Author: Darren Tucker -Date: Mon Oct 24 09:06:18 2016 +1100 - - Wrap stdint.h include in ifdef. - -commit 08d9e9516e587b25127545c029e5464b2e7f2919 -Author: Darren Tucker -Date: Fri Oct 21 09:46:46 2016 +1100 - - Fix formatting. - -commit 461f50e7ab8751d3a55e9158c44c13031db7ba1d -Author: Darren Tucker -Date: Fri Oct 21 06:55:58 2016 +1100 - - Update links to https. + ok markus - www.openssh.com now supports https and ftp.openbsd.org no longer - supports ftp. Make all links to these https. + Upstream-ID: 963a19f1e06577377c38a3b7ce468f121b966195 -commit dd4e7212a6141f37742de97795e79db51e4427ad -Author: Darren Tucker -Date: Fri Oct 21 06:48:46 2016 +1100 +commit dfa641f758d4b8b2608ab1b00abaf88df0a8e36a +Author: djm@openbsd.org +Date: Sun Apr 30 23:26:16 2017 +0000 - Update host key generation examples. + upstream commit - Remove ssh1 host key generation, add ssh-keygen -A - -commit 6d49ae82634c67e9a4d4af882bee20b40bb8c639 -Author: Darren Tucker -Date: Fri Oct 21 05:22:55 2016 +1100 - - Update links. + remove the (in)famous SSHv1 CRC compensation attack + detector. - Make links to openssh.com HTTPS now that it's supported, point release - notes link to the HTML release notes page, and update a couple of other - links and bits of text. - -commit fe0d1ca6ace06376625084b004ee533f2c2ea9d6 -Author: Darren Tucker -Date: Thu Oct 20 03:42:09 2016 +1100 - - Remote channels .orig and .rej files. + Despite your cameo in The Matrix movies, you will not be missed. - These files were incorrectly added during an OpenBSD sync. + ok markus + + Upstream-ID: 44261fce51a56d93cdb2af7b6e184be629f667e0 -commit 246aa842a4ad368d8ce030495e657ef3a0e1f95c -Author: dtucker@openbsd.org -Date: Tue Oct 18 17:32:54 2016 +0000 +commit e5d3bd36ef67d82092861f39b5bf422cb12b31a6 +Author: djm@openbsd.org +Date: Sun Apr 30 23:25:03 2017 +0000 upstream commit - Remove channel_input_port_forward_request(); the only caller - was the recently-removed SSH1 server code so it's now dead code. ok markus@ + undo some local debugging stuff that I committed by + accident - Upstream-ID: 05453983230a1f439562535fec2818f63f297af9 + Upstream-ID: fe5b31f69a60d47171836911f144acff77810217 -commit 2c6697c443d2c9c908260eed73eb9143223e3ec9 -Author: millert@openbsd.org -Date: Tue Oct 18 12:41:22 2016 +0000 +commit 3d6d09f2e90f4ad650ebda6520bf2da446f37f14 +Author: djm@openbsd.org +Date: Sun Apr 30 23:23:54 2017 +0000 upstream commit - Install a signal handler for tty-generated signals and - wait for the ssh child to suspend before suspending sftp. This lets ssh - restore the terminal mode as needed when it is suspended at the password - prompt. OK dtucker@ + remove SSHv1 support from packet and buffer APIs - Upstream-ID: a31c1f42aa3e2985dcc91e46e6a17bd22e372d69 + ok markus@ + + Upstream-ID: bfc290053d40b806ecac46317d300677d80e1dc9 -commit fd2a8f1033fa2316fff719fd5176968277560158 -Author: jmc@openbsd.org -Date: Sat Oct 15 19:56:25 2016 +0000 +commit 05164358577c82de18ed7373196bc7dbd8a3f79c +Author: djm@openbsd.org +Date: Sun Apr 30 23:21:54 2017 +0000 upstream commit - various formatting fixes, specifically removing Dq; + remove SSHv1-related buffers from client code - Upstream-ID: 81e85df2b8e474f5f93d66e61d9a4419ce87347c + Upstream-ID: dca5d01108f891861ceaf7ba1c0f2eb274e0c7dd -commit 8f866d8a57b9a2dc5dd04504e27f593b551618e3 -Author: Darren Tucker -Date: Wed Oct 19 03:26:09 2016 +1100 +commit 873d3e7d9a4707d0934fb4c4299354418f91b541 +Author: djm@openbsd.org +Date: Sun Apr 30 23:18:44 2017 +0000 - Import readpassphrase.c rev 1.26. + upstream commit - Author: miller@openbsd.org: - Avoid generate SIGTTOU when restoring the terminal mode. If we get - SIGTTOU it means the process is not in the foreground process group - which, in most cases, means that the shell has taken control of the tty. - Requiring the user the fg the process in this case doesn't make sense - and can result in both SIGTSTP and SIGTTOU being sent which can lead to - the process being suspended again immediately after being brought into - the foreground. - -commit f901440cc844062c9bab0183d133f7ccc58ac3a5 -Author: Darren Tucker -Date: Wed Oct 19 03:23:16 2016 +1100 - - Import readpassphrase.c rev 1.25. + remove KEY_RSA1 - Wrap so internal calls go direct and - readpassphrase is weak. + ok markus@ - (DEF_WEAK is a no-op in portable.) + Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133 -commit 032147b69527e5448a511049b2d43dbcae582624 -Author: Darren Tucker -Date: Sat Oct 15 05:51:12 2016 +1100 +commit 788ac799a6efa40517f2ac0d895a610394298ffc +Author: djm@openbsd.org +Date: Sun Apr 30 23:18:22 2017 +0000 - Move DEF_WEAK into defines.h. + upstream commit - As well pull in more recent changes from OpenBSD these will start to - arrive so put it where the definition is shared. - -commit e0259a82ddd950cfb109ddee86fcebbc09c6bd04 -Author: Darren Tucker -Date: Sat Oct 15 04:34:46 2016 +1100 - - Remove do_pam_set_tty which is dead code. + remove SSHv1 configuration options and man pages bits - The callers of do_pam_set_tty were removed in 2008, so this is now dead - code. bz#2604, pointed out by jjelen at redhat.com. - -commit ca04de83f210959ad2ed870a30ba1732c3ae00e3 -Author: Damien Miller -Date: Thu Oct 13 18:53:43 2016 +1100 - - unbreak principals-command test + ok markus@ - Undo inconsistetly updated variable name. + Upstream-ID: 84638c23546c056727b7a7d653c72574e0f19424 -commit 1723ec92eb485ce06b4cbf49712d21975d873909 +commit e6882463a8ae0594aacb6d6575a6318a41973d84 Author: djm@openbsd.org -Date: Tue Oct 11 21:49:54 2016 +0000 +Date: Sun Apr 30 23:17:37 2017 +0000 upstream commit - fix the KEX fuzzer - the previous method of obtaining the - packet contents was broken. This now uses the new per-packet input hook, so - it sees exact post-decrypt packets and doesn't have to pass packet integrity - checks. ok markus@ + remove SSH1 make flag and associated files ok markus@ - Upstream-Regress-ID: 402fb6ffabd97de590e8e57b25788949dce8d2fd + Upstream-ID: ba9feacc5787337c413db7cf26ea3d53f854cfef -commit 09f997893f109799cddbfce6d7e67f787045cbb2 -Author: natano@openbsd.org -Date: Thu Oct 6 09:31:38 2016 +0000 +commit cdccebdf85204bf7542b7fcc1aa2ea3f36661833 +Author: djm@openbsd.org +Date: Sun Apr 30 23:15:04 2017 +0000 upstream commit - Move USER out of the way to unbreak the BUILDUSER - mechanism. ok tb + remove SSHv1 ciphers; ok markus@ - Upstream-Regress-ID: 74ab9687417dd071d62316eaadd20ddad1d5af3c + Upstream-ID: e5ebc5e540d7f23a8c1266db1839794d4d177890 -commit 3049a012c482a7016f674db168f23fd524edce27 -Author: bluhm@openbsd.org -Date: Fri Sep 30 11:55:20 2016 +0000 +commit 97f4d3083b036ce3e68d6346a6140a22123d5864 +Author: djm@openbsd.org +Date: Sun Apr 30 23:13:25 2017 +0000 upstream commit - In ssh tests set REGRESS_FAIL_EARLY with ?= so that the - environment can change it. OK djm@ + remove compat20/compat13/compat15 variables - Upstream-Regress-ID: 77bcb50e47b68c7209c7f0a5a020d73761e5143b + ok markus@ + + Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c -commit 39af7b444db28c1cb01b7ea468a4f574a44f375b +commit 99f95ba82673d33215dce17bfa1512b57f54ec09 Author: djm@openbsd.org -Date: Tue Oct 11 21:47:45 2016 +0000 +Date: Sun Apr 30 23:11:45 2017 +0000 upstream commit - Add a per-packet input hook that is called with the - decrypted packet contents. This will be used for fuzzing; ok markus@ + remove options.protocol and client Protocol + configuration knob - Upstream-ID: a3221cee6b1725dd4ae1dd2c13841b4784cb75dc + ok markus@ + + Upstream-ID: 5a967f5d06e2d004b0235457b6de3a9a314e9366 -commit ec165c392ca54317dbe3064a8c200de6531e89ad -Author: markus@openbsd.org -Date: Mon Oct 10 19:28:48 2016 +0000 +commit 56912dea6ef63dae4eb1194e5d88973a7c6c5740 +Author: djm@openbsd.org +Date: Sun Apr 30 23:10:43 2017 +0000 upstream commit - Unregister the KEXINIT handler after message has been - received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause - allocation of up to 128MB -- until the connection is closed. Reported by - shilei-c at 360.cn + unifdef WITH_SSH1 ok markus@ - Upstream-ID: 43649ae12a27ef94290db16d1a98294588b75c05 + Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7 -commit 29d40319392e6e19deeca9d45468aa1119846e50 -Author: Darren Tucker -Date: Thu Oct 13 04:07:20 2016 +1100 +commit d4084cd230f7319056559b00db8b99296dad49d5 +Author: jmc@openbsd.org +Date: Sat Apr 29 06:06:01 2017 +0000 - Import rev 1.24 from OpenBSD. + upstream commit - revision 1.24 - date: 2013/11/24 23:51:29; author: deraadt; state: Exp; lines: +4 -4; - most obvious unsigned char casts for ctype - ok jca krw ingo - -commit 12069e56221de207ed666c2449dedb431a2a7ca2 -Author: Darren Tucker -Date: Thu Oct 13 04:04:44 2016 +1100 - - Import rev 1.23 from OpenBSD. Fixes bz#2619. + tweak previous; - revision 1.23 - date: 2010/05/14 13:30:34; author: millert; state: Exp; lines: +41 -39; - Defer installing signal handlers until echo is disabled so that we - get suspended normally when not the foreground process. Fix potential - infinite loop when restoring terminal settings if process is in the - background when restore occurs. OK miod@ + Upstream-ID: a3abc6857455299aa42a046d232b7984568bceb9 -commit 7508d83eff89af069760b4cc587305588a64e415 -Author: Darren Tucker -Date: Thu Oct 13 03:53:51 2016 +1100 +commit 249516e428e8461b46340a5df5d5ed1fbad2ccce +Author: djm@openbsd.org +Date: Sat Apr 29 04:12:25 2017 +0000 - If we don't have TCSASOFT, define it to zero. + upstream commit - This makes it a no-op when we use it below, which allows us to re-sync - those lines with the upstream and make future updates easier. + allow ssh-keygen to include arbitrary string or flag + certificate extensions and critical options. ok markus@ dtucker@ + + Upstream-ID: 2cf28dd6c5489eb9fc136e0b667ac3ea10241646 -commit aae4dbd4c058d3b1fe1eb5c4e6ddf35827271377 +commit 47a287bb6ac936c26b4f3ae63279c02902ded3b9 Author: jmc@openbsd.org -Date: Fri Oct 7 14:41:52 2016 +0000 +Date: Fri Apr 28 06:15:03 2017 +0000 upstream commit - tidy up the formatting in this file. more specifically, - replace .Dq, which looks appalling, with .Cm, where appropriate; + sort; - Upstream-ID: ff8e90aa0343d9bb56f40a535e148607973cc738 + Upstream-ID: 7e6b56e52b039cf44d0418e9de9aca20a2d2d15a -commit a571dbcc7b7b25371174569b13df5159bc4c6c7a -Author: djm@openbsd.org -Date: Tue Oct 4 21:34:40 2016 +0000 +commit 36465a76a79ad5040800711b41cf5f32249d5120 +Author: Darren Tucker +Date: Fri Apr 28 14:44:28 2017 +1000 - upstream commit - - add a comment about implicitly-expected checks to - sshkey_ec_validate_public() + Typo. - Upstream-ID: 74a7f71c28f7c13a50f89fc78e7863b9cd61713f + Upstream-Regress-ID: 1e6b51ddf767cbad0a4e63eb08026c127e654308 -commit 2f78a2a698f4222f8e05cad57ac6e0c3d1faff00 -Author: djm@openbsd.org -Date: Fri Sep 30 20:24:46 2016 +0000 +commit 9d18cb7bdeb00b20205fd13d412aae8c0e0457ed +Author: Darren Tucker +Date: Fri Apr 28 14:41:17 2017 +1000 - upstream commit + Add 2 regress commits I applied by hand. - fix some -Wpointer-sign warnings in the new mux proxy; ok - markus@ + Upstream-Regress-ID: 30c20180c87cbc99fa1020489fe7fd8245b6420c + Upstream-Regress-ID: 1e6b51ddf767cbad0a4e63eb08026c127e654308 + +commit 9504ea6b27f9f0ece64e88582ebb9235e664a100 +Author: Darren Tucker +Date: Fri Apr 28 14:33:43 2017 +1000 + + Merge integrity.sh rev 1.22. - Upstream-ID: b1ba7b3769fbc6b7f526792a215b0197f5e55dfd + Merge missing bits from Colin Watson's patch in bz#2658 which make integrity + tests more robust against timeouts. ok djm@ -commit ca71c36645fc26fcd739a8cfdc702cec85607761 -Author: bluhm@openbsd.org -Date: Wed Sep 28 20:09:52 2016 +0000 +commit 06ec837a34542627e2183a412d6a9d2236f22140 +Author: Darren Tucker +Date: Fri Apr 28 14:30:03 2017 +1000 + + Id sync for integrity.sh rev 1.21 which pulls in some shell portability fixes + +commit e0194b471efe7d3daedc9cc66686cb1ab69d3be8 +Author: jsg@openbsd.org +Date: Mon Apr 17 11:02:31 2017 +0000 upstream commit - Add a makefile rule to create the ssh library when - regress needs it. This allows to run the ssh regression tests without doing - a "make build" before. Discussed with dtucker@ and djm@; OK djm@ + Change COMPILER_VERSION tests which limited additional + warnings to gcc4 to instead skip them on gcc3 as clang can handle + -Wpointer-sign and -Wold-style-definition. - Upstream-Regress-ID: ce489bd53afcd471225a125b4b94565d4717c025 + Upstream-Regress-ID: e48d7dc13e48d9334b8195ef884dfbc51316012f -commit ce44c970f913d2a047903dba8670554ac42fc479 -Author: bluhm@openbsd.org -Date: Mon Sep 26 21:34:38 2016 +0000 +commit 6830be90e71f46bcd182a9202b151eaf2b299434 +Author: djm@openbsd.org +Date: Fri Apr 28 03:24:53 2017 +0000 upstream commit - Allow to run ssh regression tests as root. If the user - is already root, the test should not expect that SUDO is set. If ssh needs - another user, use sudo or doas to switch from root if necessary. OK dtucker@ + include key fingerprint in "Offering public key" debug + message - Upstream-Regress-ID: b464e55185ac4303529e3e6927db41683aaeace2 + Upstream-ID: 964749f820c2ed4cf6a866268b1a05e907315c52 -commit 8d0578478586e283e751ca51e7b0690631da139a -Author: markus@openbsd.org -Date: Fri Sep 30 09:19:13 2016 +0000 +commit 066437187e16dcafcbc19f9402ef0e6575899b1d +Author: millert@openbsd.org +Date: Fri Apr 28 03:21:12 2017 +0000 upstream commit - ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux - client speaks the ssh-packet protocol directly over unix-domain socket. - mux - server acts as a proxy, translates channel IDs and relays to the server. - no - filedescriptor passing necessary. - combined with unix-domain forwarding it's - even possible to run mux client and server on different machines. feedback - & ok djm@ + Avoid relying on implementation-specific behavior when + detecting whether the timestamp or file size overflowed. If time_t and off_t + are not either 32-bit or 64-bit scp will exit with an error. OK djm@ - Upstream-ID: 666a2fb79f58e5c50e246265fb2b9251e505c25b + Upstream-ID: f31caae73ddab6df496b7bbbf7da431e267ad135 -commit b7689155f3f5c4999846c07a852b1c7a43b09cec -Author: djm@openbsd.org -Date: Wed Sep 28 21:44:52 2016 +0000 +commit 68d3a2a059183ebd83b15e54984ffaced04d2742 +Author: dtucker@openbsd.org +Date: Fri Apr 28 03:20:27 2017 +0000 upstream commit - put back some pre-auth zlib bits that I shouldn't have - removed - they are still used by the client. Spotted by naddy@ + Add SyslogFacility option to ssh(1) matching the + equivalent option in sshd(8). bz#2705, patch from erahn at arista.com, ok + djm@ - Upstream-ID: 80919468056031037d56a1f5b261c164a6f90dc2 + Upstream-ID: d5115c2c0193ceb056ed857813b2a7222abda9ed -commit 4577adead6a7d600c8e764619d99477a08192c8f -Author: djm@openbsd.org -Date: Wed Sep 28 20:32:42 2016 +0000 +commit e13aad66e73a14b062d13aee4e98f1e21a3f6a14 +Author: jsg@openbsd.org +Date: Thu Apr 27 13:40:05 2017 +0000 upstream commit - restore pre-auth compression support in the client -- the - previous commit was intended to remove it from the server only. - - remove a few server-side pre-auth compression bits that escaped - - adjust wording of Compression directive in sshd_config(5) - - pointed out by naddy@ ok markus@ + remove a static array unused since rev 1.306 spotted by + clang ok djm@ - Upstream-ID: d23696ed72a228dacd4839dd9f2dec424ba2016b + Upstream-ID: 249b3eed2446f6074ba2219ccc46919dd235a7b8 -commit 80d1c963b4dc84ffd11d09617b39c4bffda08956 -Author: jmc@openbsd.org -Date: Wed Sep 28 17:59:22 2016 +0000 +commit 91bd2181866659f00714903e78e1c3edd4c45f3d +Author: millert@openbsd.org +Date: Thu Apr 27 11:53:12 2017 +0000 upstream commit - use a separate TOKENS section, as we've done for - sshd_config(5); help/ok djm + Avoid potential signed int overflow when parsing the file + size. Use strtoul() instead of parsing manually. OK djm@ - Upstream-ID: 640e32b5e4838e4363738cdec955084b3579481d + Upstream-ID: 1f82640861c7d905bbb05e7d935d46b0419ced02 -commit 1cfd5c06efb121e58e8b6671548fda77ef4b4455 -Author: Damien Miller -Date: Thu Sep 29 03:19:23 2016 +1000 +commit 17a54a03f5a1d35e33cc24e22cd7a9d0f6865dc4 +Author: Darren Tucker +Date: Tue Apr 25 08:32:27 2017 +1000 - Remove portability support for mmap + Fix typo in "socketcall". - We no longer need to wrap/replace mmap for portability now that - pre-auth compression has been removed from OpenSSH. + Pointed out by jjelen at redhat.com. -commit 0082fba4efdd492f765ed4c53f0d0fbd3bdbdf7f -Author: djm@openbsd.org -Date: Wed Sep 28 16:33:06 2016 +0000 +commit 8b0eee148f7cf8b248c30d1bae57300f2cc5aafd +Author: Darren Tucker +Date: Mon Apr 24 19:40:31 2017 +1000 - upstream commit - - Remove support for pre-authentication compression. Doing - compression early in the protocol probably seemed reasonable in the 1990s, - but today it's clearly a bad idea in terms of both cryptography (cf. multiple - compression oracle attacks in TLS) and attack surface. - - Moreover, to support it across privilege-separation zlib needed - the assistance of a complex shared-memory manager that made the - required attack surface considerably larger. - - Prompted by Guido Vranken pointing out a compiler-elided security - check in the shared memory manager found by Stack - (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ + Deny socketcall in seccomp filter on ppc64le. - NB. pre-auth authentication has been disabled by default in sshd - for >10 years. + OpenSSL is using socket() calls (in FIPS mode) when handling ECDSA keys + in privsep child. The socket() syscall is already denied in the seccomp + filter, but in ppc64le kernel, it is implemented using socketcall() + syscall, which is not denied yet (only SYS_SHUTDOWN is allowed) and + therefore fails hard. - Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf + Patch from jjelen at redhat.com. -commit 27c3a9c2aede2184856b5de1e6eca414bb751c38 -Author: djm@openbsd.org -Date: Mon Sep 26 21:16:11 2016 +0000 +commit f8500b2be599053daa05248a86a743232ec6a536 +Author: schwarze@openbsd.org +Date: Mon Apr 17 14:31:23 2017 +0000 upstream commit - Avoid a theoretical signed integer overflow should - BN_num_bytes() ever violate its manpage and return a negative value. Improve - order of tests to avoid confusing increasingly pedantic compilers. - - Reported by Guido Vranken from stack (css.csail.mit.edu/stack) - unstable optimisation analyser output. ok deraadt@ + Recognize nl_langinfo(CODESET) return values "646" and "" + as aliases for "US-ASCII", useful for different versions of NetBSD and + Solaris. Found by dtucker@ and by Tom G. Christensen . OK dtucker@ deraadt@ - Upstream-ID: f8508c830c86d8f36c113985e52bf8eedae23505 + Upstream-ID: 38c2133817cbcae75c88c63599ac54228f0fa384 -commit 8663e51c80c6aa3d750c6d3bcff6ee05091922be -Author: Damien Miller -Date: Wed Sep 28 07:40:33 2016 +1000 +commit 7480dfedf8c5c93baaabef444b3def9331e86ad5 +Author: jsg@openbsd.org +Date: Mon Apr 17 11:02:31 2017 +0000 - fix mdoc2man.awk formatting for top-level lists + upstream commit - Reported by Glenn Golden - Diagnosis and fix from Ingo Schwarze + Change COMPILER_VERSION tests which limited additional + warnings to gcc4 to instead skip them on gcc3 as clang can handle + -Wpointer-sign and -Wold-style-definition. + + Upstream-ID: 5cbe348aa76dc1adf55be6c0e388fafaa945439a -commit b97739dc21570209ed9d4e7beee0c669ed23b097 +commit 4d827f0d75a53d3952288ab882efbddea7ffadfe Author: djm@openbsd.org -Date: Thu Sep 22 21:15:41 2016 +0000 +Date: Tue Apr 4 00:24:56 2017 +0000 upstream commit - missing bit from previous commit + disallow creation (of empty files) in read-only mode; + reported by Michal Zalewski, feedback & ok deraadt@ - Upstream-ID: 438d5ed6338b28b46e822eb13eee448aca31df37 + Upstream-ID: 5d9c8f2fa8511d4ecf95322994ffe73e9283899b -commit de6a175a99d22444e10d19ad3fffef39bc3ee3bb -Author: jmc@openbsd.org -Date: Thu Sep 22 19:19:01 2016 +0000 +commit ef47843af0a904a21c920e619c5aec97b65dd9ac +Author: deraadt@openbsd.org +Date: Sun Mar 26 00:18:52 2017 +0000 upstream commit - organise the token stuff into a separate section; ok - markus for an earlier version of the diff ok/tweaks djm + incorrect renditions of this quote bother me - Upstream-ID: 81a6daa506a4a5af985fce7cf9e59699156527c8 + Upstream-ID: 1662be3ebb7a71d543da088119c31d4d463a9e49 -commit 16277fc45ffc95e4ffc3d45971ff8320b974de2b -Author: djm@openbsd.org -Date: Thu Sep 22 17:55:13 2016 +0000 +commit d9048861bea842c4eba9c2dbbf97064cc2a5ef02 +Author: Darren Tucker +Date: Fri Mar 31 11:04:43 2017 +1100 - upstream commit + Check for and use gcc's -pipe. - mention curve25519-sha256 KEX + Speeds up configure and build by a couple of percent. ok djm@ + +commit 282cad2240c4fbc104c2f2df86d688192cbbe4bb +Author: Darren Tucker +Date: Wed Mar 29 16:34:44 2017 +1100 + + Import fmt_scaled.c rev 1.16 from OpenBSD. - Upstream-ID: 33ae1f433ce4795ffa6203761fbdf86e0d7ffbaf + Fix overly-conservative overflow checks on mulitplications and add checks + on additions. This allows scan_scaled to work up to +/-LLONG_MAX (LLONG_MIN + will still be flagged as a range error). ok millert@ -commit 0493766d5676c7ca358824ea8d3c90f6047953df -Author: djm@openbsd.org -Date: Thu Sep 22 17:52:53 2016 +0000 +commit c73a229e4edf98920f395e19fd310684fc6bb951 +Author: Darren Tucker +Date: Wed Mar 29 16:34:02 2017 +1100 - upstream commit + Import fmt_scaled.c rev 1.15 from OpenBSD. - support plain curve25519-sha256 KEX algorithm now that it - is approaching standardisation (same algorithm is currently supported as - curve25519-sha256@libssh.org) + Collapse underflow and overflow checks into a single block. + ok djm@ millert@ + +commit d427b73bf5a564f663d16546dbcbd84ba8b9d4af +Author: Darren Tucker +Date: Wed Mar 29 16:32:57 2017 +1100 + + Import fmt_scaled.c rev 1.14 from OpenBSD. - Upstream-ID: 5e2b6db2e72667048cf426da43c0ee3fc777baa2 + Catch integer underflow in scan_scaled reported by Nicolas Iooss. + ok deraadt@ djm@ -commit f31c654b30a6f02ce0b8ea8ab81791b675489628 -Author: dtucker@openbsd.org -Date: Thu Sep 22 02:29:57 2016 +0000 +commit d13281f2964abc5f2e535e1613c77fc61b0c53e7 +Author: Darren Tucker +Date: Wed Mar 29 12:39:39 2017 +1100 - upstream commit + Don't check privsep user or path when unprivileged - If ssh receives a PACKET_DISCONNECT during userauth it - will cause ssh_dispatch_run(DISPATCH_BLOCK, ...) to return without the - session being authenticated. Check for this and exit if necessary. ok djm@ + If running with privsep (mandatory now) as a non-privileged user, we + don't chroot or change to an unprivileged user however we still checked + the existence of the user and directory. Don't do those checks if we're + not going to use them. Based in part on a patch from Lionel Fourquaux + via Corinna Vinschen, ok djm@ + +commit f2742a481fe151e493765a3fbdef200df2ea7037 +Author: Darren Tucker +Date: Wed Mar 29 10:50:31 2017 +1100 + + Remove SHA256 EVP wrapper implementation. - Upstream-ID: b3afe126c0839d2eae6cddd41ff2ba317eda0903 + All supported versions of OpenSSL should now have SHA256 so remove our + EVP wrapper implementaion. ok djm@ -commit 1622649b7a829fc8dc313042a43a974f0f3e8a99 -Author: djm@openbsd.org -Date: Wed Sep 21 19:53:12 2016 +0000 +commit 5346f271fc76549caf4a8e65b5fba319be422fe9 +Author: Darren Tucker +Date: Wed Mar 29 10:23:58 2017 +1100 - upstream commit + Remove check for OpenSSL < 0.9.8g. - correctly return errors from kex_send_ext_info(). Fix from - Sami Farin via https://github.com/openssh/openssh-portable/pull/50 + We no longer support OpenSSL < 1.0.1 so remove check for unreliable ECC + in OpenSSL < 0.9.8g. + +commit 8fed0a5fe7b4e78a6810b133d8e91be9742ee0a1 +Author: Darren Tucker +Date: Wed Mar 29 10:16:15 2017 +1100 + + Remove compat code for OpenSSL < 0.9.7. - Upstream-ID: c85999af28aaecbf92cfa2283381df81e839b42c + Resyncs that code with OpenBSD upstream. -commit f83a0cfe16c7a73627b46a9a94e40087d60f32fb -Author: djm@openbsd.org -Date: Wed Sep 21 17:44:20 2016 +0000 +commit 608ec1f62ff22fdccc3952e51463d79c43cbd0d3 +Author: Darren Tucker +Date: Wed Mar 29 09:50:54 2017 +1100 - upstream commit + Remove SSHv1 code path. - cast uint64_t for printf + Server-side support for Protocol 1 has been removed so remove !compat20 + PAM code path. + +commit 7af27bf538cbc493d609753f9a6d43168d438f1b +Author: Darren Tucker +Date: Fri Mar 24 09:44:56 2017 +1100 + + Enable ldns when using ldns-config. - Upstream-ID: 76d23e89419ccbd2320f92792a6d878211666ac1 + Actually enable ldns when attempting to use ldns-config. bz#2697, patch + from fredrik at fornwall.net. -commit 5f63ab474f58834feca4f35c498be03b7dd38a16 +commit 58b8cfa2a062b72139d7229ae8de567f55776f24 +Author: Damien Miller +Date: Wed Mar 22 12:43:02 2017 +1100 + + Missing header on Linux/s390 + + Patch from Jakub Jelen + +commit 096fb65084593f9f3c1fc91b6d9052759a272a00 Author: djm@openbsd.org -Date: Wed Sep 21 17:03:54 2016 +0000 +Date: Mon Mar 20 22:08:06 2017 +0000 upstream commit - disable tests for affirmative negated match after backout of - match change + remove /usr/bin/time calls around tests, makes diffing test + runs harder. Based on patch from Mike Frysinger - Upstream-Regress-ID: acebb8e5042f03d66d86a50405c46c4de0badcfd + Upstream-Regress-ID: 81c1083b14dcf473b23d2817882f40b346ebc95c -commit a5ad3a9db5a48f350f257a67b62fafd719ecb7e0 +commit 6b853c6f8ba5eecc50f3b57af8e63f8184eb0fa6 +Author: Damien Miller +Date: Tue Mar 21 08:47:55 2017 +1100 + + Fix syntax error on Linux/X32 + + Patch from Mike Frysinger + +commit d38f05dbdd291212bc95ea80648b72b7177e9f4e +Author: Darren Tucker +Date: Mon Mar 20 13:38:27 2017 +1100 + + Add llabs() implementation. + +commit 72536316a219b7394996a74691a5d4ec197480f7 +Author: Damien Miller +Date: Mon Mar 20 12:23:04 2017 +1100 + + crank version numbers + +commit 3be52bc36bdfd24ded7e0f46999e7db520fb4e3f Author: djm@openbsd.org -Date: Wed Sep 21 16:55:42 2016 +0000 +Date: Mon Mar 20 01:18:59 2017 +0000 upstream commit - Revert two recent changes to negated address matching. The - new behaviour offers unintuitive surprises. We'll find a better way to deal - with single negated matches. + openssh-7.5 - match.c 1.31: - > fix matching for pattern lists that contain a single negated match, - > e.g. "Host !example" - > - > report and patch from Robin Becker. bz#1918 ok dtucker@ + Upstream-ID: b8b9a4a949427c393cd868215e1724ceb3467ee5 + +commit db84e52fe9cfad57f22e7e23c5fbf00092385129 +Author: Damien Miller +Date: Mon Mar 20 12:07:20 2017 +1100 + + I'm a doofus. - addrmatch.c 1.11: - > fix negated address matching where the address list consists of a - > single negated match, e.g. "Match addr !192.20.0.1" - > - > Report and patch from Jakub Jelen. bz#2397 ok dtucker@ + Unbreak obvious syntax error. + +commit 89f04852db27643717c9c3a2b0dde97ae50099ee +Author: Damien Miller +Date: Mon Mar 20 11:53:34 2017 +1100 + + on Cygwin, check paths from server for backslashes - Upstream-ID: ec96c770f0f5b9a54e5e72fda25387545e9c80c6 + Pointed out by Jann Horn of Google Project Zero -commit 119b7a2ca0ef2bf3f81897ae10301b8ca8cba844 -Author: djm@openbsd.org -Date: Wed Sep 21 01:35:12 2016 +0000 +commit 7ef1f9bafc2cc8d97ff2fbd4f280002b6e8ea5d9 +Author: Damien Miller +Date: Mon Mar 20 11:48:34 2017 +1100 + + Yet another synonym for ASCII: "646" + + Used by NetBSD; this unbreaks mprintf() and friends there for the C + locale (caught by dtucker@ and his menagerie of test systems). + +commit 9165abfea3f68a0c684a6ed2e575e59bc31a3a6b +Author: Damien Miller +Date: Mon Mar 20 09:58:34 2017 +1100 + + create test mux socket in /tmp + + Creating the socket in $OBJ could blow past the (quite limited) + path limit for Unix domain sockets. As a bandaid for bz#2660, + reported by Colin Watson; ok dtucker@ + +commit 2adbe1e63bc313d03e8e84e652cc623af8ebb163 +Author: markus@openbsd.org +Date: Wed Mar 15 07:07:39 2017 +0000 upstream commit - test all the AuthorizedPrincipalsCommand % expansions + disallow KEXINIT before NEWKEYS; ok djm; report by + vegard.nossum at oracle.com - Upstream-Regress-ID: 0a79a84dfaa59f958e46b474c3db780b454d30e3 + Upstream-ID: 3668852d1f145050e62f1da08917de34cb0c5234 -commit bfa9d969ab6235d4938ce069d4db7e5825c56a19 +commit 2fbf91684d76d38b9cf06550b69c9e41bca5a71c +Author: Darren Tucker +Date: Thu Mar 16 14:05:46 2017 +1100 + + Include includes.h for compat bits. + +commit b55f634e96b9c5b0cd991e23a9ca181bec4bdbad +Author: Darren Tucker +Date: Thu Mar 16 13:45:17 2017 +1100 + + Wrap stdint.h in #ifdef HAVE_STDINT_H + +commit 55a1117d7342a0bf8b793250cf314bab6b482b99 +Author: Damien Miller +Date: Thu Mar 16 11:22:42 2017 +1100 + + Adapt Cygwin config script to privsep knob removal + + Patch from Corinna Vinschen. + +commit 1a321bfdb91defe3c4d9cca5651724ae167e5436 +Author: deraadt@openbsd.org +Date: Wed Mar 15 03:52:30 2017 +0000 + + upstream commit + + accidents happen to the best of us; ok djm + + Upstream-ID: b7a9dbd71011ffde95e06f6945fe7197dedd1604 + +commit 25f837646be8c2017c914d34be71ca435dfc0e07 Author: djm@openbsd.org -Date: Wed Sep 21 01:34:45 2016 +0000 +Date: Wed Mar 15 02:25:09 2017 +0000 upstream commit - add a way for principals command to get see key ID and serial - too + fix regression in 7.4: deletion of PKCS#11-hosted keys + would fail unless they were specified by full physical pathname. Report and + fix from Jakub Jelen via bz#2682; ok dtucker@ - Upstream-ID: 0d30978bdcf7e8eaeee4eea1b030eb2eb1823fcb + Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268 -commit 920585b826af1c639e4ed78b2eba01fd2337b127 +commit a8c5eeacf032a7d3408957e45dd7603cc1baf55f Author: djm@openbsd.org -Date: Fri Sep 16 06:09:31 2016 +0000 +Date: Wed Mar 15 02:19:09 2017 +0000 upstream commit - add a note on kexfuzz' limitations + Fix segfault when sshd attempts to load RSA1 keys (can + only happen when protocol v.1 support is enabled for the client). Reported by + Jakub Jelen in bz#2686; ok dtucker - Upstream-Regress-ID: 03804d4a0dbc5163e1a285a4c8cc0a76a4e864ec + Upstream-ID: 8fdaec2ba4b5f65db1d094f6714ce64b25d871d7 -commit 0445ff184080b196e12321998b4ce80b0f33f8d1 +commit 66705948c0639a7061a0d0753266da7685badfec Author: djm@openbsd.org -Date: Fri Sep 16 01:01:41 2016 +0000 +Date: Tue Mar 14 07:19:07 2017 +0000 upstream commit - fix for newer modp DH groups - (diffie-hellman-group14-sha256 etc) + Mark the sshd_config UsePrivilegeSeparation option as + deprecated, effectively making privsep mandatory in sandboxing mode. ok + markus@ deraadt@ - Upstream-Regress-ID: fe942c669959462b507516ae1634fde0725f1c68 + (note: this doesn't remove the !privsep code paths, though that will + happen eventually). + + Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a -commit 28652bca29046f62c7045e933e6b931de1d16737 -Author: markus@openbsd.org -Date: Mon Sep 19 19:02:19 2016 +0000 +commit f86586b03fe6cd8f595289bde200a94bc2c191af +Author: Damien Miller +Date: Tue Mar 14 18:26:29 2017 +1100 + + Make seccomp-bpf sandbox work on Linux/X32 + + Allow clock_gettime syscall with X32 bit masked off. Apparently + this is required for at least some kernel versions. bz#2142 + Patch mostly by Colin Watson. ok dtucker@ + +commit 2429cf78dd2a9741ce27ba25ac41c535274a0af6 +Author: Damien Miller +Date: Tue Mar 14 18:01:52 2017 +1100 + + require OpenSSL >=1.0.1 + +commit e3ea335abeab731c68f2b2141bee85a4b0bf680f +Author: Damien Miller +Date: Tue Mar 14 17:48:43 2017 +1100 + + Remove macro trickery; no binary change + + This stops the SC_ALLOW(), SC_ALLOW_ARG() and SC_DENY() macros + prepending __NR_ to the syscall number parameter and just makes + them explicit in the macro invocations. + + No binary change in stripped object file before/after. + +commit 5f1596e11d55539678c41f68aed358628d33d86f +Author: Damien Miller +Date: Tue Mar 14 13:15:18 2017 +1100 + + support ioctls for ICA crypto card on Linux/s390 + + Based on patch from Eduardo Barretto; ok dtucker@ + +commit b1b22dd0df2668b322dda174e501dccba2cf5c44 +Author: Darren Tucker +Date: Tue Mar 14 14:19:36 2017 +1100 + + Plumb conversion test into makefile. + +commit f57783f1ddfb4cdfbd612c6beb5ec01cb5b9a6b9 +Author: dtucker@openbsd.org +Date: Tue Mar 14 01:20:29 2017 +0000 upstream commit - move inbound NEWKEYS handling to kex layer; otherwise - early NEWKEYS causes NULL deref; found by Robert Swiecki/honggfuzz; fixed - with & ok djm@ + Add unit test for convtime(). - Upstream-ID: 9a68b882892e9f51dc7bfa9f5a423858af358b2f + Upstream-Regress-ID: 8717bc0ca4c21120f6dd3a1d3b7a363f707c31e1 -commit 492710894acfcc2f173d14d1d45bd2e688df605d -Author: natano@openbsd.org -Date: Mon Sep 19 07:52:42 2016 +0000 +commit 8884b7247d094cd11ff9e39c325ba928c5bdbc6c +Author: dtucker@openbsd.org +Date: Tue Mar 14 01:10:07 2017 +0000 upstream commit - Replace two more arc4random() loops with - arc4random_buf(). + Add ASSERT_LONG_* helpers. - tweaks and ok dtucker - ok deraadt + Upstream-Regress-ID: fe15beaea8f5063c7f21b0660c722648e3d76431 + +commit c6774d21185220c0ba11e8fd204bf0ad1a432071 +Author: dtucker@openbsd.org +Date: Tue Mar 14 00:55:37 2017 +0000 + + upstream commit - Upstream-ID: 738d3229130ccc7eac975c190276ca6fcf0208e4 + Fix convtime() overflow test on boundary condition, + spotted by & ok djm. + + Upstream-ID: 51f14c507ea87a3022e63f574100613ab2ba5708 -commit 1036356324fecc13099ac6e986b549f6219327d7 -Author: tedu@openbsd.org -Date: Sat Sep 17 18:00:27 2016 +0000 +commit f5746b40cfe6d767c8e128fe50c43274b31cd594 +Author: dtucker@openbsd.org +Date: Tue Mar 14 00:25:03 2017 +0000 upstream commit - replace two arc4random loops with arc4random_buf ok - deraadt natano + Check for integer overflow when parsing times in + convtime(). Reported by nicolas.iooss at m4x.org, ok djm@ - Upstream-ID: e18ede972d1737df54b49f011fa4f3917a403f48 + Upstream-ID: 35e6a4e98f6fa24df50bfb8ba1307cf70e966f13 -commit 00df97ff68a49a756d4b977cd02283690f5dfa34 +commit f5907982f42a8d88a430b8a46752cbb7859ba979 +Author: Darren Tucker +Date: Tue Mar 14 13:38:15 2017 +1100 + + Add a "unit" target to run only unit tests. + +commit 9e96b41682aed793fadbea5ccd472f862179fb02 +Author: Damien Miller +Date: Tue Mar 14 12:24:47 2017 +1100 + + Fix weakness in seccomp-bpf sandbox arg inspection + + Syscall arguments are passed via an array of 64-bit values in struct + seccomp_data, but we were only inspecting the bottom 32 bits and not + even those correctly for BE systems. + + Fortunately, the only case argument inspection was used was in the + socketcall filtering so using this for sandbox escape seems + impossible. + + ok dtucker + +commit 8ff3fc3f2f7c13e8968717bc2b895ee32c441275 Author: djm@openbsd.org -Date: Wed Sep 14 20:11:26 2016 +0000 +Date: Sat Mar 11 23:44:16 2017 +0000 upstream commit - take fingerprint of correct key for - AuthorizedPrincipalsCommand + regress tests for loading certificates without public keys; + bz#2617 based on patch from Adam Eijdenberg; ok markus@ dtucker@ - Upstream-ID: 553581a549cd6a3e73ce9f57559a325cc2cb1f38 + Upstream-Regress-ID: 0145d19328ed995b73fe2d9da33596b17429d0d0 -commit e7907c1cb938b96dd33d27c2fea72c4e08c6b2f6 +commit 1e24552716194db8f2f620587b876158a9ef56ad Author: djm@openbsd.org -Date: Wed Sep 14 05:42:25 2016 +0000 +Date: Sat Mar 11 23:40:26 2017 +0000 upstream commit - add %-escapes to AuthorizedPrincipalsCommand to match those - supported for AuthorizedKeysCommand (key, key type, fingerprint, etc) and a - few more to provide access to the certificate's CA key; 'looks ok' dtucker@ + allow ssh to use certificates accompanied by a private + key file but no corresponding plain *.pub public key. bz#2617 based on patch + from Adam Eijdenberg; ok dtucker@ markus@ - Upstream-ID: 6b00fd446dbebe67f4e4e146d2e492d650ae04eb + Upstream-ID: 295668dca2c39505281577217583ddd2bd4b00b9 -commit 2b939c272a81c4d0c47badeedbcb2ba7c128ccda -Author: dtucker@openbsd.org -Date: Wed Sep 14 00:45:31 2016 +0000 +commit 0fb1a617a07b8df5de188dd5a0c8bf293d4bfc0e +Author: markus@openbsd.org +Date: Sat Mar 11 13:07:35 2017 +0000 upstream commit - Improve test coverage of ssh-keygen -T a bit. + Don't count the initial block twice when computing how + many bytes to discard for the work around for the attacks against CBC-mode. + ok djm@; report from Jean Paul, Kenny, Martin and Torben @ RHUL - Upstream-Regress-ID: 8851668c721bcc2b400600cfc5a87644cc024e72 + Upstream-ID: f445f509a4e0a7ba3b9c0dae7311cb42458dc1e2 -commit 44d82fc83be6c5ccd70881c2dac1a73e5050398b +commit ef653dd5bd5777132d9f9ee356225f9ee3379504 Author: dtucker@openbsd.org -Date: Mon Sep 12 02:25:46 2016 +0000 +Date: Fri Mar 10 07:18:32 2017 +0000 upstream commit - Add testcase for ssh-keygen -j, -J and -K options for - moduli screening. Does not currently test generation as that is extremely - slow. + krl.c - Upstream-Regress-ID: 9de6ce801377ed3ce0a63a1413f1cd5fd3c2d062 + Upstream-ID: fc5e695d5d107d730182e2da7b23f00b489e0ee1 -commit 44e5f756d286bc3a1a5272ea484ee276ba3ac5c2 -Author: djm@openbsd.org -Date: Tue Aug 23 08:17:04 2016 +0000 +commit d94c1dfef2ea30ca67b1204ada7c3b537c54f4d0 +Author: Damien Miller +Date: Sun Mar 12 10:48:14 2017 +1100 - upstream commit + sync fmt_scaled.c with OpenBSD - add tests for addr_match_list() + revision 1.13 + date: 2017/03/11 23:37:23; author: djm; state: Exp; lines: +14 -1; commitid: jnFKyHkB3CEiEZ2R; + fix signed integer overflow in scan_scaled. Found by Nicolas Iooss + using AFL against ssh_config. ok deraadt@ millert@ + ---------------------------- + revision 1.12 + date: 2013/11/29 19:00:51; author: deraadt; state: Exp; lines: +6 -5; + fairly simple unsigned char casts for ctype + ok krw + ---------------------------- + revision 1.11 + date: 2012/11/12 14:07:20; author: halex; state: Exp; lines: +4 -2; + make scan_scaled set errno to EINVAL rather than ERANGE if it encounters + an invalid multiplier, like the man page says it should - Upstream-Regress-ID: fae2d1fef84687ece584738a924c7bf969616c8e + "looks sensible" deraadt@, ok ian@ + ---------------------------- + revision 1.10 + date: 2009/06/20 15:00:04; author: martynas; state: Exp; lines: +4 -4; + use llabs instead of the home-grown version; and some comment changes + ok ian@, millert@ + ---------------------------- -commit 445e218878035b59c704c18406e8aeaff4c8aa25 +commit 894221a63fa061e52e414ca58d47edc5fe645968 Author: djm@openbsd.org -Date: Mon Sep 12 23:39:34 2016 +0000 +Date: Fri Mar 10 05:01:13 2017 +0000 upstream commit - handle certs in rsa_hash_alg_from_ident(), saving an - unnecessary special case elsewhere. + When updating hostkeys, accept RSA keys if + HostkeyAlgorithms contains any RSA keytype. Previously, ssh could ignore RSA + keys when any of the ssh-rsa-sha2-* methods was enabled in HostkeyAlgorithms + nit ssh-rsa (SHA1 signatures) was not. bz#2650 reported by Luis Ressel; ok + dtucker@ - Upstream-ID: 901cb081c59d6d2698b57901c427f3f6dc7397d4 + Upstream-ID: c5e8cfee15c42f4a05d126158a0766ea06da79d2 -commit 130f5df4fa37cace8c079dccb690e5cafbf00751 +commit dd3e2298663f4cc1a06bc69582d00dcfee27d73c Author: djm@openbsd.org -Date: Mon Sep 12 23:31:27 2016 +0000 +Date: Fri Mar 10 04:24:55 2017 +0000 upstream commit - list all supported signature algorithms in the - server-sig-algs Reported by mb AT smartftp.com in bz#2547 and (independantly) - Ron Frederick; ok markus@ + make hostname matching really insensitive to case; + bz#2685, reported by Petr Cerny; ok dtucker@ - Upstream-ID: ddf702d721f54646b11ef2cee6d916666cb685cd - -commit 8f750ccfc07acb8aa98be5a5dd935033a6468cfd -Author: Darren Tucker -Date: Mon Sep 12 14:43:58 2016 +1000 - - Remove no-op brackets to resync with upstream. - -commit 7050896e7395866278c19c2ff080c26152619d1d -Author: Darren Tucker -Date: Mon Sep 12 13:57:28 2016 +1000 - - Resync ssh-keygen -W error message with upstream. - -commit 43cceff82cc20413cce58ba3375e19684e62cec4 -Author: Darren Tucker -Date: Mon Sep 12 13:55:37 2016 +1000 - - Move ssh-keygen -W handling code to match upstream - -commit af48d541360b1d7737b35740a4b1ca34e1652cd9 -Author: Darren Tucker -Date: Mon Sep 12 13:52:17 2016 +1000 - - Move ssh-keygen -T handling code to match upstream. - -commit d8c3cfbb018825c6c86547165ddaf11924901c49 -Author: Darren Tucker -Date: Mon Sep 12 13:30:50 2016 +1000 - - Move -M handling code to match upstream. + Upstream-ID: e467622ff154269e36ba8b6c9e3d105e1c4a9253 -commit 7b63cf6dbbfa841c003de57d1061acbf2ff22364 -Author: dtucker@openbsd.org -Date: Mon Sep 12 03:29:16 2016 +0000 +commit 77a9be9446697fe8b5499fe651f4a82a71a4b51f +Author: djm@openbsd.org +Date: Fri Mar 10 03:52:48 2017 +0000 upstream commit - Spaces->tabs. + reword a comment to make it fit 80 columns - Upstream-ID: f4829dfc3f36318273f6082b379ac562eead70b7 + Upstream-ID: 4ef509a66b96c7314bbcc87027c2af71fa9d0ba4 -commit 11e5e644536821ceb3bb4dd8487fbf0588522887 -Author: dtucker@openbsd.org -Date: Mon Sep 12 03:25:20 2016 +0000 +commit 61b8ef6a66efaec07e023342cb94a10bdc2254dc +Author: djm@openbsd.org +Date: Fri Mar 10 04:27:32 2017 +0000 upstream commit - Style whitespace fix. Also happens to remove a no-op - diff with portable. + better match sshd config parser behaviour: fatal() if + line is overlong, increase line buffer to match sshd's; bz#2651 reported by + Don Fong; ok dtucker@ - Upstream-ID: 45d90f9a62ad56340913a433a9453eb30ceb8bf3 + Upstream-ID: b175ae7e0ba403833f1ee566edf10f67443ccd18 -commit 9136ec134c97a8aff2917760c03134f52945ff3c -Author: deraadt@openbsd.org -Date: Mon Sep 12 01:22:38 2016 +0000 +commit db2597207e69912f2592cd86a1de8e948a9d7ffb +Author: djm@openbsd.org +Date: Fri Mar 10 04:26:06 2017 +0000 upstream commit - Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then - use those definitions rather than pulling and unknown namespace - pollution. ok djm markus dtucker + ensure hostname is lower-case before hashing it; + bz#2591 reported by Griff Miller II; ok dtucker@ - Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8 + Upstream-ID: c3b8b93804f376bd00d859b8bcd9fc0d86b4db17 -commit f219fc8f03caca7ac82a38ed74bbd6432a1195e7 -Author: jmc@openbsd.org -Date: Wed Sep 7 18:39:24 2016 +0000 +commit df9936936c695f85c1038bd706d62edf752aca4b +Author: djm@openbsd.org +Date: Fri Mar 10 04:24:55 2017 +0000 upstream commit - sort; from matthew martin + make hostname matching really insensitive to case; + bz#2685, reported by Petr Cerny; ok dtucker@ - Upstream-ID: 73cec7f7ecc82d37a4adffad7745e4684de67ce7 + Upstream-ID: e632b7a9bf0d0558d5ff56dab98b7cca6c3db549 -commit 06ce56b05def9460aecc7cdb40e861a346214793 -Author: markus@openbsd.org -Date: Tue Sep 6 09:22:56 2016 +0000 +commit 67eed24bfa7645d88fa0b883745fccb22a0e527e +Author: dtucker@openbsd.org +Date: Fri Mar 10 04:11:00 2017 +0000 upstream commit - ssh_set_newkeys: print correct block counters on - rekeying; ok djm@ + Remove old null check from config dumper. Patch from + jjelen at redhat.com vi bz#2687, ok djm@ - Upstream-ID: 32bb7a9cb9919ff5bab28d50ecef3a2b2045dd1e + Upstream-ID: 824ab71467b78c4bab0dd1b3a38e8bc5f63dd528 -commit e5e8d9114ac6837a038f4952994ca95a97fafe8d -Author: markus@openbsd.org -Date: Tue Sep 6 09:14:05 2016 +0000 +commit 183ba55aaaecca0206184b854ad6155df237adbe +Author: djm@openbsd.org +Date: Fri Mar 10 04:07:20 2017 +0000 upstream commit - update ext_info_c every time we receive a kexinit msg; - fixes sending of ext_info if privsep is disabled; report Aris Adamantiadis & - Mancha; ok djm@ + fix regression in 7.4 server-sig-algs, where we were + accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno + Goncalves; ok dtucker@ - Upstream-ID: 2ceaa1076e19dbd3542254b4fb8e42d608f28856 + Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8 -commit da95318dbedbaa1335323dba370975c2f251afd8 -Author: djm@openbsd.org -Date: Mon Sep 5 14:02:42 2016 +0000 +commit 66be4fe8c4435af5bbc82998501a142a831f1181 +Author: dtucker@openbsd.org +Date: Fri Mar 10 03:53:11 2017 +0000 upstream commit - remove 3des-cbc from the client's default proposal; - 64-bit block ciphers are not safe in 2016 and we don't want to wait until - attacks like sweet32 are extended to SSH. - - As 3des-cbc was the only mandatory cipher in the SSH RFCs, this may - cause problems connecting to older devices using the defaults, but - it's highly likely that such devices already need explicit - configuration for KEX and hostkeys anyway. - - ok deraadt, markus, dtucker + Check for NULL return value from key_new. Patch from + jjelen at redhat.com via bz#2687, ok djm@ - Upstream-ID: a505dfe65c6733af0f751b64cbc4bb7e0761bc2f + Upstream-ID: 059e33cd43cba88dc8caf0b1936fd4dd88fd5b8e -commit b33ad6d997d36edfea65e243cd12ccd01f413549 +commit ec2892b5c7fea199914cb3a6afb3af38f84990bf Author: djm@openbsd.org -Date: Mon Sep 5 13:57:31 2016 +0000 +Date: Fri Mar 10 03:52:48 2017 +0000 upstream commit - enforce expected request flow for GSSAPI calls; thanks to - Jakub Jelen for testing; ok markus@ + reword a comment to make it fit 80 columns - Upstream-ID: d4bc0e70e1be403735d3d9d7e176309b1fd626b9 + Upstream-ID: b4b48b4487c0821d16e812c40c9b09f03b28e349 -commit 0bb2980260fb24e5e0b51adac471395781b66261 -Author: Darren Tucker -Date: Mon Sep 12 11:07:00 2016 +1000 +commit 7fadbb6da3f4122de689165651eb39985e1cba85 +Author: dtucker@openbsd.org +Date: Fri Mar 10 03:48:57 2017 +0000 - Restore ssh-keygen's -J and -j option handling. + upstream commit - These were incorrectly removed in the 1d9a2e28 sync commit. + Check for NULL argument to sshkey_read. Patch from + jjelen at redhat.com via bz#2687, ok djm@ + + Upstream-ID: c2d00c2ea50c4861d271d0a586f925cc64a87e0e -commit 775f8a23f2353f5869003c57a213d14b28e0736e -Author: Damien Miller -Date: Wed Aug 31 10:48:07 2016 +1000 +commit 5a06b9e019e2b0b0f65a223422935b66f3749de3 +Author: dtucker@openbsd.org +Date: Fri Mar 10 03:45:40 2017 +0000 - tighten PAM monitor calls + upstream commit - only allow kbd-interactive ones when that authentication method is - enabled. Prompted by Solar Designer + Plug some mem leaks mostly on error paths. From jjelen + at redhat.com via bz#2687, ok djm@ + + Upstream-ID: 3fb030149598957a51b7c8beb32bf92cf30c96f2 -commit 7fd0ea8a1db4bcfb3d8cd9df149e5d571ebea1f4 -Author: djm@openbsd.org -Date: Tue Aug 30 07:50:21 2016 +0000 +commit f6edbe9febff8121f26835996b1229b5064d31b7 +Author: dtucker@openbsd.org +Date: Fri Mar 10 03:24:48 2017 +0000 upstream commit - restrict monitor auth calls to be allowed only when their - respective authentication methods are enabled in the configuration. - - prompted by Solar Designer; ok markus dtucker + Plug mem leak on GLOB_NOMATCH case. From jjelen at + redhat.com via bz#2687, ok djm@ - Upstream-ID: 6eb3f89332b3546d41d6dbf5a8e6ff920142b553 + Upstream-ID: 8016a7ae97719d3aa55fb723fc2ad3200058340d -commit b38b95f5bcc52278feb839afda2987933f68ff96 -Author: Damien Miller -Date: Mon Aug 29 11:47:07 2016 +1000 +commit 566b3a46e89a2fda2db46f04f2639e92da64a120 +Author: dtucker@openbsd.org +Date: Fri Mar 10 03:22:40 2017 +0000 - Tighten monitor state-machine flow for PAM calls + upstream commit - (attack surface reduction) + Plug descriptor leaks of auth_sock. From jjelen at + redhat.com via bz#2687, ok djm@ + + Upstream-ID: 248acb99a5ed2fdca37d1aa33c0fcee7be286d88 -commit dc664d1bd0fc91b24406a3e9575b81c285b8342b +commit 8a2834454c73dfc1eb96453c0e97690595f3f4c2 Author: djm@openbsd.org -Date: Sun Aug 28 22:28:12 2016 +0000 +Date: Fri Mar 10 03:18:24 2017 +0000 upstream commit - fix uninitialised optlen in getsockopt() call; harmless - on Unix/BSD but potentially crashy on Cygwin. Reported by James Slepicka ok - deraadt@ + correctly hash hosts with a port number. Reported by Josh + Powers in bz#2692; ok dtucker@ - Upstream-ID: 1987ccee508ba5b18f016c85100d7ac3f70ff965 + Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442 -commit 5bcc1e2769f7d6927d41daf0719a9446ceab8dd7 -Author: guenther@openbsd.org -Date: Sat Aug 27 04:05:12 2016 +0000 +commit 9747b9c742de409633d4753bf1a752cbd211e2d3 +Author: djm@openbsd.org +Date: Fri Mar 10 03:15:58 2017 +0000 upstream commit - Pull in for struct timeval - - ok deraadt@ + don't truncate off \r\n from long stderr lines; bz#2688, + reported by Brian Dyson; ok dtucker@ - Upstream-ID: ae34525485a173bccd61ac8eefeb91c57e3b7df6 + Upstream-ID: cdfdc4ba90639af807397ce996153c88af046ca4 -commit fa4a4c96b19127dc2fd4e92f20d99c0c7f34b538 -Author: guenther@openbsd.org -Date: Sat Aug 27 04:04:56 2016 +0000 +commit 4a4b75adac862029a1064577eb5af299b1580cdd +Author: dtucker@openbsd.org +Date: Fri Mar 10 02:59:51 2017 +0000 upstream commit - Pull in for NULL - - ok deraadt@ + Validate digest arg in ssh_digest_final; from jjelen at + redhat.com via bz#2687, ok djm@ - Upstream-ID: 7baa6a0f1e049bb3682522b4b95a26c866bfc043 + Upstream-ID: dbe5494dfddfe523fab341a3dab5a79e7338f878 -commit ae363d74ccc1451185c0c8bd4631e28c67c7fd36 -Author: djm@openbsd.org -Date: Thu Aug 25 23:57:54 2016 +0000 +commit bee0167be2340d8de4bdc1ab1064ec957c85a447 +Author: Darren Tucker +Date: Fri Mar 10 13:40:18 2017 +1100 - upstream commit - - add a sIgnore opcode that silently ignores options and - use it to suppress noisy deprecation warnings for the Protocol directive. + Check for NULL from malloc. - req henning, ok markus + Part of bz#2687, from jjelen at redhat.com. + +commit da39b09d43b137a5a3d071b51589e3efb3701238 +Author: Darren Tucker +Date: Fri Mar 10 13:22:32 2017 +1100 + + If OSX is using launchd, remove screen no. - Upstream-ID: 9fe040aca3d6ff393f6f7e60045cdd821dc4cbe0 + Check for socket with and without screen number. From Apple and Jakob + Schlyter via bz#2341, with contributions from Ron Frederick, ok djm@ -commit a94c60306643ae904add6e8ed219e4be3494255c +commit 8fb15311a011517eb2394bb95a467c209b8b336c Author: djm@openbsd.org -Date: Thu Aug 25 23:56:51 2016 +0000 +Date: Wed Mar 8 12:07:47 2017 +0000 upstream commit - remove superfluous NOTREACHED comment + quote [host]:port in generated ProxyJump commandline; the + [ / ] characters can confuse some shells (e.g. zsh). Reported by Lauri + Tirkkonen via bugs@ - Upstream-ID: a7485c1f1be618e8c9e38fd9be46c13b2d03b90c + Upstream-ID: 65cdd161460e1351c3d778e974c1c2a4fa4bc182 -commit fc041c47144ce28cf71353124a8a5d183cd6a251 -Author: otto@openbsd.org -Date: Tue Aug 23 16:21:45 2016 +0000 +commit 18501151cf272a15b5f2c5e777f2e0933633c513 +Author: dtucker@openbsd.org +Date: Mon Mar 6 02:03:20 2017 +0000 upstream commit - fix previous, a condition was modified incorrectly; ok - markus@ deraadt@ + Check l->hosts before dereferencing; fixes potential null + pointer deref. ok djm@ - Upstream-ID: c443e339768e7ed396dff3bb55f693e7d3641453 + Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301 -commit 23555eb13a9b0550371a16dcf8beaab7a5806a64 -Author: djm@openbsd.org -Date: Tue Aug 23 08:17:42 2016 +0000 +commit d072370793f1a20f01ad827ba8fcd3b8f2c46165 +Author: dtucker@openbsd.org +Date: Mon Mar 6 00:44:51 2017 +0000 upstream commit - downgrade an error() to a debug2() to match similar cases - in addr_match_list() + linenum is unsigned long so use %lu in log formats. ok + deraadt@ - Upstream-ID: 07c3d53e357214153d9d08f234411e0d1a3d6f5c + Upstream-ID: 9dc582d9bb887ebe0164e030d619fc20b1a4ea08 -commit a39627134f6d90e7009eeb14e9582ecbc7a99192 +commit 12d3767ba4c84c32150cbe6ff6494498780f12c9 Author: djm@openbsd.org -Date: Tue Aug 23 06:36:23 2016 +0000 +Date: Fri Mar 3 06:13:11 2017 +0000 upstream commit - remove Protocol directive from client/server configs that - causes spammy deprecation warnings - - hardcode SSH_PROTOCOLS=2, since that's all we support on the server - now (the client still may support both, so it could get confused) + fix ssh-keygen -H accidentally corrupting known_hosts that + contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by + hostkeys_foreach() when hostname matching is in use, so we need to look for + the hash marker explicitly. - Upstream-Regress-ID: c16662c631af51633f9fd06aca552a70535de181 - -commit 6ee4f1c01ee31e65245881d49d4bccf014956066 -Author: Damien Miller -Date: Tue Aug 23 16:33:48 2016 +1000 - - hook match and utf8 unittests up to Makefile + Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528 -commit 114efe2bc0dd2842d997940a833f115e6fc04854 +commit d7abb771bd5a941b26144ba400a34563a1afa589 Author: djm@openbsd.org -Date: Fri Aug 19 06:44:13 2016 +0000 +Date: Tue Feb 28 06:10:08 2017 +0000 upstream commit - add tests for matching functions + small memleak: free fd_set on connection timeout (though + we are heading to exit anyway). From Tom Rix in bz#2683 - Upstream-Regress-ID: 0869d4f5c5d627c583c6a929d69c17d5dd65882c + Upstream-ID: 10e3dadbb8199845b66581473711642d9e6741c4 -commit 857568d2ac81c14bcfd625b27536c1e28c992b3c -Author: Damien Miller -Date: Tue Aug 23 14:32:37 2016 +1000 +commit 78142e3ab3887e53a968d6e199bcb18daaf2436e +Author: jmc@openbsd.org +Date: Mon Feb 27 14:30:33 2017 +0000 - removing UseLogin bits from configure.ac + upstream commit + + errant dot; from klemens nanni + + Upstream-ID: 83d93366a5acf47047298c5d3ebc5e7426f37921 -commit cc182d01cef8ca35a1d25ea9bf4e2ff72e588208 +commit 8071a6924c12bb51406a9a64a4b2892675112c87 Author: djm@openbsd.org -Date: Tue Aug 23 03:24:10 2016 +0000 +Date: Fri Feb 24 03:16:34 2017 +0000 upstream commit - fix negated address matching where the address list - consists of a single negated match, e.g. "Match addr !192.20.0.1" - - Report and patch from Jakub Jelen. bz#2397 ok dtucker@ + might as well set the listener socket CLOEXEC - Upstream-ID: 01dcac3f3e6ca47518cf293e31c73597a4bb40d8 + Upstream-ID: 9c538433d6a0ca79f5f21decc5620e46fb68ab57 -commit 4067ec8a4c64ccf16250c35ff577b4422767da64 +commit d5499190559ebe374bcdfa8805408646ceffad64 Author: djm@openbsd.org -Date: Tue Aug 23 03:22:49 2016 +0000 +Date: Sun Feb 19 00:11:29 2017 +0000 upstream commit - fix matching for pattern lists that contain a single - negated match, e.g. "Host !example" - - report and patch from Robin Becker. bz#1918 ok dtucker@ + add test cases for C locale; ok schwarze@ - Upstream-ID: 05a0cb323ea4bc20e98db099b42c067bfb9ea1ea + Upstream-Regress-ID: 783d75de35fbc923d46e2a5e6cee30f8f381ba87 -commit 83b581862a1dbb06fc859959f829dde2654aef3c +commit 011c8ffbb0275281a0cf330054cf21be10c43e37 Author: djm@openbsd.org -Date: Fri Aug 19 03:18:06 2016 +0000 +Date: Sun Feb 19 00:10:57 2017 +0000 upstream commit - remove UseLogin option and support for having /bin/login - manage login sessions; ok deraadt markus dtucker + Add a common nl_langinfo(CODESET) alias for US-ASCII + "ANSI_X3.4-1968" that is used by Linux. Fixes mprintf output truncation for + non-UTF-8 locales on Linux spotted by dtucker@; ok deraadt@ schwarze@ - Upstream-ID: bea7213fbf158efab7e602d9d844fba4837d2712 + Upstream-ID: c6808956ebffd64066f9075d839f74ff0dd60719 -commit ffe6549c2f7a999cc5264b873a60322e91862581 -Author: naddy@openbsd.org -Date: Mon Aug 15 12:32:04 2016 +0000 +commit 0c4430a19b73058a569573492f55e4c9eeaae67b +Author: dtucker@openbsd.org +Date: Tue Feb 7 23:03:11 2017 +0000 upstream commit - Catch up with the SSH1 code removal and delete all - mention of protocol 1 particularities, key files and formats, command line - options, and configuration keywords from the server documentation and - examples. ok jmc@ + Remove deprecated SSH1 options RSAAuthentication and + RhostsRSAAuthentication from regression test sshd_config. - Upstream-ID: 850328854675b4b6a0d4a90f0b4a9dd9ca4e905f + Upstream-Regress-ID: 8066b753d9dce7cf02ff87af5c727ff680d99491 -commit c38ea634893a1975dbbec798fb968c9488013f4a -Author: naddy@openbsd.org -Date: Mon Aug 15 12:27:56 2016 +0000 +commit 3baa4cdd197c95d972ec3d07f1c0d08f2d7d9199 +Author: dtucker@openbsd.org +Date: Fri Feb 17 02:32:05 2017 +0000 upstream commit - Remove more SSH1 server code: * Drop sshd's -k option. * - Retire configuration keywords that only apply to protocol 1, as well as the - "protocol" keyword. * Remove some related vestiges of protocol 1 support. - - ok markus@ + Do not show rsa1 key type in usage when compiled without + SSH1 support. - Upstream-ID: 9402f82886de917779db12f8ee3f03d4decc244d - -commit 33ba55d9e358c07f069e579bfab80eccaaad52cb -Author: Darren Tucker -Date: Wed Aug 17 16:26:04 2016 +1000 - - Only check for prctl once. - -commit 976ba8a8fd66a969bf658280c1e5adf694cc2fc6 -Author: Darren Tucker -Date: Wed Aug 17 15:33:10 2016 +1000 - - Fix typo. + Upstream-ID: 068b5c41357a02f319957746fa4e84ea73960f57 -commit 9abf84c25ff4448891edcde60533a6e7b2870de1 -Author: Darren Tucker -Date: Wed Aug 17 14:25:43 2016 +1000 +commit ecc35893715f969e98fee118481f404772de4132 +Author: dtucker@openbsd.org +Date: Fri Feb 17 02:31:14 2017 +0000 - Correct LDFLAGS for clang example. + upstream commit - --with-ldflags isn't used until after the -ftrapv test, so mention - LDFLAGS instead for now. + ifdef out "rsa1" from the list of supported keytypes when + compiled without SSH1 support. Found by kdunlop at guralp.com, ok djm@ + + Upstream-ID: cea93a26433d235bb1d64b1d990f19a9c160a70f -commit 1e8013a17ff11e3c6bd0012fb1fc8d5f1330eb21 -Author: Darren Tucker -Date: Wed Aug 17 14:08:42 2016 +1000 +commit 10577c6d96a55b877a960b2d0b75edef1b9945af +Author: djm@openbsd.org +Date: Fri Feb 17 02:04:15 2017 +0000 - Remove obsolete CVS $Id from source files. + upstream commit - Since -portable switched to git the CVS $Id tags are no longer being - updated and are becoming increasingly misleading. Remove them. + For ProxyJump/-J, surround host name with brackets to + allow literal IPv6 addresses. From Dick Visser; ok dtucker@ + + Upstream-ID: 3a5d3b0171250daf6a5235e91bce09c1d5746bf1 -commit adab758242121181700e48b4f6c60d6b660411fe -Author: Darren Tucker -Date: Wed Aug 17 13:40:58 2016 +1000 +commit b2afdaf1b52231aa23d2153f4a8c5a60a694dda4 +Author: jsg@openbsd.org +Date: Wed Feb 15 23:38:31 2017 +0000 - Remove now-obsolete CVS $Id tags from text files. + upstream commit - Since -portable switched to git, the CVS $Id tags are no longer being - updated and are becoming increasingly misleading. Remove them. + Fix memory leaks in match_filter_list() error paths. + + ok dtucker@ markus@ + + Upstream-ID: c7f96ac0877f6dc9188bbc908100a8d246cc7f0e -commit 560c0068541315002ec4c1c00a560bbd30f2d671 -Author: Darren Tucker -Date: Wed Aug 17 13:38:30 2016 +1000 +commit 6d5a41b38b55258213ecfaae9df7a758caa752a1 +Author: djm@openbsd.org +Date: Wed Feb 15 01:46:47 2017 +0000 - Add a section for compiler specifics. + upstream commit - Add a section for compiler specifics and document the runtime requirements - for clang's integer sanitization. + fix division by zero crash in "df" output when server + returns zero total filesystem blocks/inodes. Spotted by Guido Vranken; ok + dtucker@ + + Upstream-ID: 6fb6c2ae6b289aa07b6232dbc0be54682ef5419f -commit a8fc0f42e1eda2fa3393d1ea5e61322d5e07a9cd +commit bd5d7d239525d595ecea92765334af33a45d9d63 Author: Darren Tucker -Date: Wed Aug 17 13:35:43 2016 +1000 +Date: Sun Feb 12 15:45:15 2017 +1100 - Test multiplying two long long ints. + ifdef out EVP_R_PRIVATE_KEY_DECODE_ERROR - When using clang with -ftrapv or -sanitize=integer the tests would pass - but linking would fail with "undefined reference to __mulodi4". - Explicitly test for this before enabling -trapv. + EVP_R_PRIVATE_KEY_DECODE_ERROR was added in OpenSSL 1.0.0 so ifdef out + for the benefit of OpenSSL versions prior to that. -commit a1cc637e7e11778eb727559634a6ef1c19c619f6 -Author: Damien Miller -Date: Tue Aug 16 14:47:34 2016 +1000 +commit 155d540d00ff55f063421ec182ec8ff2b7ab6cbe +Author: djm@openbsd.org +Date: Fri Feb 10 04:34:50 2017 +0000 - add a --with-login-program configure argument + upstream commit - Saves messing around with LOGIN_PROGRAM env var, which come - packaging environments make hard to do during configure phase. - -commit 8bd81e1596ab1bab355146cb65e82fb96ade3b23 -Author: Damien Miller -Date: Tue Aug 16 13:30:56 2016 +1000 - - add --with-pam-service to specify PAM service name + bring back r1.34 that was backed out for problems loading + public keys: - Saves messing around with CFLAGS to do it. - -commit 74433a19bb6f4cef607680fa4d1d7d81ca3826aa -Author: Damien Miller -Date: Tue Aug 16 13:28:23 2016 +1000 - - fix false positives when compiled with msan + translate OpenSSL error codes to something more + meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@ - Our explicit_bzero successfully confused clang -fsanitize-memory - in to thinking that memset is never called to initialise memory. - Ensure that it is called in a way that the compiler recognises. + with additional fix from Jakub Jelen to solve the backout. + bz#2525 bz#2523 re-ok dtucker@ + + Upstream-ID: a9d5bc0306f4473d9b4f4484f880e95f3c1cc031 -commit 6cb6dcffe1a2204ba9006de20f73255c268fcb6b -Author: markus@openbsd.org -Date: Sat Aug 13 17:47:40 2016 +0000 +commit a287c5ad1e0bf9811c7b9221979b969255076019 +Author: djm@openbsd.org +Date: Fri Feb 10 03:36:40 2017 +0000 upstream commit - remove ssh1 server code; ok djm@ + Sanitise escape sequences in key comments sent to printf + but preserve valid UTF-8 when the locale supports it; bz#2520 ok dtucker@ - Upstream-ID: c24c0c32c49b91740d5a94ae914fb1898ea5f534 + Upstream-ID: e8eed28712ba7b22d49be534237eed019875bd1e -commit 42d47adc5ad1187f22c726cbc52e71d6b1767ca2 -Author: jca@openbsd.org -Date: Fri Aug 12 19:19:04 2016 +0000 +commit e40269be388972848aafcca7060111c70aab5b87 +Author: millert@openbsd.org +Date: Wed Feb 8 20:32:43 2017 +0000 upstream commit - Use 2001:db8::/32, the official IPv6 subnet for - configuration examples. - - This makes the IPv6 example consistent with IPv4, and removes a dubious - mention of a 6bone subnet. - - ok sthen@ millert@ + Avoid printf %s NULL. From semarie@, OK djm@ - Upstream-ID: b027f3d0e0073419a132fd1bf002e8089b233634 + Upstream-ID: 06beef7344da0208efa9275d504d60d2a5b9266c -commit b61f53c0c3b43c28e013d3b3696d64d1c0204821 -Author: dtucker@openbsd.org -Date: Thu Aug 11 01:42:11 2016 +0000 +commit 5b90709ab8704dafdb31e5651073b259d98352bc +Author: djm@openbsd.org +Date: Mon Feb 6 09:22:51 2017 +0000 upstream commit - Update moduli file. + Restore \r\n newline sequence for server ident string. The CR + got lost in the flensing of SSHv1. Pointed out by Stef Bon - Upstream-ID: 6da9a37f74aef9f9cc639004345ad893cad582d8 + Upstream-ID: 5333fd43ce5396bf5999496096fac5536e678fac -commit f217d9bd42d306f69f56335231036b44502d8191 -Author: Darren Tucker -Date: Thu Aug 11 11:42:48 2016 +1000 +commit 97c31c46ee2e6b46dfffdfc4f90bbbf188064cbc +Author: djm@openbsd.org +Date: Fri Feb 3 23:01:42 2017 +0000 - Import updated moduli. + upstream commit + + unit test for match_filter_list() function; still want a + better name for this... + + Upstream-Regress-ID: 840ad6118552c35111f0a897af9c8d93ab8de92a -commit 67dca60fbb4923b7a11c1645b90a5ca57c03d8be -Author: dtucker@openbsd.org -Date: Mon Aug 8 22:40:57 2016 +0000 +commit f1a193464a7b77646f0d0cedc929068e4a413ab4 +Author: djm@openbsd.org +Date: Fri Feb 3 23:05:57 2017 +0000 upstream commit - Improve error message for overlong ControlPath. ok markus@ - djm@ + use ssh_packet_set_log_preamble() to include connection + username in packet log messages, e.g. - Upstream-ID: aed374e2e88dd3eb41390003e5303d0089861eb5 + Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth] + + ok markus@ bz#113 + + Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15 -commit 4706c1d8c15cd5565b59512853c2da9bd4ca26c9 +commit 07edd7e9537ab32aa52abb5fb2a915c350fcf441 Author: djm@openbsd.org -Date: Wed Aug 3 05:41:57 2016 +0000 +Date: Fri Feb 3 23:03:33 2017 +0000 upstream commit - small refactor of cipher.c: make ciphercontext opaque to - callers feedback and ok markus@ + add ssh_packet_set_log_preamble() to allow inclusion of a + preamble string in disconnect messages; ok markus@ - Upstream-ID: 094849f8be68c3bdad2c0f3dee551ecf7be87f6f + Upstream-ID: 34cb41182cd76d414c214ccb01c01707849afead -commit e600348a7afd6325cc5cd783cb424065cbc20434 -Author: dtucker@openbsd.org -Date: Wed Aug 3 04:23:55 2016 +0000 +commit 68bc8cfa7642d3ccbf2cd64281c16b8b9205be59 +Author: djm@openbsd.org +Date: Fri Feb 3 23:01:19 2017 +0000 upstream commit - Fix bug introduced in rev 1.467 which causes - "buffer_get_bignum_ret: incomplete message" errors when built with WITH_SSH1 - and run such that no Protocol 1 ephemeral host key is generated (eg "Protocol - 2", no SSH1 host key supplied). Reported by rainer.laatsch at t-online.de, - ok deraadt@ + support =- for removing methods from algorithms lists, + e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like + it" markus@ - Upstream-ID: aa6b132da5c325523aed7989cc5a320497c919dc + Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d -commit d7e7348e72f9b203189e3fffb75605afecba4fda +commit c924b2ef941028a1f31e6e94f54dfeeeef462a4e Author: djm@openbsd.org -Date: Wed Jul 27 23:18:12 2016 +0000 +Date: Fri Feb 3 05:05:56 2017 +0000 upstream commit - better bounds check on iovcnt (we only ever use fixed, - positive values) + allow form-feed characters at EOL; bz#2431 ok dtucker@ - Upstream-ID: 9baa6eb5cd6e30c9dc7398e5fe853721a3a5bdee + Upstream-ID: 1f453afaba6da2ae69d6afdf1ae79a917552f1a2 -commit 5faa52d295f764562ed6dd75c4a4ce9134ae71e3 -Author: Darren Tucker -Date: Tue Aug 2 15:22:40 2016 +1000 +commit 523db8540b720c4d21ab0ff6f928476c70c38aab +Author: Damien Miller +Date: Fri Feb 3 16:01:22 2017 +1100 - Use tabs consistently inside "case $host". + prefer to use ldns-config to find libldns + + Should fix bz#2603 - "Build with ldns and without kerberos support + fails if ldns compiled with kerberos support" by including correct + cflags/libs + + ok dtucker@ -commit 20e5e8ba9c5d868d897896190542213a60fffbd2 -Author: Darren Tucker -Date: Tue Aug 2 12:16:34 2016 +1000 +commit c998bf0afa1a01257a53793eba57941182e9e0b7 +Author: dtucker@openbsd.org +Date: Fri Feb 3 02:56:00 2017 +0000 - Explicitly test for broken strnvis. + upstream commit - NetBSD added an strnvis and unfortunately made it incompatible with the - existing one in OpenBSD and Linux's libbsd (the former having existed - for over ten years). Despite this incompatibility being reported during - development (see http://gnats.netbsd.org/44977) they still shipped it. - Even more unfortunately FreeBSD and later MacOS picked up this incompatible - implementation. Try to detect this mess, and assume the only safe option - if we're cross compiling. + Make ssh_packet_set_rekey_limits take u32 for the number of + seconds until rekeying (negative values are rejected at config parse time). + This allows the removal of some casts and a signed vs unsigned comparison + warning. - OpenBSD 2.9 (2001): strnvis(char *dst, const char *src, size_t dlen, int flag); - NetBSD 6.0 (2012): strnvis(char *dst, size_t dlen, const char *src, int flag); + rekey_time is cast to int64 for the comparison which is a no-op + on OpenBSD, but should also do the right thing in -portable on + anything still using 32bit time_t (until the system time actually + wraps, anyway). - ok djm@ - -commit b0b48beab1b74100b61ecbadb9140c9ab4c2ea8c -Author: Damien Miller -Date: Tue Aug 2 11:06:23 2016 +1000 - - update recommended autoconf version + some early guidance deraadt@, ok djm@ + + Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c -commit 23902e31dfd18c6d7bb41ccd73de3b5358a377da -Author: Damien Miller -Date: Tue Aug 2 10:48:04 2016 +1000 +commit 3ec5fa4ba97d4c4853620daea26a33b9f1fe3422 +Author: jsg@openbsd.org +Date: Thu Feb 2 10:54:25 2017 +0000 - update config.guess and config.sub to current + upstream commit - upstream commit 562f3512b3911ba0c77a7f68214881d1f241f46e + In vasnmprintf() return an error if malloc fails and + don't set a function argument to the address of free'd memory. + + ok djm@ + + Upstream-ID: 1efffffff2f51d53c9141f245b90ac23d33b9779 -commit dd1031b78b83083615b68d7163c44f4408635be2 -Author: Darren Tucker -Date: Tue Aug 2 10:01:52 2016 +1000 +commit 858252fb1d451ebb0969cf9749116c8f0ee42753 +Author: dtucker@openbsd.org +Date: Wed Feb 1 02:59:09 2017 +0000 - Replace spaces with tabs. + upstream commit - Mechanically replace spaces with tabs in compat files not synced with - OpenBSD. + Return true reason for port forwarding failures where + feasible rather than always "administratively prohibited". bz#2674, ok djm@ + + Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419 -commit c20dccb5614c5714f4155dda01bcdebf97cfae7e -Author: Darren Tucker -Date: Tue Aug 2 09:44:25 2016 +1000 +commit 6ba9f893838489add6ec4213c7a997b425e4a9e0 +Author: dtucker@openbsd.org +Date: Mon Jan 30 23:27:39 2017 +0000 - Strip trailing whitespace. + upstream commit - Mechanically strip trailing whitespace on files not synced with OpenBSD - (or in the case of bsd-snprint.c, rsync). + Small correction to the known_hosts section on when it is + updated. Patch from lkppo at free.fr some time ago, pointed out by smallm at + sdf.org + + Upstream-ID: 1834d7af179dea1a12ad2137f84566664af225d5 -commit 30f9bd1c0963c23bfba8468dfd26aa17609ba42f +commit c61d5ec3c11e7ff9779b6127421d9f166cf10915 Author: Darren Tucker -Date: Tue Aug 2 09:06:27 2016 +1000 +Date: Fri Feb 3 14:10:34 2017 +1100 - Repair $OpenBSD markers. + Remove _XOPEN_SOURCE from wide char detection. + + Having _XOPEN_SOURCE unconditionally causes problems on some platforms + and configurations, notably Solaris 64-bit binaries. It was there for + the benefit of Linux put the required bits in the *-*linux* section. + + Patch from yvoinov at gmail.com. -commit 9715d4ad4b53877ec23dc8681dd7a405de9419a6 -Author: Darren Tucker -Date: Tue Aug 2 09:02:42 2016 +1000 +commit f25ee13b3e81fd80efeb871dc150fe49d7fc8afd +Author: djm@openbsd.org +Date: Mon Jan 30 05:22:14 2017 +0000 - Repair $OpenBSD marker. + upstream commit + + fully unbreak: some $SSH invocations did not have -F + specified and could pick up the ~/.ssh/config of the user running the tests + + Upstream-Regress-ID: f362d1892c0d3e66212d5d3fc02d915c58ef6b89 -commit cf3e0be7f5828a5e5f6c296a607d20be2f07d60c -Author: Tim Rice -Date: Mon Aug 1 14:31:52 2016 -0700 +commit 6956e21fb26652887475fe77ea40d2efcf25908b +Author: djm@openbsd.org +Date: Mon Jan 30 04:54:07 2017 +0000 - modified: configure.ac opensshd.init.in - Skip generating missing RSA1 key on startup unless ssh1 support is enabled. - Spotted by Jean-Pierre Radley + upstream commit + + partially unbreak: was not specifying hostname on some + $SSH invocations + + Upstream-Regress-ID: bc8a5e98e57bad0a92ef4f34ed91c1d18294e2cc -commit 99522ba7ec6963a05c04a156bf20e3ba3605987c -Author: Damien Miller -Date: Thu Jul 28 08:54:27 2016 +1000 +commit 52763dd3fe0a4678dafdf7aeb32286e514130afc +Author: djm@openbsd.org +Date: Mon Jan 30 01:03:00 2017 +0000 - define _OPENBSD_SOURCE for reallocarray on NetBSD + upstream commit - Report by and debugged with Hisashi T Fujinaka, dtucker nailed - the problem (lack of prototype causing return type confusion). + revise keys/principals command hang fix (bz#2655) to + consume entire output, avoiding sending SIGPIPE to subprocesses early; ok + dtucker@ + + Upstream-ID: 7cb04b31a61f8c78c4e48ceededcd2fd5c4ee1bc -commit 3e1e076550c27c6bbdddf36d8f42bd79fbaaa187 -Author: Damien Miller -Date: Wed Jul 27 08:25:42 2016 +1000 +commit 381a2615a154a82c4c53b787f4a564ef894fe9ac +Author: djm@openbsd.org +Date: Mon Jan 30 00:38:50 2017 +0000 - KNF + upstream commit + + small cleanup post SSHv1 removal: + + remove SSHv1-isms in commented examples + + reorder token table to group deprecated and compile-time conditional tokens + better + + fix config dumping code for some compile-time conditional options that + weren't being correctly skipped (SSHv1 and PKCS#11) + + Upstream-ID: f2e96b3cb3158d857c5a91ad2e15925df3060105 -commit d99ee9c4e5e217e7d05eeec84e9ce641f4675331 -Author: Damien Miller -Date: Wed Jul 27 08:25:23 2016 +1000 +commit 4833d01591b7eb049489d9558b65f5553387ed43 +Author: djm@openbsd.org +Date: Mon Jan 30 00:34:01 2017 +0000 - Linux auditing also needs packet.h + upstream commit + + some explicit NULL tests when dumping configured + forwardings; from Karsten Weiss + + Upstream-ID: 40957b8dea69672b0e50df6b4a91a94e3e37f72d -commit 393bd381a45884b589baa9aed4394f1d250255ca -Author: Damien Miller -Date: Wed Jul 27 08:18:05 2016 +1000 +commit 326e2fae9f2e3e067b5651365eba86b35ee5a6b2 +Author: djm@openbsd.org +Date: Mon Jan 30 00:32:28 2017 +0000 - fix auditing on Linux + upstream commit - get_remote_ipaddr() was replaced with ssh_remote_ipaddr() + misplaced braces in test; from Karsten Weiss + + Upstream-ID: f7b794074d3aae8e35b69a91d211c599c94afaae -commit 80e766fb089de4f3c92b1600eb99e9495e37c992 -Author: Damien Miller -Date: Sun Jul 24 21:50:13 2016 +1000 +commit 3e032a95e46bfaea9f9e857678ac8fa5f63997fb +Author: djm@openbsd.org +Date: Mon Jan 30 00:32:03 2017 +0000 - crank version numbers + upstream commit + + don't dereference authctxt before testing != NULL, it + causes compilers to make assumptions; from Karsten Weiss + + Upstream-ID: 794243aad1e976ebc717885b7a97a25e00c031b2 -commit b1a478792d458f2e938a302e64bab2b520edc1b3 +commit 01cfaa2b1cfb84f3cdd32d1bf82b120a8d30e057 Author: djm@openbsd.org -Date: Sun Jul 24 11:45:36 2016 +0000 +Date: Fri Jan 6 02:51:16 2017 +0000 upstream commit - openssh-7.3 + use correct ssh-add program; bz#2654, from Colin Watson - Upstream-ID: af106a7eb665f642648cf1993e162c899f358718 + Upstream-Regress-ID: 7042a36e1bdaec6562f6e57e9d047efe9c7a6030 -commit 353766e0881f069aeca30275ab706cd60a1a8fdd -Author: Darren Tucker -Date: Sat Jul 23 16:14:42 2016 +1000 +commit e5c7ec67cdc42ae2584085e0fc5cc5ee91133cf5 +Author: dtucker@openbsd.org +Date: Fri Jan 6 02:26:10 2017 +0000 - Move Cygwin IPPORT_RESERVED overrride to defines.h + upstream commit - Patch from vinschen at redhat.com. + Account for timeouts in the integrity tests as failures. + + If the first test in a series for a given MAC happens to modify the low + bytes of a packet length, then ssh will time out and this will be + interpreted as a test failure. Patch from cjwatson at debian.org via + bz#2658. + + Upstream-Regress-ID: e7467613b0badedaa300bc6fc7495ec2f44e2fb9 -commit 368dd977ae07afb93f4ecea23615128c95ab2b32 -Author: djm@openbsd.org -Date: Sat Jul 23 02:54:08 2016 +0000 +commit dbaf599b61bd6e0f8469363a8c8e7f633b334018 +Author: dtucker@openbsd.org +Date: Fri Jan 6 02:09:25 2017 +0000 upstream commit - fix pledge violation with ssh -f; reported by Valentin - Kozamernik ok dtucker@ + Make forwarding test less racy by using unix domain + sockets instead of TCP ports where possible. Patch from cjwatson at + debian.org via bz#2659. - Upstream-ID: a61db7988db88d9dac3c4dd70e18876a8edf84aa + Upstream-Regress-ID: 4756375aac5916ef9d25452a1c1d5fa9e90299a9 -commit f00211e3c6d24d6ea2b64b4b1209f671f6c1d42e -Author: djm@openbsd.org -Date: Fri Jul 22 07:00:46 2016 +0000 +commit 9390b0031ebd6eb5488d3bc4d4333c528dffc0a6 +Author: dtucker@openbsd.org +Date: Sun Jan 29 21:35:23 2017 +0000 upstream commit - improve wording; suggested by jmc@ + Fix typo in ~C error message for bad port forward + cancellation. bz#2672, from Brad Marshall via Colin Watson and Ubuntu's + bugtracker. - Upstream-ID: 55cb0a24c8e0618b3ceec80998dc82c85db2d2f8 + Upstream-ID: 0d4a7e5ead6cc59c9a44b4c1e5435ab3aada09af -commit 83cbca693c3b0719270e6a0f2efe3f9ee93a65b8 -Author: dtucker@openbsd.org -Date: Fri Jul 22 05:46:11 2016 +0000 +commit 4ba15462ca38883b8a61a1eccc093c79462d5414 +Author: guenther@openbsd.org +Date: Sat Jan 21 11:32:04 2017 +0000 upstream commit - Lower loglevel for "Authenticated with partial success" - message similar to other similar level. bz#2599, patch from cgallek at - gmail.com, ok markus@ + The POSIX APIs that that sockaddrs all ignore the s*_len + field in the incoming socket, so userspace doesn't need to set it unless it + has its own reasons for tracking the size along with the sockaddr. - Upstream-ID: 3faab814e947dc7b2e292edede23e94c608cb4dd + ok phessler@ deraadt@ florian@ + + Upstream-ID: ca6e49e2f22f2b9e81d6d924b90ecd7e422e7437 -commit 10358abd087ab228b7ce2048efc4f3854a9ab9a6 -Author: Damien Miller -Date: Fri Jul 22 14:06:36 2016 +1000 +commit a1187bd3ef3e4940af849ca953a1b849dae78445 +Author: jmc@openbsd.org +Date: Fri Jan 6 16:28:12 2017 +0000 - retry waitpid on EINTR failure + upstream commit - patch from Jakub Jelen on bz#2581; ok dtucker@ + keep the tokens list sorted; + + Upstream-ID: b96239dae4fb3aa94146bb381afabcc7740a1638 -commit da88a70a89c800e74ea8e5661ffa127a3cc79a92 +commit b64077f9767634715402014f509e58decf1e140d Author: djm@openbsd.org -Date: Fri Jul 22 03:47:36 2016 +0000 +Date: Fri Jan 6 09:27:52 2017 +0000 upstream commit - constify a few functions' arguments; patch from Jakub - Jelen bz#2581 + fix previous - Upstream-ID: f2043f51454ea37830ff6ad60c8b32b4220f448d + Upstream-ID: c107d6a69bc22325d79fbf78a2a62e04bcac6895 -commit c36d91bd4ebf767f310f7cea88d61d1c15f53ddf +commit 5e820e9ea2e949aeb93071fe31c80b0c42f2b2de Author: djm@openbsd.org -Date: Fri Jul 22 03:39:13 2016 +0000 +Date: Fri Jan 6 03:53:58 2017 +0000 upstream commit - move debug("%p", key) to before key is free'd; probable - undefined behaviour on strict compilers; reported by Jakub Jelen bz#2581 + show a useful error message when included config files + can't be opened; bz#2653, ok dtucker@ - Upstream-ID: 767f323e1f5819508a0e35e388ec241bac2f953a + Upstream-ID: f598b73b5dfe497344cec9efc9386b4e5a3cb95b -commit 286f5a77c3bfec1e8892ca268087ac885ac871bf +commit 13bd2e2d622d01dc85d22b94520a5b243d006049 Author: djm@openbsd.org -Date: Fri Jul 22 03:35:11 2016 +0000 +Date: Fri Jan 6 03:45:41 2017 +0000 upstream commit - reverse the order in which -J/JumpHost proxies are visited to - be more intuitive and document + sshd_config is documented to set + GSSAPIStrictAcceptorCheck=yes by default, so actually make it do this. + bz#2637 ok dtucker - reported by and manpage bits naddy@ + Upstream-ID: 99ef8ac51f17f0f7aec166cb2e34228d4d72a665 + +commit f89b928534c9e77f608806a217d39a2960cc7fd0 +Author: djm@openbsd.org +Date: Fri Jan 6 03:41:58 2017 +0000 + + upstream commit - Upstream-ID: 3a68fd6a841fd6cf8cedf6552a9607ba99df179a + Avoid confusing error message when attempting to use + ssh-keyscan built without SSH protocol v.1 to scan for v.1 keys; bz#2583 + + Upstream-ID: 5d214abd3a21337d67c6dcc5aa6f313298d0d165 -commit fcd135c9df440bcd2d5870405ad3311743d78d97 +commit 0999533014784579aa6f01c2d3a06e3e8804b680 Author: dtucker@openbsd.org -Date: Thu Jul 21 01:39:35 2016 +0000 +Date: Fri Jan 6 02:34:54 2017 +0000 upstream commit - Skip passwords longer than 1k in length so clients can't - easily DoS sshd by sending very long passwords, causing it to spend CPU - hashing them. feedback djm@, ok markus@. - - Brought to our attention by tomas.kuthan at oracle.com, shilei-c at - 360.cn and coredump at autistici.org + Re-add '%k' token for AuthorizedKeysCommand which was + lost during the re-org in rev 1.235. bz#2656, from jboning at gmail.com. - Upstream-ID: d0af7d4a2190b63ba1d38eec502bc4be0be9e333 + Upstream-ID: 2884e203c02764d7b3fe7472710d9c24bdc73e38 -commit 324583e8fb3935690be58790425793df619c6d4d -Author: naddy@openbsd.org -Date: Wed Jul 20 10:45:27 2016 +0000 +commit 51045869fa084cdd016fdd721ea760417c0a3bf3 +Author: djm@openbsd.org +Date: Wed Jan 4 05:37:40 2017 +0000 upstream commit - Do not clobber the global jump_host variables when - parsing an inactive configuration. ok djm@ + unbreak Unix domain socket forwarding for root; ok + markus@ - Upstream-ID: 5362210944d91417d5976346d41ac0b244350d31 + Upstream-ID: 6649c76eb7a3fa15409373295ca71badf56920a2 -commit 32d921c323b989d28405e78d0a8923d12913d737 -Author: jmc@openbsd.org -Date: Tue Jul 19 12:59:16 2016 +0000 +commit 58fca12ba967ea5c768653535604e1522d177e44 +Author: Darren Tucker +Date: Mon Jan 16 09:08:32 2017 +1100 + + Remove LOGIN_PROGRAM. + + UseLogin is gone, remove leftover. bz#2665, from cjwatson at debian.org + +commit b108ce92aae0ca0376dce9513d953be60e449ae1 +Author: djm@openbsd.org +Date: Wed Jan 4 02:21:43 2017 +0000 upstream commit - tweak previous; + relax PKCS#11 whitelist a bit to allow libexec as well as + lib directories. - Upstream-ID: f3c1a5b3f05dff366f60c028728a2b43f15ff534 + Upstream-ID: cf5617958e2e2d39f8285fd3bc63b557da484702 -commit d7eabc86fa049a12ba2c3fb198bd1d51b37f7025 -Author: dtucker@openbsd.org -Date: Tue Jul 19 11:38:53 2016 +0000 +commit c7995f296b9222df2846f56ecf61e5ae13d7a53d +Author: djm@openbsd.org +Date: Tue Jan 3 05:46:51 2017 +0000 upstream commit - Allow wildcard for PermitOpen hosts as well as ports. - bz#2582, patch from openssh at mzpqnxow.com and jjelen at redhat.com. ok - markus@ + check number of entries in SSH2_FXP_NAME response; avoids + unreachable overflow later. Reported by Jann Horn - Upstream-ID: af0294e9b9394c4e16e991424ca0a47a7cc605f2 + Upstream-ID: b6b2b434a6d6035b1644ca44f24cd8104057420f -commit b98a2a8348e907b3d71caafd80f0be8fdd075943 -Author: markus@openbsd.org -Date: Mon Jul 18 11:35:33 2016 +0000 +commit ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2 +Author: djm@openbsd.org +Date: Fri Dec 30 22:08:02 2016 +0000 upstream commit - Reduce timing attack against obsolete CBC modes by always - computing the MAC over a fixed size of data. Reported by Jean Paul - Degabriele, Kenny Paterson, Torben Hansen and Martin Albrecht. ok djm@ + fix deadlock when keys/principals command produces a lot of + output and a key is matched early; bz#2655, patch from jboning AT gmail.com - Upstream-ID: f20a13279b00ba0afbacbcc1f04e62e9d41c2912 + Upstream-ID: e19456429bf99087ea994432c16d00a642060afe -commit dbf788b4d9d9490a5fff08a7b09888272bb10fcc +commit 30eee7d1b2fec33c14870cc11910610be5d2aa6f Author: Darren Tucker -Date: Thu Jul 21 14:17:31 2016 +1000 +Date: Tue Dec 20 12:16:11 2016 +1100 - Search users for one with a valid salt. + Re-add missing "Prerequisites" header and fix typo - If the root account is locked (eg password "!!" or "*LK*") keep looking - until we find a user with a valid salt to use for crypting passwords of - invalid users. ok djm@ + Patch from HARUYAMA Seigo . -commit e8b58f48fbb1b524fb4f0d4865fa0005d6a4b782 -Author: Darren Tucker -Date: Mon Jul 18 17:22:49 2016 +1000 +commit c8c60f3663165edd6a52632c6ddbfabfce1ca865 +Author: djm@openbsd.org +Date: Mon Dec 19 22:35:23 2016 +0000 - Explicitly specify source files for regress tools. + upstream commit - Since adding $(REGRESSLIBS), $? is wrong because it includes only the - changed source files. $< seems like it'd be right however it doesn't - seem to work on some non-GNU makes, so do what works everywhere. + use standard /bin/sh equality test; from Mike Frysinger + + Upstream-Regress-ID: 7b6f0b63525f399844c8ac211003acb8e4b0bec2 -commit eac1bbd06872c273f16ac0f9976b0aef026b701b -Author: Darren Tucker -Date: Mon Jul 18 17:12:22 2016 +1000 +commit 4a354fc231174901f2629437c2a6e924a2dd6772 +Author: Damien Miller +Date: Mon Dec 19 15:59:26 2016 +1100 - Conditionally include err.h. + crank version numbers for release -commit 0a454147568746c503f669e1ba861f76a2e7a585 -Author: Darren Tucker -Date: Mon Jul 18 16:26:26 2016 +1000 +commit 5f8d0bb8413d4d909cc7aa3c616fb0538224c3c9 +Author: djm@openbsd.org +Date: Mon Dec 19 04:55:51 2016 +0000 - Remove local implementation of err, errx. + upstream commit - We now have a shared implementation in libopenbsd-compat. + openssh-7.4 + + Upstream-ID: 1ee404adba6bbe10ae9277cbae3a94abe2867b79 -commit eb999a4590846ba4d56ddc90bd07c23abfbab7b1 +commit 3a8213ea0ed843523e34e55ab9c852332bab4c7b Author: djm@openbsd.org -Date: Mon Jul 18 06:08:01 2016 +0000 +Date: Mon Dec 19 04:55:18 2016 +0000 upstream commit - Add some unsigned overflow checks for extra_pad. None of - these are reachable with the amount of padding that we use internally. - bz#2566, pointed out by Torben Hansen. ok markus@ + remove testcase that depends on exact output and + behaviour of snprintf(..., "%s", NULL) - Upstream-ID: 4d4be8450ab2fc1b852d5884339f8e8c31c3fd76 + Upstream-Regress-ID: cab4288531766bd9593cb556613b91a2eeefb56f -commit c71ba790c304545464bb494de974cdf0f4b5cf1e -Author: Darren Tucker -Date: Mon Jul 18 15:43:25 2016 +1000 +commit eae735a82d759054f6ec7b4e887fb7a5692c66d7 +Author: dtucker@openbsd.org +Date: Mon Dec 19 03:32:57 2016 +0000 - Add dependency on libs for unit tests. + upstream commit - Makes "./configure && make tests" work again. ok djm@ + Use LOGNAME to get current user and fall back to whoami if + not set. Mainly to benefit -portable since some platforms don't have whoami. + + Upstream-Regress-ID: e3a16b7836a3ae24dc8f8a4e43fdf8127a60bdfa -commit 8199d0311aea3e6fd0284c9025e7a83f4ece79e8 -Author: Darren Tucker -Date: Mon Jul 18 13:47:39 2016 +1000 +commit 0d2f88428487518eea60602bd593989013831dcf +Author: dtucker@openbsd.org +Date: Fri Dec 16 03:51:19 2016 +0000 - Correct location for kexfuzz in clean target. + upstream commit + + Add regression test for AllowUsers and DenyUsers. Patch from + Zev Weiss + + Upstream-Regress-ID: 8f1aac24d52728398871dac14ad26ea38b533fb9 -commit 01558b7b07af43da774d3a11a5c51fa9c310849d +commit 3bc8180a008929f6fe98af4a56fb37d04444b417 Author: Darren Tucker -Date: Mon Jul 18 09:33:25 2016 +1000 +Date: Fri Dec 16 15:02:24 2016 +1100 - Handle PAM_MAXTRIES from modules. - - bz#2249: handle the case where PAM returns PAM_MAXTRIES by ceasing to offer - password and keyboard-interative authentication methods. Should prevent - "sshd ignoring max retries" warnings in the log. ok djm@ + Add missing monitor.h include. - It probably won't trigger with keyboard-interactive in the default - configuration because the retry counter is stored in module-private - storage which goes away with the sshd PAM process (see bz#688). On the - other hand, those cases probably won't log a warning either. + Fixes warning pointed out by Zev Weiss -commit 65c6c6b567ab5ab12945a5ad8e0ab3a8c26119cc +commit 410681f9015d76cc7b137dd90dac897f673244a0 Author: djm@openbsd.org -Date: Sun Jul 17 04:20:16 2016 +0000 +Date: Fri Dec 16 02:48:55 2016 +0000 upstream commit - support UTF-8 characters in ssh(1) banners using - schwarze@'s safe fmprintf printer; bz#2058 - - feedback schwarze@ ok dtucker@ + revert to rev1.2; the new bits in this test depend on changes + to ssh that aren't yet committed - Upstream-ID: a72ce4e3644c957643c9524eea2959e41b91eea7 + Upstream-Regress-ID: 828ffc2c7afcf65d50ff2cf3dfc47a073ad39123 -commit e4eb7d910976fbfc7ce3e90c95c11b07b483d0d7 -Author: jmc@openbsd.org -Date: Sat Jul 16 06:57:55 2016 +0000 +commit 2f2ffa4fbe4b671bbffa0611f15ba44cff64d58e +Author: dtucker@openbsd.org +Date: Fri Dec 16 01:06:27 2016 +0000 upstream commit - - add proxyjump to the options list - formatting fixes - - update usage() - - ok djm + Move the "stop sshd" code into its own helper function. + Patch from Zev Weiss , ok djm@ - Upstream-ID: 43d318e14ce677a2eec8f21ef5ba2f9f68a59457 + Upstream-Regress-ID: a113dea77df5bd97fb4633ea31f3d72dbe356329 -commit af1f084857621f14bd9391aba8033d35886c2455 -Author: dtucker@openbsd.org -Date: Fri Jul 15 05:01:58 2016 +0000 +commit e15e7152331e3976b35475fd4e9c72897ad0f074 +Author: djm@openbsd.org +Date: Fri Dec 16 01:01:07 2016 +0000 upstream commit - Reduce the syslog level of some relatively common protocol - events from LOG_CRIT by replacing fatal() calls with logdie(). Part of - bz#2585, ok djm@ + regression test for certificates along with private key + with no public half. bz#2617, mostly from Adam Eijdenberg - Upstream-ID: 9005805227c94edf6ac02a160f0e199638d288e5 - -commit bd5f2b78b69cf38d6049a0de445a79c8595e4a1f -Author: Damien Miller -Date: Fri Jul 15 19:14:48 2016 +1000 - - missing openssl/dh.h - -commit 4a984fd342effe5f0aad874a0d538c4322d973c0 -Author: Damien Miller -Date: Fri Jul 15 18:47:07 2016 +1000 - - cast to avoid type warning in error message + Upstream-Regress-ID: 2e74dc2c726f4dc839609b3ce045466b69f01115 -commit 5abfb15ced985c340359ae7fb65a625ed3692b3e -Author: Darren Tucker -Date: Fri Jul 15 14:48:30 2016 +1000 +commit 9a70ec085faf6e55db311cd1a329f1a35ad2a500 +Author: dtucker@openbsd.org +Date: Thu Dec 15 23:50:37 2016 +0000 - Move VA_COPY macro into compat header. + upstream commit - Some AIX compilers unconditionally undefine va_copy but don't set it back - to an internal function, causing link errors. In some compat code we - already use VA_COPY instead so move the two existing instances into the - shared header and use for sshbuf-getput-basic.c too. Should fix building - with at lease some versions of AIX's compiler. bz#2589, ok djm@ - -commit 832b7443b7a8e181c95898bc5d73497b7190decd -Author: Damien Miller -Date: Fri Jul 15 14:45:34 2016 +1000 - - disable ciphers not supported by OpenSSL + Use $SUDO to read pidfile in case root's umask is + restricted. From portable. - bz#2466 ok dtucker@ + Upstream-Regress-ID: f6b1c7ffbc5a0dfb7d430adb2883344899174a98 -commit 5fbe93fc6fbb2fe211e035703dec759d095e3dd8 -Author: Damien Miller -Date: Fri Jul 15 13:54:31 2016 +1000 +commit fe06b68f824f8f55670442fb31f2c03526dd326c +Author: dtucker@openbsd.org +Date: Thu Dec 15 21:29:05 2016 +0000 - add a --disable-pkcs11 knob + upstream commit + + Add missing braces in DenyUsers code. Patch from zev at + bewilderbeest.net, ok deraadt@ + + Upstream-ID: d747ace338dcf943b077925f90f85f789714b54e -commit 679ce88ec2a8e2fe6515261c489e8c1449bb9da9 -Author: Damien Miller -Date: Fri Jul 15 13:44:38 2016 +1000 +commit dcc7d74242a574fd5c4afbb4224795b1644321e7 +Author: dtucker@openbsd.org +Date: Thu Dec 15 21:20:41 2016 +0000 - fix newline escaping for unsupported_algorithms + upstream commit - The hmac-ripemd160 was incorrect and could lead to broken - Makefiles on systems that lacked support for it, but I made - all the others consistent too. + Fix text in error message. Patch from zev at + bewilderbeest.net. + + Upstream-ID: deb0486e175e7282f98f9a15035d76c55c84f7f6 -commit ed877ef653847d056bb433975d731b7a1132a979 +commit b737e4d7433577403a31cff6614f6a1b0b5e22f4 Author: djm@openbsd.org -Date: Fri Jul 15 00:24:30 2016 +0000 +Date: Wed Dec 14 00:36:34 2016 +0000 upstream commit - Add a ProxyJump ssh_config(5) option and corresponding -J - ssh(1) command-line flag to allow simplified indirection through a SSH - bastion or "jump host". - - These options construct a proxy command that connects to the - specified jump host(s) (more than one may be specified) and uses - port-forwarding to establish a connection to the next destination. + disable Unix-domain socket forwarding when privsep is + disabled - This codifies the safest way of indirecting connections through SSH - servers and makes it easy to use. + Upstream-ID: ab61516ae0faadad407857808517efa900a0d6d0 + +commit 08a1e7014d65c5b59416a0e138c1f73f417496eb +Author: djm@openbsd.org +Date: Fri Dec 9 03:04:29 2016 +0000 + + upstream commit - ok markus@ + log connections dropped in excess of MaxStartups at + verbose LogLevel; bz#2613 based on diff from Tomas Kuthan; ok dtucker@ - Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397 + Upstream-ID: 703ae690dbf9b56620a6018f8a3b2389ce76d92b -commit 5c02dd126206a26785379e80f2d3848e4470b711 +commit 10e290ec00964b2bf70faab15a10a5574bb80527 Author: Darren Tucker -Date: Fri Jul 15 12:56:39 2016 +1000 +Date: Tue Dec 13 13:51:32 2016 +1100 - Map umac_ctx struct name too. - - Prevents size mismatch linker warnings on Solaris 11. + Get default of TEST_SSH_UTF8 from environment. -commit 283b97ff33ea2c641161950849931bd578de6946 +commit b9b8ba3f9ed92c6220b58d70d1e6d8aa3eea1104 Author: Darren Tucker -Date: Fri Jul 15 13:49:44 2016 +1000 +Date: Tue Dec 13 12:56:40 2016 +1100 - Mitigate timing of disallowed users PAM logins. - - When sshd decides to not allow a login (eg PermitRootLogin=no) and - it's using PAM, it sends a fake password to PAM so that the timing for - the failure is not noticeably different whether or not the password - is correct. This behaviour can be detected by sending a very long - password string which is slower to hash than the fake password. + Remove commented-out includes. - Mitigate by constructing an invalid password that is the same length - as the one from the client and thus takes the same time to hash. - Diff from djm@ + These commented-out includes have "Still needed?" comments. Since + they've been commented out for ~13 years I assert that they're not. -commit 9286875a73b2de7736b5e50692739d314cd8d9dc +commit 25275f1c9d5f01a0877d39444e8f90521a598ea0 Author: Darren Tucker -Date: Fri Jul 15 13:32:45 2016 +1000 +Date: Tue Dec 13 12:54:23 2016 +1100 - Determine appropriate salt for invalid users. + Add prototype for strcasestr in compat library. + +commit afec07732aa2985142f3e0b9a01eb6391f523dec +Author: Darren Tucker +Date: Tue Dec 13 10:23:03 2016 +1100 + + Add strcasestr to compat library. - When sshd is processing a non-PAM login for a non-existent user it uses - the string from the fakepw structure as the salt for crypt(3)ing the - password supplied by the client. That string has a Blowfish prefix, so on - systems that don't understand that crypt will fail fast due to an invalid - salt, and even on those that do it may have significantly different timing - from the hash methods used for real accounts (eg sha512). This allows - user enumeration by, eg, sending large password strings. This was noted - by EddieEzra.Harari at verint.com (CVE-2016-6210). + Fixes build on (at least) Solaris 10. + +commit dda78a03af32e7994f132d923c2046e98b7c56c8 +Author: Damien Miller +Date: Mon Dec 12 13:57:10 2016 +1100 + + Force Turkish locales back to C/POSIX; bz#2643 - To mitigate, use the same hash algorithm that root uses for hashing - passwords for users that do not exist on the system. ok djm@ + Turkish locales are unique in their handling of the letters 'i' and + 'I' (yes, they are different letters) and OpenSSH isn't remotely + prepared to deal with that. For now, the best we can do is to force + OpenSSH to use the C/POSIX locale and try to preserve the UTF-8 + encoding if possible. + + ok dtucker@ -commit a162dd5e58ca5b224d7500abe35e1ef32b5de071 +commit c35995048f41239fc8895aadc3374c5f75180554 Author: Darren Tucker -Date: Thu Jul 14 21:19:59 2016 +1000 +Date: Fri Dec 9 12:52:02 2016 +1100 - OpenSSL 1.1.x not currently supported. + exit is in stdlib.h not unistd.h (that's _exit). -commit 7df91b01fc558a33941c5c5f31abbcdc53a729fb +commit d399a8b914aace62418c0cfa20341aa37a192f98 Author: Darren Tucker -Date: Thu Jul 14 12:25:24 2016 +1000 +Date: Fri Dec 9 12:33:25 2016 +1100 - Check for VIS_ALL. - - If we don't have it, set BROKEN_STRNVIS to activate the compat replacement. + Include for exit in utf8 locale test. -commit ee67716f61f1042d5e67f91c23707cca5dcdd7d0 -Author: dtucker@openbsd.org -Date: Thu Jul 14 01:24:21 2016 +0000 +commit 47b8c99ab3221188ad3926108dd9d36da3b528ec +Author: Darren Tucker +Date: Thu Dec 8 15:48:34 2016 +1100 - upstream commit + Check for utf8 local support before testing it. - Correct equal in test. + Check for utf8 local support and if not found, do not attempt to run the + utf8 tests. Suggested by djm@ + +commit 4089fc1885b3a2822204effbb02b74e3da58240d +Author: Darren Tucker +Date: Thu Dec 8 12:57:24 2016 +1100 + + Use AC_PATH_TOOL for krb5-config. - Upstream-Regress-ID: 4e32f7a5c57a619c4e8766cb193be2a1327ec37a + This will use the host-prefixed version when cross compiling; patch from + david.michael at coreos.com. -commit 372807c2065c8572fdc6478b25cc5ac363743073 -Author: tb@openbsd.org -Date: Mon Jul 11 21:38:13 2016 +0000 +commit b4867e0712c89b93be905220c82f0a15e6865d1e +Author: djm@openbsd.org +Date: Tue Dec 6 07:48:01 2016 +0000 upstream commit - Add missing "recvfd" pledge promise: Raf Czlonka reported - ssh coredumps when Control* keywords were set in ssh_config. This patch also - fixes similar problems with scp and sftp. + make IdentityFile successfully load and use certificates that + have no corresponding bare public key. E.g. just a private id_rsa and + certificate id_rsa-cert.pub (and no id_rsa.pub). - ok deraadt, looks good to millert + bz#2617 ok dtucker@ - Upstream-ID: ca2099eade1ef3e87a79614fefa26a0297ad8a3b + Upstream-ID: c1e9699b8c0e3b63cc4189e6972e3522b6292604 -commit e0453f3df64bf485c61c7eb6bd12893eee9fe2cd -Author: tedu@openbsd.org -Date: Mon Jul 11 03:19:44 2016 +0000 +commit c9792783a98881eb7ed295680013ca97a958f8ac +Author: Damien Miller +Date: Fri Nov 25 14:04:21 2016 +1100 - upstream commit + Add a gnome-ssh-askpass3 target for GTK+3 version - obsolete note about fascistloggin is obsolete. ok djm - dtucker + Based on patch from Colin Watson via bz#2640 + +commit 7be85ae02b9de0993ce0a1d1e978e11329f6e763 +Author: Damien Miller +Date: Fri Nov 25 14:03:53 2016 +1100 + + Make gnome-ssh-askpass2.c GTK+3-friendly - Upstream-ID: dae60df23b2bb0e89f42661ddd96a7b0d1b7215a + Patch from Colin Watson via bz#2640 -commit a2333584170a565adf4f209586772ef8053b10b8 -Author: Darren Tucker -Date: Thu Jul 14 10:59:09 2016 +1000 +commit b9844a45c7f0162fd1b5465683879793d4cc4aaa +Author: djm@openbsd.org +Date: Sun Dec 4 23:54:02 2016 +0000 - Add compat code for missing wcwidth. + upstream commit - If we don't have wcwidth force fallback implementations of nl_langinfo - and mbtowc. Based on advice from Ingo Schwarze. + Fix public key authentication when multiple + authentication is in use. Instead of deleting and re-preparing the entire + keys list, just reset the 'used' flags; the keys list is already in a good + order (with already- tried keys at the back) + + Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@ + + Upstream-ID: 7123f12dc2f3bcaae715853035a97923d7300176 -commit 8aaec7050614494014c47510b7e94daf6e644c62 -Author: Damien Miller -Date: Thu Jul 14 09:48:48 2016 +1000 +commit f2398eb774075c687b13af5bc22009eb08889abe +Author: dtucker@openbsd.org +Date: Sun Dec 4 22:27:25 2016 +0000 - fix missing include for systems with err.h + upstream commit + + Unlink PidFile on SIGHUP and always recreate it when the + new sshd starts. Regression tests (and possibly other things) depend on the + pidfile being recreated after SIGHUP, and unlinking it means it won't contain + a stale pid if sshd fails to restart. ok djm@ markus@ + + Upstream-ID: 132dd6dda0c77dd49d2f15b2573b5794f6160870 -commit 6310ef27a2567cda66d6cf0c1ad290ee1167f243 -Author: Darren Tucker -Date: Wed Jul 13 14:42:35 2016 +1000 +commit 85aa2efeba51a96bf6834f9accf2935d96150296 +Author: djm@openbsd.org +Date: Wed Nov 30 03:01:33 2016 +0000 - Move err.h replacements into compat lib. + upstream commit - Move implementations of err.h replacement functions into their own file - in the libopenbsd-compat so we can use them in kexfuzz.c too. ok djm@ + test new behaviour of cert force-command restriction vs. + authorized_key/ principals + + Upstream-Regress-ID: 399efa7469d40c404c0b0a295064ce75d495387c -commit f3f2cc8386868f51440c45210098f65f9787449a -Author: Darren Tucker -Date: Mon Jul 11 17:23:38 2016 +1000 +commit 5d333131cd8519d022389cfd3236280818dae1bc +Author: jmc@openbsd.org +Date: Wed Nov 30 06:54:26 2016 +0000 - Check for wchar.h and langinfo.h + upstream commit - Wrap includes in the appropriate #ifdefs. + tweak previous; while here fix up FILES and AUTHORS; + + Upstream-ID: 93f6e54086145a75df8d8ec7d8689bdadbbac8fa -commit b9c50614eba9d90939b2b119b6e1b7e03b462278 -Author: Damien Miller -Date: Fri Jul 8 13:59:13 2016 +1000 +commit 786d5994da79151180cb14a6cf157ebbba61c0cc +Author: djm@openbsd.org +Date: Wed Nov 30 03:07:37 2016 +0000 - whitelist more architectures for seccomp-bpf + upstream commit - bz#2590 - testing and patch from Jakub Jelen + add a whitelist of paths from which ssh-agent will load + (via ssh-pkcs11-helper) a PKCS#11 module; ok markus@ + + Upstream-ID: fe79769469d9cd6d26fe0dc15751b83ef2a06e8f -commit 18813a32b6fd964037e0f5e1893cb4468ac6a758 -Author: guenther@openbsd.org -Date: Mon Jul 4 18:01:44 2016 +0000 +commit 7844f357cdd90530eec81340847783f1f1da010b +Author: djm@openbsd.org +Date: Wed Nov 30 03:00:05 2016 +0000 upstream commit - DEBUGLIBS has been broken since the gcc4 switch, so delete - it. CFLAGS contains -g by default anyway + Add a sshd_config DisableForwaring option that disables + X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as + anything else we might implement in the future. - problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) - ok millert@ kettenis@ deraadt@ + This, like the 'restrict' authorized_keys flag, is intended to be a + simple and future-proof way of restricting an account. Suggested as + a complement to 'restrict' by Jann Horn; ok markus@ - Upstream-Regress-ID: 4a0bb72f95c63f2ae9daa8a040ac23914bddb542 + Upstream-ID: 203803f66e533a474086b38a59ceb4cf2410fcf7 -commit 6d31193d0baa3da339c196ac49625b7ba1c2ecc7 +commit fd6dcef2030d23c43f986d26979f84619c10589d Author: djm@openbsd.org -Date: Fri Jul 8 03:44:42 2016 +0000 +Date: Wed Nov 30 02:57:40 2016 +0000 upstream commit - Improve crypto ordering for Encrypt-then-MAC (EtM) mode - MAC algorithms. - - Previously we were computing the MAC, decrypting the packet and then - checking the MAC. This gave rise to the possibility of creating a - side-channel oracle in the decryption step, though no such oracle has - been identified. + When a forced-command appears in both a certificate and + an authorized keys/principals command= restriction, refuse to accept the + certificate unless they are identical. - This adds a mac_check() function that computes and checks the MAC in - one pass, and uses it to advance MAC checking for EtM algorithms to - before payload decryption. + The previous (documented) behaviour of having the certificate forced- + command override the other could be a bit confused and more error-prone. - Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and - Martin Albrecht. feedback and ok markus@ + Pointed out by Jann Horn of Project Zero; ok dtucker@ - Upstream-ID: 1999bb67cab47dda5b10b80d8155fe83d4a1867b + Upstream-ID: 79d811b6eb6bbe1221bf146dde6928f92d2cd05f -commit 71f5598f06941f645a451948c4a5125c83828e1c -Author: guenther@openbsd.org -Date: Mon Jul 4 18:01:44 2016 +0000 +commit 7fc4766ac78abae81ee75b22b7550720bfa28a33 +Author: dtucker@openbsd.org +Date: Wed Nov 30 00:28:31 2016 +0000 upstream commit - DEBUGLIBS has been broken since the gcc4 switch, so - delete it. CFLAGS contains -g by default anyway + On startup, check to see if sshd is already daemonized + and if so, skip the call to daemon() and do not rewrite the PidFile. This + means that when sshd re-execs itself on SIGHUP the process ID will no longer + change. Should address bz#2641. ok djm@ markus@. - problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) - ok millert@ kettenis@ deraadt@ + Upstream-ID: 5ea0355580056fb3b25c1fd6364307d9638a37b9 + +commit c9f880c195c65f1dddcbc4ce9d6bfea7747debcc +Author: Damien Miller +Date: Wed Nov 30 13:51:49 2016 +1100 + + factor out common PRNG reseed before privdrop - Upstream-ID: 96c5054e3e1f170c6276902d5bc65bb3b87a2603 + Add a call to RAND_poll() to ensure than more than pid+time gets + stirred into child processes states. Prompted by analysis from Jann + Horn at Project Zero. ok dtucker@ -commit e683fc6f1c8c7295648dbda679df8307786ec1ce +commit 79e4829ec81dead1b30999e1626eca589319a47f Author: dtucker@openbsd.org -Date: Thu Jun 30 05:17:05 2016 +0000 +Date: Fri Nov 25 03:02:01 2016 +0000 upstream commit - Explicitly check for 100% completion to avoid potential - floating point rounding error, which could cause progressmeter to report 99% - on completion. While there invert the test so the 100% case is clearer. with - & ok djm@ + Allow PuTTY interop tests to run unattended. bz#2639, + patch from cjwatson at debian.org. - Upstream-ID: a166870c5878e422f3c71ff802e2ccd7032f715d + Upstream-Regress-ID: 4345253558ac23b2082aebabccd48377433b6fe0 -commit 772e6cec0ed740fc7db618dc30b4134f5a358b43 -Author: jmc@openbsd.org -Date: Wed Jun 29 17:14:28 2016 +0000 +commit 504c3a9a1bf090f6b27260fc3e8ea7d984d163dc +Author: dtucker@openbsd.org +Date: Fri Nov 25 02:56:49 2016 +0000 upstream commit - sort the -o list; + Reverse args to sshd-log-wrapper. Matches change in + portable, where it allows sshd do be optionally run under Valgrind. - Upstream-ID: 1a97465ede8790b4d47cb618269978e07f41f8ac + Upstream-Regress-ID: b438d1c6726dc5caa2a45153e6103a0393faa906 -commit 46ecd19e554ccca15a7309cd1b6b44bc8e6b84af -Author: djm@openbsd.org -Date: Thu Jun 23 05:17:51 2016 +0000 +commit bd13017736ec2f8f9ca498fe109fb0035f322733 +Author: dtucker@openbsd.org +Date: Fri Nov 25 02:49:18 2016 +0000 upstream commit - fix AuthenticationMethods during configuration re-parse; - reported by Juan Francisco Cantero Hurtado + Fix typo in trace message; from portable. - Upstream-ID: 8ffa1dac25c7577eca8238e825317ab20848f9b4 + Upstream-Regress-ID: 4c4a2ba0d37faf5fd230a91b4c7edb5699fbd73a -commit 3147e7595d0f2f842a666c844ac53e6c7a253d7e -Author: djm@openbsd.org -Date: Sun Jun 19 07:48:02 2016 +0000 +commit 7da751d8b007c7f3e814fd5737c2351440d78b4c +Author: tb@openbsd.org +Date: Tue Nov 1 13:43:27 2016 +0000 upstream commit - revert 1.34; causes problems loading public keys + Clean up MALLOC_OPTIONS. For the unittests, move + MALLOC_OPTIONS and TEST_ENV to unittets/Makefile.inc. - reported by semarie@ + ok otto - Upstream-ID: b393794f8935c8b15d98a407fe7721c62d2ed179 + Upstream-Regress-ID: 890d497e0a38eeddfebb11cc429098d76cf29f12 -commit ad23a75509f4320d43f628c50f0817e3ad12bfa7 -Author: jmc@openbsd.org -Date: Fri Jun 17 06:33:30 2016 +0000 +commit 36f58e68221bced35e06d1cca8d97c48807a8b71 +Author: tb@openbsd.org +Date: Mon Oct 31 23:45:08 2016 +0000 upstream commit - grammar fix; + Remove the obsolete A and P flags from MALLOC_OPTIONS. - Upstream-ID: 5d5b21c80f1e81db367333ce0bb3e5874fb3e463 + ok dtucker + + Upstream-Regress-ID: 6cc25024c8174a87e5734a0dc830194be216dd59 -commit 5e28b1a2a3757548b40018cc2493540a17c82e27 -Author: djm@openbsd.org -Date: Fri Jun 17 05:06:23 2016 +0000 +commit b0899ee26a6630883c0f2350098b6a35e647f512 +Author: dtucker@openbsd.org +Date: Tue Nov 29 03:54:50 2016 +0000 upstream commit - translate OpenSSL error codes to something more - meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@ + Factor out code to disconnect from controlling terminal + into its own function. ok djm@ - Upstream-ID: 4cb0795a366381724314e6515d57790c5930ffe5 + Upstream-ID: 39fd9e8ebd7222615a837312face5cc7ae962885 -commit b64faeb5eda7eff8210c754d00464f9fe9d23de5 +commit 54d022026aae4f53fa74cc636e4a032d9689b64d Author: djm@openbsd.org -Date: Fri Jun 17 05:03:40 2016 +0000 +Date: Fri Nov 25 23:24:45 2016 +0000 upstream commit - ban AuthenticationMethods="" and accept - AuthenticationMethods=any for the default behaviour of not requiring multiple - authentication + use sshbuf_allocate() to pre-allocate the buffer used for + loading keys. This avoids implicit realloc inside the buffer code, which + might theoretically leave fragments of the key on the heap. This doesn't + appear to happen in practice for normal sized keys, but was observed for + novelty oversize ones. - bz#2398 from Jakub Jelen; ok dtucker@ + Pointed out by Jann Horn of Project Zero; ok markus@ - Upstream-ID: fabd7f44d59e4518d241d0d01e226435cc23cf27 + Upstream-ID: d620e1d46a29fdea56aeadeda120879eddc60ab1 -commit 9816fc5daee5ca924dd5c4781825afbaab728877 -Author: dtucker@openbsd.org -Date: Thu Jun 16 11:00:17 2016 +0000 +commit a9c746088787549bb5b1ae3add7d06a1b6d93d5e +Author: djm@openbsd.org +Date: Fri Nov 25 23:22:04 2016 +0000 upstream commit - Include stdarg.h for va_copy as per man page. + split allocation out of sshbuf_reserve() into a separate + sshbuf_allocate() function; ok markus@ - Upstream-ID: 105d6b2f1af2fbd9d91c893c436ab121434470bd + Upstream-ID: 11b8a2795afeeb1418d508a2c8095b3355577ec2 -commit b6cf84b51bc0f5889db48bf29a0c771954ade283 -Author: jmc@openbsd.org -Date: Thu Jun 16 06:10:45 2016 +0000 +commit f0ddedee460486fa0e32fefb2950548009e5026e +Author: markus@openbsd.org +Date: Wed Nov 23 23:14:15 2016 +0000 upstream commit - keys stored in openssh format can have comments too; diff - from yonas yanfa, tweaked a bit; - - ok djm + allow ClientAlive{Interval,CountMax} in Match; ok dtucker, + djm - Upstream-ID: 03d48536da6e51510d73ade6fcd44ace731ceb27 + Upstream-ID: 8beb4c1eadd588f1080b58932281983864979f55 -commit aa37768f17d01974b6bfa481e5e83841b6c76f86 -Author: Darren Tucker -Date: Mon Jun 20 15:55:34 2016 +1000 +commit 1a6f9d2e2493d445cd9ee496e6e3c2a2f283f66a +Author: djm@openbsd.org +Date: Tue Nov 8 22:04:34 2016 +0000 - get_remote_name_or_ip inside LOGIN_NEEDS_UTMPX + upstream commit - Apply the same get_remote_name_or_ip -> session_get_remote_name_or_ip - change as commit 95767262 to the code inside #ifdef LOGIN_NEEDS_UTMPX. - Fixes build on AIX. - -commit 009891afc8df37bc2101e15d1e0b6433cfb90549 -Author: Darren Tucker -Date: Fri Jun 17 14:34:09 2016 +1000 - - Remove duplicate code from PAM. ok djm@ + unbreak DenyUsers; reported by henning@ + + Upstream-ID: 1c67d4148f5e953c35acdb62e7c08ae8e33f7cb2 -commit e690fe85750e93fca1fb7c7c8587d4130a4f7aba -Author: dtucker@openbsd.org -Date: Wed Jun 15 00:40:40 2016 +0000 +commit 010359b32659f455fddd2bd85fd7cc4d7a3b994a +Author: djm@openbsd.org +Date: Sun Nov 6 05:46:37 2016 +0000 upstream commit - Remove "POSSIBLE BREAK-IN ATTEMPT!" from log message - about forward and reverse DNS not matching. We haven't supported IP-based - auth methods for a very long time so it's now misleading. part of bz#2585, - ok markus@ + Validate address ranges for AllowUser/DenyUsers at + configuration load time and refuse to accept bad ones. It was previously + possible to specify invalid CIDR address ranges (e.g. djm@127.1.2.3/55) and + these would always match. - Upstream-ID: 5565ef0ee0599b27f0bd1d3bb1f8a323d8274e29 - -commit 57b4ee04cad0d3e0fec1194753b0c4d31e39a1cd -Author: Darren Tucker -Date: Wed Jun 15 11:22:38 2016 +1000 - - Move platform_disable_tracing into its own file. + Thanks to Laurence Parry for a detailed bug report. ok markus (for + a previous diff version) - Prevents link errors resolving the extern "options" when platform.o - gets linked into ssh-agent when building --with-pam. + Upstream-ID: 9dfcdd9672b06e65233ea4434c38226680d40bfb -commit 78dc8e3724e30ee3e1983ce013e80277dc6ca070 -Author: Darren Tucker -Date: Tue Jun 14 13:55:12 2016 +1000 +commit efb494e81d1317209256b38b49f4280897c61e69 +Author: djm@openbsd.org +Date: Fri Oct 28 03:33:52 2016 +0000 - Track skipped upstream commit IDs. - - There are a small number of "upstream" commits that do not correspond to - a file in -portable. This file tracks those so that we can reconcile - OpenBSD and Portable to ensure that no commits are accidentally missed. + upstream commit - If you add something to .skipped-commit-ids please also add an upstream - ID line in the following format when you commit it. + Improve pkcs11_add_provider() logging: demote some + excessively verbose error()s to debug()s, include PKCS#11 provider name and + slot in log messages where possible. bz#2610, based on patch from Jakub Jelen - Upstream-ID: 321065a95a7ccebdd5fd08482a1e19afbf524e35 - Upstream-ID: d4f699a421504df35254cf1c6f1a7c304fb907ca - Upstream-ID: aafe246655b53b52bc32c8a24002bc262f4230f7 - Upstream-ID: 8fa9cd1dee3c3339ae329cf20fb591db6d605120 - Upstream-ID: f31327a48dd4103333cc53315ec53fe65ed8a17a - Upstream-ID: edbfde98c40007b7752a4ac106095e060c25c1ef - Upstream-ID: 052fd565e3ff2d8cec3bc957d1788f50c827f8e2 - Upstream-ID: 7cf73737f357492776223da1c09179fa6ba74660 - Upstream-ID: 180d84674be1344e45a63990d60349988187c1ae - Upstream-ID: f6ae971186ba68d066cd102e57d5b0b2c211a5ee + Upstream-ID: 3223ef693cfcbff9079edfc7e89f55bf63e1973d -commit 9f919d1a3219d476d6a662d18df058e1c4f36a6f +commit 5ee3fb5affd7646f141749483205ade5fc54adaf Author: Darren Tucker -Date: Tue Jun 14 13:51:01 2016 +1000 +Date: Tue Nov 1 08:12:33 2016 +1100 - Remove now-defunct .cvsignore files. ok djm + Use ptrace(PT_DENY_ATTACH, ..) on OS X. -commit 68777faf271efb2713960605c748f6c8a4b26d55 -Author: dtucker@openbsd.org -Date: Wed Jun 8 02:13:01 2016 +0000 +commit 315d2a4e674d0b7115574645cb51f968420ebb34 +Author: Damien Miller +Date: Fri Oct 28 14:34:07 2016 +1100 - upstream commit - - Back out rev 1.28 "Check min and max sizes sent by the - client" change. It caused "key_verify failed for server_host_key" in clients - that send a DH-GEX min value less that DH_GRP_MIN, eg old OpenSSH and PuTTY. - ok djm@ + Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL - Upstream-ID: 452979d3ca5c1e9dff063287ea0a5314dd091f65 + ok dtucker@ -commit a86ec4d0737ac5879223e7cd9d68c448df46e169 +commit a9ff3950b8e80ff971b4d44bbce96df27aed28af Author: Darren Tucker -Date: Tue Jun 14 10:48:27 2016 +1000 +Date: Fri Oct 28 14:26:58 2016 +1100 - Use Solaris setpflags(__PROC_PROTECT, ...). + Move OPENSSL_NO_RIPEMD160 to compat. - Where possible, use Solaris setpflags to disable process tracing on - ssh-agent and sftp-server. bz#2584, based on a patch from huieying.lee - at oracle.com, ok djm. + Move OPENSSL_NO_RIPEMD160 to compat and add ifdefs to mac.c around the + ripemd160 MACs. -commit 0f916d39b039fdc0b5baf9b5ab0754c0f11ec573 +commit bce58885160e5db2adda3054c3b81fe770f7285a Author: Darren Tucker -Date: Tue Jun 14 10:43:53 2016 +1000 +Date: Fri Oct 28 13:52:31 2016 +1100 - Shorten prctl code a tiny bit. + Check if RIPEMD160 is disabled in OpenSSL. -commit 0fb7f5985351fbbcd2613d8485482c538e5123be +commit d924640d4c355d1b5eca1f4cc60146a9975dbbff Author: Darren Tucker -Date: Thu Jun 9 16:23:07 2016 +1000 +Date: Fri Oct 28 13:38:19 2016 +1100 - Move prctl PR_SET_DUMPABLE into platform.c. + Skip ssh1 specfic ciphers. - This should make it easier to add additional platform support such as - Solaris (bz#2584). + cipher-3des1.c and cipher-bf1.c are specific to sshv1 so don't even try + to compile them when Protocol 1 is not enabled. -commit e6508898c3cd838324ecfe1abd0eb8cf802e7106 -Author: dtucker@openbsd.org -Date: Fri Jun 3 04:10:41 2016 +0000 +commit 79d078e7a49caef746516d9710ec369ba45feab6 +Author: jsg@openbsd.org +Date: Tue Oct 25 04:08:13 2016 +0000 upstream commit - Add a test for ssh(1)'s config file parsing. + Fix logic in add_local_forward() that inverted a test + when code was refactored out into bind_permitted(). This broke ssh port + forwarding for non-priv ports as a non root user. - Upstream-Regress-ID: 558b7f4dc45cc3761cc3d3e889b9f3c5bc91e601 + ok dtucker@ 'looks good' deraadt@ + + Upstream-ID: ddb8156ca03cc99997de284ce7777536ff9570c9 -commit ab0a536066dfa32def0bd7272c096ebb5eb25b11 +commit a903e315dee483e555c8a3a02c2946937f9b4e5d Author: dtucker@openbsd.org -Date: Fri Jun 3 03:47:59 2016 +0000 +Date: Mon Oct 24 01:09:17 2016 +0000 upstream commit - Add 'sshd' to the test ID as I'm about to add a similar - set for ssh. + Remove dead breaks, found via opencoverage.net. ok + deraadt@ - Upstream-Regress-ID: aea7a9c3bac638530165c801ce836875b228ae7a + Upstream-ID: ad9cc655829d67fad219762810770787ba913069 -commit a5577c1ed3ecdfe4b7b1107c526cae886fc91afb -Author: schwarze@openbsd.org -Date: Mon May 30 12:14:08 2016 +0000 +commit b4e96b4c9bea4182846e4942ba2048e6d708ee54 +Author: Darren Tucker +Date: Wed Oct 26 08:43:25 2016 +1100 - upstream commit - - stricter malloc.conf(5) options for utf8 tests + Use !=NULL instead of >0 for getdefaultproj. - Upstream-Regress-ID: 111efe20a0fb692fa1a987f6e823310f9b25abf6 + getdefaultproj() returns a pointer so test it for NULL inequality + instead of >0. Fixes compiler warning and is more correct. Patch from + David Binderman. -commit 75f0844b4f29d62ec3a5e166d2ee94b02df819fc -Author: schwarze@openbsd.org -Date: Mon May 30 12:05:56 2016 +0000 +commit 1c4ef0b808d3d38232aeeb1cebb7e9a43def42c5 +Author: dtucker@openbsd.org +Date: Sun Oct 23 22:04:05 2016 +0000 upstream commit - Fix two rare edge cases: 1. If vasprintf() returns < 0, - do not access a NULL pointer in snmprintf(), and do not free() the pointer - returned from vasprintf() because on some systems other than OpenBSD, it - might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and "" - rather than -1 and NULL. - - Besides, free(dst) is pointless after failure (not a bug). - - One half OK martijn@, the other half OK deraadt@; - committing quickly before people get hurt. + Factor out "can bind to low ports" check into its own function. This will + make it easier for Portable to support platforms with permissions models + other than uid==0 (eg bz#2625). ok djm@, "doesn't offend me too much" + deraadt@. - Upstream-Regress-ID: b164f20923812c9bac69856dbc1385eb1522cba4 + Upstream-ID: 86213df4183e92b8f189a6d2dac858c994bfface -commit 016881eb33a7948028848c90f4c7ac42e3af0e87 -Author: schwarze@openbsd.org -Date: Thu May 26 19:14:25 2016 +0000 +commit 0b9ee623d57e5de7e83e66fd61a7ba9a5be98894 +Author: dtucker@openbsd.org +Date: Wed Oct 19 23:21:56 2016 +0000 upstream commit - test the new utf8 module + When tearing down ControlMaster connecctions, don't + pollute stderr when LogLevel=quiet. Patch from Tim Kuijsten via tech@. - Upstream-Regress-ID: c923d05a20e84e4ef152cbec947fdc4ce6eabbe3 + Upstream-ID: d9b3a68b2a7c2f2fc7f74678e29a4618d55ceced -commit d4219028bdef448e089376f3afe81ef6079da264 -Author: dtucker@openbsd.org -Date: Tue May 3 15:30:46 2016 +0000 +commit 09e6a7d8354224933febc08ddcbc2010f542284e +Author: Darren Tucker +Date: Mon Oct 24 09:06:18 2016 +1100 - upstream commit - - Set umask to prevent "Bad owner or permissions" errors. - - Upstream-Regress-ID: 8fdf2fc4eb595ccd80c443f474d639f851145417 + Wrap stdint.h include in ifdef. -commit 07d5608bb237e9b3fe86a2aeaa429392230faebf -Author: djm@openbsd.org -Date: Tue May 3 14:41:04 2016 +0000 +commit 08d9e9516e587b25127545c029e5464b2e7f2919 +Author: Darren Tucker +Date: Fri Oct 21 09:46:46 2016 +1100 - upstream commit - - support doas - - Upstream-Regress-ID: 8d5572b27ea810394eeda432d8b4e9e1064a7c38 + Fix formatting. -commit 01cabf10adc7676cba5f40536a34d3b246edb73f -Author: djm@openbsd.org -Date: Tue May 3 13:48:33 2016 +0000 +commit 461f50e7ab8751d3a55e9158c44c13031db7ba1d +Author: Darren Tucker +Date: Fri Oct 21 06:55:58 2016 +1100 - upstream commit - - unit tests for sshbuf_dup_string() + Update links to https. - Upstream-Regress-ID: 7521ff150dc7f20511d1c2c48fd3318e5850a96d + www.openssh.com now supports https and ftp.openbsd.org no longer + supports ftp. Make all links to these https. -commit 6915f1698e3d1dd4e22eac20f435e1dfc1d46372 -Author: jmc@openbsd.org -Date: Fri Jun 3 06:44:12 2016 +0000 +commit dd4e7212a6141f37742de97795e79db51e4427ad +Author: Darren Tucker +Date: Fri Oct 21 06:48:46 2016 +1100 - upstream commit - - tweak previous; + Update host key generation examples. - Upstream-ID: 92979f1a0b63e041a0e5b08c9ed0ba9b683a3698 + Remove ssh1 host key generation, add ssh-keygen -A -commit 0cb2f4c2494b115d0f346ed2d8b603ab3ba643f4 -Author: dtucker@openbsd.org -Date: Fri Jun 3 04:09:38 2016 +0000 +commit 6d49ae82634c67e9a4d4af882bee20b40bb8c639 +Author: Darren Tucker +Date: Fri Oct 21 05:22:55 2016 +1100 - upstream commit + Update links. - Allow ExitOnForwardFailure and ClearAllForwardings to be - overridden when using ssh -W (but still default to yes in that case). - bz#2577, ok djm@. + Make links to openssh.com HTTPS now that it's supported, point release + notes link to the HTML release notes page, and update a couple of other + links and bits of text. + +commit fe0d1ca6ace06376625084b004ee533f2c2ea9d6 +Author: Darren Tucker +Date: Thu Oct 20 03:42:09 2016 +1100 + + Remote channels .orig and .rej files. - Upstream-ID: 4b20c419e93ca11a861c81c284090cfabc8c54d4 + These files were incorrectly added during an OpenBSD sync. -commit 8543ff3f5020fe659839b15f05b8c522bde6cee5 +commit 246aa842a4ad368d8ce030495e657ef3a0e1f95c Author: dtucker@openbsd.org -Date: Fri Jun 3 03:14:41 2016 +0000 +Date: Tue Oct 18 17:32:54 2016 +0000 upstream commit - Move the host and port used by ssh -W into the Options - struct. This will make future changes a bit easier. ok djm@ + Remove channel_input_port_forward_request(); the only caller + was the recently-removed SSH1 server code so it's now dead code. ok markus@ - Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382 + Upstream-ID: 05453983230a1f439562535fec2818f63f297af9 -commit 6b87311d3acdc460f926b2c40f4c4f3fd345f368 -Author: dtucker@openbsd.org -Date: Wed Jun 1 04:19:49 2016 +0000 +commit 2c6697c443d2c9c908260eed73eb9143223e3ec9 +Author: millert@openbsd.org +Date: Tue Oct 18 12:41:22 2016 +0000 upstream commit - Check min and max sizes sent by the client against what - we support before passing them to the monitor. ok djm@ + Install a signal handler for tty-generated signals and + wait for the ssh child to suspend before suspending sftp. This lets ssh + restore the terminal mode as needed when it is suspended at the password + prompt. OK dtucker@ - Upstream-ID: 750627e8117084215412bff00a25b1586ab17ece + Upstream-ID: a31c1f42aa3e2985dcc91e46e6a17bd22e372d69 -commit 564cd2a8926ccb1dca43a535073540935b5e0373 -Author: dtucker@openbsd.org -Date: Tue May 31 23:46:14 2016 +0000 +commit fd2a8f1033fa2316fff719fd5176968277560158 +Author: jmc@openbsd.org +Date: Sat Oct 15 19:56:25 2016 +0000 upstream commit - Ensure that the client's proposed DH-GEX max value is at - least as big as the minimum the server will accept. ok djm@ + various formatting fixes, specifically removing Dq; - Upstream-ID: b4b84fa04aab2de7e79a6fee4a6e1c189c0fe775 - -commit df820722e40309c9b3f360ea4ed47a584ed74333 -Author: Darren Tucker -Date: Mon Jun 6 11:36:13 2016 +1000 - - Add compat bits to utf8.c. + Upstream-ID: 81e85df2b8e474f5f93d66e61d9a4419ce87347c -commit 05c6574652571becfe9d924226c967a3f4b3f879 +commit 8f866d8a57b9a2dc5dd04504e27f593b551618e3 Author: Darren Tucker -Date: Mon Jun 6 11:33:43 2016 +1000 - - Fix utf->utf8 typo. - -commit 6c1717190b4d5ddd729cd9e24e8ed71ed4f087ce -Author: schwarze@openbsd.org -Date: Mon May 30 18:34:41 2016 +0000 +Date: Wed Oct 19 03:26:09 2016 +1100 - upstream commit - - Backout rev. 1.43 for now. - - The function update_progress_meter() calls refresh_progress_meter() - which calls snmprintf() which calls malloc(); but update_progress_meter() - acts as the SIGALRM signal handler. - - "malloc(): error: recursive call" reported by sobrado@. + Import readpassphrase.c rev 1.26. - Upstream-ID: aaae57989431e5239c101f8310f74ccc83aeb93e + Author: miller@openbsd.org: + Avoid generate SIGTTOU when restoring the terminal mode. If we get + SIGTTOU it means the process is not in the foreground process group + which, in most cases, means that the shell has taken control of the tty. + Requiring the user the fg the process in this case doesn't make sense + and can result in both SIGTSTP and SIGTTOU being sent which can lead to + the process being suspended again immediately after being brought into + the foreground. -commit cd9e1eabeb4137182200035ab6fa4522f8d24044 -Author: schwarze@openbsd.org -Date: Mon May 30 12:57:21 2016 +0000 +commit f901440cc844062c9bab0183d133f7ccc58ac3a5 +Author: Darren Tucker +Date: Wed Oct 19 03:23:16 2016 +1100 - upstream commit - - Even when only writing an unescaped character, the dst - buffer may need to grow, or it would be overrun; issue found by tb@ with - malloc.conf(5) 'C'. - - While here, reserve an additional byte for the terminating NUL - up front such that we don't have to realloc() later just for that. + Import readpassphrase.c rev 1.25. - OK tb@ + Wrap so internal calls go direct and + readpassphrase is weak. - Upstream-ID: 30ebcc0c097c4571b16f0a78b44969f170db0cff + (DEF_WEAK is a no-op in portable.) -commit ac284a355f8065eaef2a16f446f3c44cdd17371d -Author: schwarze@openbsd.org -Date: Mon May 30 12:05:56 2016 +0000 +commit 032147b69527e5448a511049b2d43dbcae582624 +Author: Darren Tucker +Date: Sat Oct 15 05:51:12 2016 +1100 - upstream commit - - Fix two rare edge cases: 1. If vasprintf() returns < 0, - do not access a NULL pointer in snmprintf(), and do not free() the pointer - returned from vasprintf() because on some systems other than OpenBSD, it - might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and "" - rather than -1 and NULL. + Move DEF_WEAK into defines.h. - Besides, free(dst) is pointless after failure (not a bug). + As well pull in more recent changes from OpenBSD these will start to + arrive so put it where the definition is shared. + +commit e0259a82ddd950cfb109ddee86fcebbc09c6bd04 +Author: Darren Tucker +Date: Sat Oct 15 04:34:46 2016 +1100 + + Remove do_pam_set_tty which is dead code. - One half OK martijn@, the other half OK deraadt@; - committing quickly before people get hurt. + The callers of do_pam_set_tty were removed in 2008, so this is now dead + code. bz#2604, pointed out by jjelen at redhat.com. + +commit ca04de83f210959ad2ed870a30ba1732c3ae00e3 +Author: Damien Miller +Date: Thu Oct 13 18:53:43 2016 +1100 + + unbreak principals-command test - Upstream-ID: b7bcd2e82fc168a8eff94e41f5db336ed986fed0 + Undo inconsistetly updated variable name. -commit 0e059cdf5fd86297546c63fa8607c24059118832 -Author: schwarze@openbsd.org -Date: Wed May 25 23:48:45 2016 +0000 +commit 1723ec92eb485ce06b4cbf49712d21975d873909 +Author: djm@openbsd.org +Date: Tue Oct 11 21:49:54 2016 +0000 upstream commit - To prevent screwing up terminal settings when printing to - the terminal, for ASCII and UTF-8, escape bytes not forming characters and - bytes forming non-printable characters with vis(3) VIS_OCTAL. For other - character sets, abort printing of the current string in these cases. In - particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * - sanitize data received from the remote host; * sanitize filenames, usernames, - and similar data even locally; * take character display widths into account - for the progressmeter. - - This is believed to be sufficient to keep the local terminal safe - on OpenBSD, but bad things can still happen on other systems with - state-dependent locales because many places in the code print - unencoded ASCII characters into the output stream. - - Using feedback from djm@ and martijn@, - various aspects discussed with many others. - - deraadt@ says it should go in now, i probably already hesitated too long + fix the KEX fuzzer - the previous method of obtaining the + packet contents was broken. This now uses the new per-packet input hook, so + it sees exact post-decrypt packets and doesn't have to pass packet integrity + checks. ok markus@ - Upstream-ID: e66afbc94ee396ddcaffd433b9a3b80f387647e0 + Upstream-Regress-ID: 402fb6ffabd97de590e8e57b25788949dce8d2fd -commit 8c02e3639acefe1e447e293dbe23a0917abd3734 -Author: dtucker@openbsd.org -Date: Tue May 24 04:43:45 2016 +0000 +commit 09f997893f109799cddbfce6d7e67f787045cbb2 +Author: natano@openbsd.org +Date: Thu Oct 6 09:31:38 2016 +0000 upstream commit - KNF compression proposal and simplify the client side a - little. ok djm@ + Move USER out of the way to unbreak the BUILDUSER + mechanism. ok tb - Upstream-ID: aa814b694efe9e5af8a26e4c80a05526ae6d6605 + Upstream-Regress-ID: 74ab9687417dd071d62316eaadd20ddad1d5af3c -commit 7ec4946fb686813eb5f8c57397e465f5485159f4 -Author: dtucker@openbsd.org -Date: Tue May 24 02:31:57 2016 +0000 +commit 3049a012c482a7016f674db168f23fd524edce27 +Author: bluhm@openbsd.org +Date: Fri Sep 30 11:55:20 2016 +0000 upstream commit - Back out 'plug memleak'. + In ssh tests set REGRESS_FAIL_EARLY with ?= so that the + environment can change it. OK djm@ - Upstream-ID: 4faacdde136c24a961e24538de373660f869dbc0 + Upstream-Regress-ID: 77bcb50e47b68c7209c7f0a5a020d73761e5143b -commit 82f24c3ddc52053aeb7beb3332fa94c92014b0c5 +commit 39af7b444db28c1cb01b7ea468a4f574a44f375b Author: djm@openbsd.org -Date: Mon May 23 23:30:50 2016 +0000 +Date: Tue Oct 11 21:47:45 2016 +0000 upstream commit - prefer agent-hosted keys to keys from PKCS#11; ok markus + Add a per-packet input hook that is called with the + decrypted packet contents. This will be used for fuzzing; ok markus@ - Upstream-ID: 7417f7653d58d6306d9f8c08d0263d050e2fd8f4 + Upstream-ID: a3221cee6b1725dd4ae1dd2c13841b4784cb75dc -commit a0cb7778fbc9b43458f7072eb68dd858766384d1 -Author: dtucker@openbsd.org -Date: Mon May 23 00:17:27 2016 +0000 +commit ec165c392ca54317dbe3064a8c200de6531e89ad +Author: markus@openbsd.org +Date: Mon Oct 10 19:28:48 2016 +0000 upstream commit - Plug mem leak in filter_proposal. ok djm@ + Unregister the KEXINIT handler after message has been + received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause + allocation of up to 128MB -- until the connection is closed. Reported by + shilei-c at 360.cn - Upstream-ID: bf968da7cfcea2a41902832e7d548356a4e2af34 + Upstream-ID: 43649ae12a27ef94290db16d1a98294588b75c05 -commit ae9c0d4d5c581b3040d1f16b5c5f4b1cd1616743 +commit 29d40319392e6e19deeca9d45468aa1119846e50 Author: Darren Tucker -Date: Fri Jun 3 16:03:44 2016 +1000 +Date: Thu Oct 13 04:07:20 2016 +1100 - Update vis.h and vis.c from OpenBSD. + Import rev 1.24 from OpenBSD. - This will be needed for the upcoming utf8 changes. - -commit e1d93705f8f48f519433d6ca9fc3d0abe92a1b77 -Author: Tim Rice -Date: Tue May 31 11:13:22 2016 -0700 - - modified: configure.ac - whitspace clean up. No code changes. + revision 1.24 + date: 2013/11/24 23:51:29; author: deraadt; state: Exp; lines: +4 -4; + most obvious unsigned char casts for ctype + ok jca krw ingo -commit 604a037d84e41e31f0aec9075df0b8740c130200 -Author: Damien Miller -Date: Tue May 31 16:45:28 2016 +1000 +commit 12069e56221de207ed666c2449dedb431a2a7ca2 +Author: Darren Tucker +Date: Thu Oct 13 04:04:44 2016 +1100 - whitespace at EOL + Import rev 1.23 from OpenBSD. Fixes bz#2619. + + revision 1.23 + date: 2010/05/14 13:30:34; author: millert; state: Exp; lines: +41 -39; + Defer installing signal handlers until echo is disabled so that we + get suspended normally when not the foreground process. Fix potential + infinite loop when restoring terminal settings if process is in the + background when restore occurs. OK miod@ -commit 18424200160ff5c923113e0a37ebe21ab7bcd17c +commit 7508d83eff89af069760b4cc587305588a64e415 Author: Darren Tucker -Date: Mon May 30 19:35:28 2016 +1000 +Date: Thu Oct 13 03:53:51 2016 +1100 - Add missing ssh-host-config --name option + If we don't have TCSASOFT, define it to zero. - Patch from vinschen@redhat.com. + This makes it a no-op when we use it below, which allows us to re-sync + those lines with the upstream and make future updates easier. -commit 39c0cecaa188a37a2e134795caa68e03f3ced592 -Author: Darren Tucker -Date: Fri May 20 10:01:58 2016 +1000 +commit aae4dbd4c058d3b1fe1eb5c4e6ddf35827271377 +Author: jmc@openbsd.org +Date: Fri Oct 7 14:41:52 2016 +0000 - Fix comment about sshpam_const and AIX. + upstream commit - From mschwager via github. + tidy up the formatting in this file. more specifically, + replace .Dq, which looks appalling, with .Cm, where appropriate; + + Upstream-ID: ff8e90aa0343d9bb56f40a535e148607973cc738 -commit f64062b1f74ad5ee20a8a49aab2732efd0f7ce30 -Author: Damien Miller -Date: Fri May 20 09:56:53 2016 +1000 +commit a571dbcc7b7b25371174569b13df5159bc4c6c7a +Author: djm@openbsd.org +Date: Tue Oct 4 21:34:40 2016 +0000 - Deny lstat syscalls in seccomp sandbox + upstream commit - Avoids sandbox violations for some krb/gssapi libraries. + add a comment about implicitly-expected checks to + sshkey_ec_validate_public() + + Upstream-ID: 74a7f71c28f7c13a50f89fc78e7863b9cd61713f -commit 531c135409b8d8810795b1f3692a4ebfd5c9cae0 +commit 2f78a2a698f4222f8e05cad57ac6e0c3d1faff00 Author: djm@openbsd.org -Date: Thu May 19 07:45:32 2016 +0000 +Date: Fri Sep 30 20:24:46 2016 +0000 upstream commit - fix type of ed25519 values + fix some -Wpointer-sign warnings in the new mux proxy; ok + markus@ - Upstream-ID: b32d0cb372bbe918ca2de56906901eae225a59b0 + Upstream-ID: b1ba7b3769fbc6b7f526792a215b0197f5e55dfd -commit 75e21688f523799c9e0cc6601d76a9c5ca79f787 -Author: markus@openbsd.org -Date: Wed May 4 14:32:26 2016 +0000 +commit ca71c36645fc26fcd739a8cfdc702cec85607761 +Author: bluhm@openbsd.org +Date: Wed Sep 28 20:09:52 2016 +0000 upstream commit - add IdentityAgent; noticed & ok jmc@ + Add a makefile rule to create the ssh library when + regress needs it. This allows to run the ssh regression tests without doing + a "make build" before. Discussed with dtucker@ and djm@; OK djm@ - Upstream-ID: 4ba9034b00a4cf1beae627f0728da897802df88a + Upstream-Regress-ID: ce489bd53afcd471225a125b4b94565d4717c025 -commit 1a75d14daf4b60db903e6103cf50e74e0cd0a76b -Author: markus@openbsd.org -Date: Wed May 4 14:29:58 2016 +0000 +commit ce44c970f913d2a047903dba8670554ac42fc479 +Author: bluhm@openbsd.org +Date: Mon Sep 26 21:34:38 2016 +0000 upstream commit - allow setting IdentityAgent to SSH_AUTH_SOCK; ok djm@ + Allow to run ssh regression tests as root. If the user + is already root, the test should not expect that SUDO is set. If ssh needs + another user, use sudo or doas to switch from root if necessary. OK dtucker@ - Upstream-ID: 20c508480d8db3eef18942c0fc39b1fcf25652ac + Upstream-Regress-ID: b464e55185ac4303529e3e6927db41683aaeace2 -commit 0516454151ae722fc8256c3c56115c6baf24c5b0 +commit 8d0578478586e283e751ca51e7b0690631da139a Author: markus@openbsd.org -Date: Wed May 4 14:22:33 2016 +0000 +Date: Fri Sep 30 09:19:13 2016 +0000 upstream commit - move SSH_MSG_NONE, so we don't have to include ssh1.h; - ok deraadt@ + ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux + client speaks the ssh-packet protocol directly over unix-domain socket. - mux + server acts as a proxy, translates channel IDs and relays to the server. - no + filedescriptor passing necessary. - combined with unix-domain forwarding it's + even possible to run mux client and server on different machines. feedback + & ok djm@ - Upstream-ID: c2f97502efc761a41b18c17ddf460e138ca7994e + Upstream-ID: 666a2fb79f58e5c50e246265fb2b9251e505c25b -commit 332ff3d770631e7513fea38cf0d3689f673f0e3f -Author: Damien Miller -Date: Tue May 10 09:51:06 2016 +1000 +commit b7689155f3f5c4999846c07a852b1c7a43b09cec +Author: djm@openbsd.org +Date: Wed Sep 28 21:44:52 2016 +0000 - initialise salen in binresvport_sa + upstream commit + + put back some pre-auth zlib bits that I shouldn't have + removed - they are still used by the client. Spotted by naddy@ + + Upstream-ID: 80919468056031037d56a1f5b261c164a6f90dc2 + +commit 4577adead6a7d600c8e764619d99477a08192c8f +Author: djm@openbsd.org +Date: Wed Sep 28 20:32:42 2016 +0000 + + upstream commit + + restore pre-auth compression support in the client -- the + previous commit was intended to remove it from the server only. + + remove a few server-side pre-auth compression bits that escaped + + adjust wording of Compression directive in sshd_config(5) - avoids failures with UsePrivilegedPort=yes + pointed out by naddy@ ok markus@ - patch from Juan Gallego + Upstream-ID: d23696ed72a228dacd4839dd9f2dec424ba2016b -commit c5c1d5d2f04ce00d2ddd6647e61b32f28be39804 -Author: markus@openbsd.org -Date: Wed May 4 14:04:40 2016 +0000 +commit 80d1c963b4dc84ffd11d09617b39c4bffda08956 +Author: jmc@openbsd.org +Date: Wed Sep 28 17:59:22 2016 +0000 upstream commit - missing const in prototypes (ssh1) + use a separate TOKENS section, as we've done for + sshd_config(5); help/ok djm - Upstream-ID: 789c6ad4928b5fa557369b88c3a6a34926082c05 + Upstream-ID: 640e32b5e4838e4363738cdec955084b3579481d -commit 9faae50e2e82ba42eb0cb2726bf6830fe7948f28 -Author: dtucker@openbsd.org -Date: Wed May 4 14:00:09 2016 +0000 +commit 1cfd5c06efb121e58e8b6671548fda77ef4b4455 +Author: Damien Miller +Date: Thu Sep 29 03:19:23 2016 +1000 - upstream commit - - Fix inverted logic for updating StreamLocalBindMask which - would cause the server to set an invalid mask. ok djm@ + Remove portability support for mmap - Upstream-ID: 8a4404c8307a5ef9e07ee2169fc6d8106b527587 + We no longer need to wrap/replace mmap for portability now that + pre-auth compression has been removed from OpenSSH. -commit b02ad1ce9105bfa7394ac7590c0729dd52e26a81 -Author: markus@openbsd.org -Date: Wed May 4 12:21:53 2016 +0000 +commit 0082fba4efdd492f765ed4c53f0d0fbd3bdbdf7f +Author: djm@openbsd.org +Date: Wed Sep 28 16:33:06 2016 +0000 upstream commit - IdentityAgent for specifying specific agent sockets; ok - djm@ + Remove support for pre-authentication compression. Doing + compression early in the protocol probably seemed reasonable in the 1990s, + but today it's clearly a bad idea in terms of both cryptography (cf. multiple + compression oracle attacks in TLS) and attack surface. - Upstream-ID: 3e6a15eb89ea0fd406f108826b7dc7dec4fbfac1 + Moreover, to support it across privilege-separation zlib needed + the assistance of a complex shared-memory manager that made the + required attack surface considerably larger. + + Prompted by Guido Vranken pointing out a compiler-elided security + check in the shared memory manager found by Stack + (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ + + NB. pre-auth authentication has been disabled by default in sshd + for >10 years. + + Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf -commit 910e59bba09ac309d78ce61e356da35292212935 +commit 27c3a9c2aede2184856b5de1e6eca414bb751c38 Author: djm@openbsd.org -Date: Wed May 4 12:16:39 2016 +0000 +Date: Mon Sep 26 21:16:11 2016 +0000 upstream commit - fix junk characters after quotes + Avoid a theoretical signed integer overflow should + BN_num_bytes() ever violate its manpage and return a negative value. Improve + order of tests to avoid confusing increasingly pedantic compilers. - Upstream-ID: cc4d0cd32cb6b55a2ef98975d2f7ae857d0dc578 + Reported by Guido Vranken from stack (css.csail.mit.edu/stack) + unstable optimisation analyser output. ok deraadt@ + + Upstream-ID: f8508c830c86d8f36c113985e52bf8eedae23505 -commit 9283884e647b8be50ccd2997537af0065672107d -Author: jmc@openbsd.org -Date: Tue May 3 18:38:12 2016 +0000 +commit 8663e51c80c6aa3d750c6d3bcff6ee05091922be +Author: Damien Miller +Date: Wed Sep 28 07:40:33 2016 +1000 - upstream commit - - correct article; + fix mdoc2man.awk formatting for top-level lists - Upstream-ID: 1fbd5b7ab16d2d9834ec79c3cedd4738fa42a168 + Reported by Glenn Golden + Diagnosis and fix from Ingo Schwarze -commit cfefbcea1057c2623e76c579174a4107a0b6e6cd +commit b97739dc21570209ed9d4e7beee0c669ed23b097 Author: djm@openbsd.org -Date: Tue May 3 15:57:39 2016 +0000 +Date: Thu Sep 22 21:15:41 2016 +0000 upstream commit - fix overriding of StreamLocalBindMask and - StreamLocalBindUnlink in Match blocks; found the hard way Rogan Dawes + missing bit from previous commit - Upstream-ID: 940bc69ec0249ab428d24ccd0722ce35cb932ee2 + Upstream-ID: 438d5ed6338b28b46e822eb13eee448aca31df37 -commit 771c2f51ffc0c9a2877b7892fada0c77bd1f6549 -Author: djm@openbsd.org -Date: Tue May 3 15:25:06 2016 +0000 +commit de6a175a99d22444e10d19ad3fffef39bc3ee3bb +Author: jmc@openbsd.org +Date: Thu Sep 22 19:19:01 2016 +0000 upstream commit - don't forget to include StreamLocalBindUnlink in the - config dump output + organise the token stuff into a separate section; ok + markus for an earlier version of the diff ok/tweaks djm - Upstream-ID: 14a6d970b3b45c8e94272e3c661e9a0b2a0ee7cb + Upstream-ID: 81a6daa506a4a5af985fce7cf9e59699156527c8 -commit cdcd941994dc430f50d0a4e6a712d32b66e6199e +commit 16277fc45ffc95e4ffc3d45971ff8320b974de2b Author: djm@openbsd.org -Date: Tue May 3 14:54:08 2016 +0000 +Date: Thu Sep 22 17:55:13 2016 +0000 upstream commit - make nethack^wrandomart fingerprint flag more readily - searchable pointed out by Matt Johnston + mention curve25519-sha256 KEX - Upstream-ID: cb40d0235dc153c478c1aad3bc60b195422a54fb + Upstream-ID: 33ae1f433ce4795ffa6203761fbdf86e0d7ffbaf -commit 05855bf2ce7d5cd0a6db18bc0b4214ed5ef7516d +commit 0493766d5676c7ca358824ea8d3c90f6047953df Author: djm@openbsd.org -Date: Tue May 3 13:10:24 2016 +0000 +Date: Thu Sep 22 17:52:53 2016 +0000 upstream commit - clarify ordering of subkeys; pointed out by ietf-ssh AT - stbuehler.de + support plain curve25519-sha256 KEX algorithm now that it + is approaching standardisation (same algorithm is currently supported as + curve25519-sha256@libssh.org) - Upstream-ID: 05ebe9f949449a555ebce8e0aad7c8c9acaf8463 + Upstream-ID: 5e2b6db2e72667048cf426da43c0ee3fc777baa2 -commit cca3b4395807bfb7aaeb83d2838f5c062ce30566 +commit f31c654b30a6f02ce0b8ea8ab81791b675489628 Author: dtucker@openbsd.org -Date: Tue May 3 12:15:49 2016 +0000 +Date: Thu Sep 22 02:29:57 2016 +0000 upstream commit - Use a subshell for constructing key types to work around - different sed behaviours for -portable. + If ssh receives a PACKET_DISCONNECT during userauth it + will cause ssh_dispatch_run(DISPATCH_BLOCK, ...) to return without the + session being authenticated. Check for this and exit if necessary. ok djm@ - Upstream-Regress-ID: 0f6eb673162df229eda9a134a0f10da16151552d + Upstream-ID: b3afe126c0839d2eae6cddd41ff2ba317eda0903 -commit fa58208c6502dcce3e0daac0ca991ee657daf1f5 +commit 1622649b7a829fc8dc313042a43a974f0f3e8a99 Author: djm@openbsd.org -Date: Tue May 3 10:27:59 2016 +0000 +Date: Wed Sep 21 19:53:12 2016 +0000 upstream commit - correct some typos and remove a long-stale XXX note. - - add specification for ed25519 certificates - - mention no host certificate options/extensions are currently defined - - pointed out by Simon Tatham + correctly return errors from kex_send_ext_info(). Fix from + Sami Farin via https://github.com/openssh/openssh-portable/pull/50 - Upstream-ID: 7b535ab7dba3340b7d8210ede6791fdaefdf839a + Upstream-ID: c85999af28aaecbf92cfa2283381df81e839b42c -commit b466f956c32cbaff4200bfcd5db6739fe4bc7d04 +commit f83a0cfe16c7a73627b46a9a94e40087d60f32fb Author: djm@openbsd.org -Date: Tue May 3 10:24:27 2016 +0000 +Date: Wed Sep 21 17:44:20 2016 +0000 upstream commit - add ed25519 keys that are supported but missing from this - documents; from Peter Moody + cast uint64_t for printf - Upstream-ID: 8caac2d8e8cfd2fca6dc304877346e0a064b014b + Upstream-ID: 76d23e89419ccbd2320f92792a6d878211666ac1 -commit 7f3d76319a69dab2efe3a520a8fef5b97e923636 -Author: dtucker@openbsd.org -Date: Tue May 3 09:03:49 2016 +0000 +commit 5f63ab474f58834feca4f35c498be03b7dd38a16 +Author: djm@openbsd.org +Date: Wed Sep 21 17:03:54 2016 +0000 upstream commit - Implement IUTF8 as per draft-sgtatham-secsh-iutf8-00. Patch - from Simon Tatham, ok markus@ + disable tests for affirmative negated match after backout of + match change - Upstream-ID: 58268ebdf37d9d467f78216c681705a5e10c58e8 + Upstream-Regress-ID: acebb8e5042f03d66d86a50405c46c4de0badcfd -commit 31bc01c05d9f51bee3ebe33dc57c4fafb059fb62 +commit a5ad3a9db5a48f350f257a67b62fafd719ecb7e0 Author: djm@openbsd.org -Date: Mon May 2 14:10:58 2016 +0000 +Date: Wed Sep 21 16:55:42 2016 +0000 upstream commit - unbreak config parsing on reexec from previous commit + Revert two recent changes to negated address matching. The + new behaviour offers unintuitive surprises. We'll find a better way to deal + with single negated matches. - Upstream-ID: bc69932638a291770955bd05ca55a32660a613ab + match.c 1.31: + > fix matching for pattern lists that contain a single negated match, + > e.g. "Host !example" + > + > report and patch from Robin Becker. bz#1918 ok dtucker@ + + addrmatch.c 1.11: + > fix negated address matching where the address list consists of a + > single negated match, e.g. "Match addr !192.20.0.1" + > + > Report and patch from Jakub Jelen. bz#2397 ok dtucker@ + + Upstream-ID: ec96c770f0f5b9a54e5e72fda25387545e9c80c6 -commit 67f1459efd2e85bf03d032539283fa8107218936 +commit 119b7a2ca0ef2bf3f81897ae10301b8ca8cba844 Author: djm@openbsd.org -Date: Mon May 2 09:52:00 2016 +0000 +Date: Wed Sep 21 01:35:12 2016 +0000 upstream commit - unit and regress tests for SHA256/512; ok markus + test all the AuthorizedPrincipalsCommand % expansions - Upstream-Regress-ID: a0cd1a92dc824067076a5fcef83c18df9b0bf2c6 + Upstream-Regress-ID: 0a79a84dfaa59f958e46b474c3db780b454d30e3 -commit 0e8eeec8e75f6d0eaf33317376f773160018a9c7 +commit bfa9d969ab6235d4938ce069d4db7e5825c56a19 Author: djm@openbsd.org -Date: Mon May 2 10:26:04 2016 +0000 +Date: Wed Sep 21 01:34:45 2016 +0000 upstream commit - add support for additional fixed DH groups from - draft-ietf-curdle-ssh-kex-sha2-03 - - diffie-hellman-group14-sha256 (2K group) - diffie-hellman-group16-sha512 (4K group) - diffie-hellman-group18-sha512 (8K group) - - based on patch from Mark D. Baushke and Darren Tucker - ok markus@ + add a way for principals command to get see key ID and serial + too - Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f + Upstream-ID: 0d30978bdcf7e8eaeee4eea1b030eb2eb1823fcb -commit 57464e3934ba53ad8590ee3ccd840f693407fc1e +commit 920585b826af1c639e4ed78b2eba01fd2337b127 Author: djm@openbsd.org -Date: Mon May 2 09:36:42 2016 +0000 +Date: Fri Sep 16 06:09:31 2016 +0000 upstream commit - support SHA256 and SHA512 RSA signatures in certificates; - ok markus@ + add a note on kexfuzz' limitations - Upstream-ID: b45be2f2ce8cacd794dc5730edaabc90e5eb434a + Upstream-Regress-ID: 03804d4a0dbc5163e1a285a4c8cc0a76a4e864ec -commit 1a31d02b2411c4718de58ce796dbb7b5e14db93e +commit 0445ff184080b196e12321998b4ce80b0f33f8d1 Author: djm@openbsd.org -Date: Mon May 2 08:49:03 2016 +0000 +Date: Fri Sep 16 01:01:41 2016 +0000 upstream commit - fix signed/unsigned errors reported by clang-3.7; add - sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with - better safety checking; feedback and ok markus@ + fix for newer modp DH groups + (diffie-hellman-group14-sha256 etc) - Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820 + Upstream-Regress-ID: fe942c669959462b507516ae1634fde0725f1c68 -commit d2d6bf864e52af8491a60dd507f85b74361f5da3 -Author: djm@openbsd.org -Date: Fri Apr 29 08:07:53 2016 +0000 +commit 28652bca29046f62c7045e933e6b931de1d16737 +Author: markus@openbsd.org +Date: Mon Sep 19 19:02:19 2016 +0000 upstream commit - close ControlPersist background process stderr when not - in debug mode or when logging to a file or syslog. bz#1988 ok dtucker + move inbound NEWKEYS handling to kex layer; otherwise + early NEWKEYS causes NULL deref; found by Robert Swiecki/honggfuzz; fixed + with & ok djm@ - Upstream-ID: 4fb726f0fdcb155ad419913cea10dc4afd409d24 + Upstream-ID: 9a68b882892e9f51dc7bfa9f5a423858af358b2f -commit 9ee692fa1146e887e008a2b9a3d3ea81770c9fc8 -Author: djm@openbsd.org -Date: Thu Apr 28 14:30:21 2016 +0000 +commit 492710894acfcc2f173d14d1d45bd2e688df605d +Author: natano@openbsd.org +Date: Mon Sep 19 07:52:42 2016 +0000 upstream commit - fix comment + Replace two more arc4random() loops with + arc4random_buf(). + + tweaks and ok dtucker + ok deraadt - Upstream-ID: 313a385bd7b69a82f8e28ecbaf5789c774457b15 + Upstream-ID: 738d3229130ccc7eac975c190276ca6fcf0208e4 -commit ee1e0a16ff2ba41a4d203c7670b54644b6c57fa6 -Author: jmc@openbsd.org -Date: Wed Apr 27 13:53:48 2016 +0000 +commit 1036356324fecc13099ac6e986b549f6219327d7 +Author: tedu@openbsd.org +Date: Sat Sep 17 18:00:27 2016 +0000 upstream commit - cidr permitted for {allow,deny}users; from lars nooden ok djm + replace two arc4random loops with arc4random_buf ok + deraadt natano - Upstream-ID: 13e7327fe85f6c63f3f7f069e0fdc8c351515d11 + Upstream-ID: e18ede972d1737df54b49f011fa4f3917a403f48 -commit b6e0140a5aa883c27b98415bd8aa9f65fc04ee22 +commit 00df97ff68a49a756d4b977cd02283690f5dfa34 Author: djm@openbsd.org -Date: Thu Apr 21 06:08:02 2016 +0000 +Date: Wed Sep 14 20:11:26 2016 +0000 upstream commit - make argument == NULL tests more consistent + take fingerprint of correct key for + AuthorizedPrincipalsCommand - Upstream-ID: dc4816678704aa5cbda3a702e0fa2033ff04581d + Upstream-ID: 553581a549cd6a3e73ce9f57559a325cc2cb1f38 -commit 6aaabc2b610e44bae473457ad9556ffb43d90ee3 -Author: jmc@openbsd.org -Date: Sun Apr 17 14:34:46 2016 +0000 +commit e7907c1cb938b96dd33d27c2fea72c4e08c6b2f6 +Author: djm@openbsd.org +Date: Wed Sep 14 05:42:25 2016 +0000 upstream commit - tweak previous; + add %-escapes to AuthorizedPrincipalsCommand to match those + supported for AuthorizedKeysCommand (key, key type, fingerprint, etc) and a + few more to provide access to the certificate's CA key; 'looks ok' dtucker@ - Upstream-ID: 46c1bab91c164078edbccd5f7d06b9058edd814f + Upstream-ID: 6b00fd446dbebe67f4e4e146d2e492d650ae04eb -commit 0f839e5969efa3bda615991be8a9d9311554c573 -Author: djm@openbsd.org -Date: Fri Apr 15 02:57:10 2016 +0000 +commit 2b939c272a81c4d0c47badeedbcb2ba7c128ccda +Author: dtucker@openbsd.org +Date: Wed Sep 14 00:45:31 2016 +0000 upstream commit - missing bit of Include regress + Improve test coverage of ssh-keygen -T a bit. - Upstream-Regress-ID: 1063595f7f40f8489a1b7a27230b9e8acccea34f + Upstream-Regress-ID: 8851668c721bcc2b400600cfc5a87644cc024e72 -commit 12e4ac46aed681da55c2bba3cd11dfcab23591be -Author: djm@openbsd.org -Date: Fri Apr 15 02:55:53 2016 +0000 +commit 44d82fc83be6c5ccd70881c2dac1a73e5050398b +Author: dtucker@openbsd.org +Date: Mon Sep 12 02:25:46 2016 +0000 upstream commit - remove redundant CLEANFILES section + Add testcase for ssh-keygen -j, -J and -K options for + moduli screening. Does not currently test generation as that is extremely + slow. - Upstream-Regress-ID: 29ef1b267fa56daa60a1463396635e7d53afb587 + Upstream-Regress-ID: 9de6ce801377ed3ce0a63a1413f1cd5fd3c2d062 -commit b1d05aa653ae560c44baf8e8a9756e33f98ea75c +commit 44e5f756d286bc3a1a5272ea484ee276ba3ac5c2 Author: djm@openbsd.org -Date: Fri Apr 15 00:48:01 2016 +0000 +Date: Tue Aug 23 08:17:04 2016 +0000 upstream commit - sync CLEANFILES with portable, sort + add tests for addr_match_list() - Upstream-Regress-ID: cb782f4f1ab3e079efbc335c6b64942f790766ed + Upstream-Regress-ID: fae2d1fef84687ece584738a924c7bf969616c8e -commit 35f22dad263cce5c61d933ae439998cb965b8748 +commit 445e218878035b59c704c18406e8aeaff4c8aa25 Author: djm@openbsd.org -Date: Fri Apr 15 00:31:10 2016 +0000 +Date: Mon Sep 12 23:39:34 2016 +0000 upstream commit - regression test for ssh_config Include directive + handle certs in rsa_hash_alg_from_ident(), saving an + unnecessary special case elsewhere. - Upstream-Regress-ID: 46a38c8101f635461c506d1aac2d96af80f97f1e + Upstream-ID: 901cb081c59d6d2698b57901c427f3f6dc7397d4 -commit 6b8a1a87005818d4700ce8b42faef746e82c1f51 +commit 130f5df4fa37cace8c079dccb690e5cafbf00751 Author: djm@openbsd.org -Date: Thu Apr 14 23:57:17 2016 +0000 +Date: Mon Sep 12 23:31:27 2016 +0000 upstream commit - unbreak test for recent ssh de-duplicated forwarding - change + list all supported signature algorithms in the + server-sig-algs Reported by mb AT smartftp.com in bz#2547 and (independantly) + Ron Frederick; ok markus@ - Upstream-Regress-ID: 6b2b115d99acd7cff13986e6739ea214cf2a3da3 + Upstream-ID: ddf702d721f54646b11ef2cee6d916666cb685cd -commit 076787702418985a2cc6808212dc28ce7afc01f0 -Author: djm@openbsd.org -Date: Thu Apr 14 23:21:42 2016 +0000 +commit 8f750ccfc07acb8aa98be5a5dd935033a6468cfd +Author: Darren Tucker +Date: Mon Sep 12 14:43:58 2016 +1000 + + Remove no-op brackets to resync with upstream. + +commit 7050896e7395866278c19c2ff080c26152619d1d +Author: Darren Tucker +Date: Mon Sep 12 13:57:28 2016 +1000 + + Resync ssh-keygen -W error message with upstream. + +commit 43cceff82cc20413cce58ba3375e19684e62cec4 +Author: Darren Tucker +Date: Mon Sep 12 13:55:37 2016 +1000 + + Move ssh-keygen -W handling code to match upstream + +commit af48d541360b1d7737b35740a4b1ca34e1652cd9 +Author: Darren Tucker +Date: Mon Sep 12 13:52:17 2016 +1000 + + Move ssh-keygen -T handling code to match upstream. + +commit d8c3cfbb018825c6c86547165ddaf11924901c49 +Author: Darren Tucker +Date: Mon Sep 12 13:30:50 2016 +1000 + + Move -M handling code to match upstream. + +commit 7b63cf6dbbfa841c003de57d1061acbf2ff22364 +Author: dtucker@openbsd.org +Date: Mon Sep 12 03:29:16 2016 +0000 upstream commit - add test knob and warning for StrictModes + Spaces->tabs. - Upstream-Regress-ID: 8cd10952ce7898655ee58945904f2a0a3bdf7682 + Upstream-ID: f4829dfc3f36318273f6082b379ac562eead70b7 -commit dc7990be865450574c7940c9880567f5d2555b37 -Author: djm@openbsd.org -Date: Fri Apr 15 00:30:19 2016 +0000 +commit 11e5e644536821ceb3bb4dd8487fbf0588522887 +Author: dtucker@openbsd.org +Date: Mon Sep 12 03:25:20 2016 +0000 upstream commit - Include directive for ssh_config(5); feedback & ok markus@ + Style whitespace fix. Also happens to remove a no-op + diff with portable. - Upstream-ID: ae3b76e2e343322b9f74acde6f1e1c5f027d5fff + Upstream-ID: 45d90f9a62ad56340913a433a9453eb30ceb8bf3 -commit 85bdcd7c92fe7ff133bbc4e10a65c91810f88755 -Author: Damien Miller -Date: Wed Apr 13 10:39:57 2016 +1000 +commit 9136ec134c97a8aff2917760c03134f52945ff3c +Author: deraadt@openbsd.org +Date: Mon Sep 12 01:22:38 2016 +0000 - ignore PAM environment vars when UseLogin=yes + upstream commit - If PAM is configured to read user-specified environment variables - and UseLogin=yes in sshd_config, then a hostile local user may - attack /bin/login via LD_PRELOAD or similar environment variables - set via PAM. + Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then + use those definitions rather than pulling and unknown namespace + pollution. ok djm markus dtucker - CVE-2015-8325, found by Shayan Sadigh, via Colin Watson + Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8 -commit dce19bf6e4a2a3d0b13a81224de63fc316461ab9 -Author: djm@openbsd.org -Date: Sat Apr 9 12:39:30 2016 +0000 +commit f219fc8f03caca7ac82a38ed74bbd6432a1195e7 +Author: jmc@openbsd.org +Date: Wed Sep 7 18:39:24 2016 +0000 upstream commit - make private key loading functions consistently handle NULL - key pointer arguments; ok markus@ + sort; from matthew martin - Upstream-ID: 92038726ef4a338169c35dacc9c5a07fcc7fa761 + Upstream-ID: 73cec7f7ecc82d37a4adffad7745e4684de67ce7 -commit 5f41f030e2feb5295657285aa8c6602c7810bc4b -Author: Darren Tucker -Date: Fri Apr 8 21:14:13 2016 +1000 +commit 06ce56b05def9460aecc7cdb40e861a346214793 +Author: markus@openbsd.org +Date: Tue Sep 6 09:22:56 2016 +0000 - Remove NO_IPPORT_RESERVED_CONCEPT + upstream commit - Replace by defining IPPORT_RESERVED to zero on Cygwin, which should have - the same effect without causing problems syncing patches with OpenBSD. - Resync the two affected functions with OpenBSD. ok djm, sanity checked - by Corinna. + ssh_set_newkeys: print correct block counters on + rekeying; ok djm@ + + Upstream-ID: 32bb7a9cb9919ff5bab28d50ecef3a2b2045dd1e -commit 34a01b2cf737d946ddb140618e28c3048ab7a229 -Author: djm@openbsd.org -Date: Fri Apr 8 08:19:17 2016 +0000 +commit e5e8d9114ac6837a038f4952994ca95a97fafe8d +Author: markus@openbsd.org +Date: Tue Sep 6 09:14:05 2016 +0000 upstream commit - whitespace at EOL + update ext_info_c every time we receive a kexinit msg; + fixes sending of ext_info if privsep is disabled; report Aris Adamantiadis & + Mancha; ok djm@ - Upstream-ID: 5beffd4e001515da12851b974e2323ae4aa313b6 + Upstream-ID: 2ceaa1076e19dbd3542254b4fb8e42d608f28856 -commit 90ee563fa6b54c59896c6c332c5188f866c5e75f +commit da95318dbedbaa1335323dba370975c2f251afd8 Author: djm@openbsd.org -Date: Fri Apr 8 06:35:54 2016 +0000 +Date: Mon Sep 5 14:02:42 2016 +0000 upstream commit - We accidentally send an empty string and a zero uint32 with - every direct-streamlocal@openssh.com channel open, in contravention of our - own spec. + remove 3des-cbc from the client's default proposal; + 64-bit block ciphers are not safe in 2016 and we don't want to wait until + attacks like sweet32 are extended to SSH. - Fixing this is too hard wrt existing versions that expect these - fields to be present and fatal() if they aren't, so document them - as "reserved" fields in the PROTOCOL spec as though we always - intended this and let us never speak of it again. + As 3des-cbc was the only mandatory cipher in the SSH RFCs, this may + cause problems connecting to older devices using the defaults, but + it's highly likely that such devices already need explicit + configuration for KEX and hostkeys anyway. - bz#2529, reported by Ron Frederick + ok deraadt, markus, dtucker - Upstream-ID: 34cd326a4d236ca6e39084c4ff796bd97ab833e7 + Upstream-ID: a505dfe65c6733af0f751b64cbc4bb7e0761bc2f -commit 0ccbd5eca0f0dd78e71a4b69c66f03a66908d558 +commit b33ad6d997d36edfea65e243cd12ccd01f413549 Author: djm@openbsd.org -Date: Wed Apr 6 06:42:17 2016 +0000 - - upstream commit - - don't record duplicate LocalForward and RemoteForward - entries; fixes failure with ExitOnForwardFailure+hostname canonicalisation - where the same forwards are added on the second pass through the - configuration file. bz#2562; ok dtucker@ - - Upstream-ID: 40a51d68b6300f1cc61deecdb7d4847b8b7b0de1 - -commit 574def0eb493cd6efeffd4ff2e9257abcffee0c8 -Author: krw@openbsd.org -Date: Sat Apr 2 14:37:42 2016 +0000 +Date: Mon Sep 5 13:57:31 2016 +0000 upstream commit - Another use for fcntl() and thus of the superfluous 3rd - parameter is when sanitising standard fd's before calling daemon(). - - Use a tweaked version of the ssh(1) function in all three places - found using fcntl() this way. - - ok jca@ beck@ + enforce expected request flow for GSSAPI calls; thanks to + Jakub Jelen for testing; ok markus@ - Upstream-ID: f16811ffa19a1c5f4ef383c5f0fecb843c84e218 + Upstream-ID: d4bc0e70e1be403735d3d9d7e176309b1fd626b9 -commit b3413534aa9d71a941005df2760d1eec2c2b0854 +commit 0bb2980260fb24e5e0b51adac471395781b66261 Author: Darren Tucker -Date: Mon Apr 4 11:09:21 2016 +1000 +Date: Mon Sep 12 11:07:00 2016 +1000 - Tidy up openssl header test. + Restore ssh-keygen's -J and -j option handling. + + These were incorrectly removed in the 1d9a2e28 sync commit. -commit 815bcac0b94bb448de5acdd6ba925b8725240b4f -Author: Darren Tucker -Date: Mon Apr 4 11:07:59 2016 +1000 +commit 775f8a23f2353f5869003c57a213d14b28e0736e +Author: Damien Miller +Date: Wed Aug 31 10:48:07 2016 +1000 - Fix configure-time warnings for openssl test. + tighten PAM monitor calls + + only allow kbd-interactive ones when that authentication method is + enabled. Prompted by Solar Designer -commit 95687f5831ae680f7959446d8ae4b52452ee05dd +commit 7fd0ea8a1db4bcfb3d8cd9df149e5d571ebea1f4 Author: djm@openbsd.org -Date: Fri Apr 1 02:34:10 2016 +0000 +Date: Tue Aug 30 07:50:21 2016 +0000 upstream commit - whitespace at EOL + restrict monitor auth calls to be allowed only when their + respective authentication methods are enabled in the configuration. + + prompted by Solar Designer; ok markus dtucker - Upstream-ID: 40ae2203d07cb14e0a89e1a0d4c6120ee8fd8c3a + Upstream-ID: 6eb3f89332b3546d41d6dbf5a8e6ff920142b553 -commit fdfbf4580de09d84a974211715e14f88a5704b8e -Author: dtucker@openbsd.org -Date: Thu Mar 31 05:24:06 2016 +0000 +commit b38b95f5bcc52278feb839afda2987933f68ff96 +Author: Damien Miller +Date: Mon Aug 29 11:47:07 2016 +1000 - upstream commit - - Remove fallback from moduli to "primes" file that was - deprecated in 2001 and fix log messages referring to primes file. Based on - patch from xnox at ubuntu.com via bz#2559. "kill it" deraadt@ + Tighten monitor state-machine flow for PAM calls - Upstream-ID: 0d4f8c70e2fa7431a83b95f8ca81033147ba8713 + (attack surface reduction) -commit 0235a5fa67fcac51adb564cba69011a535f86f6b +commit dc664d1bd0fc91b24406a3e9575b81c285b8342b Author: djm@openbsd.org -Date: Thu Mar 17 17:19:43 2016 +0000 +Date: Sun Aug 28 22:28:12 2016 +0000 upstream commit - UseDNS affects ssh hostname processing in authorized_keys, - not known_hosts; bz#2554 reported by jjelen AT redhat.com + fix uninitialised optlen in getsockopt() call; harmless + on Unix/BSD but potentially crashy on Cygwin. Reported by James Slepicka ok + deraadt@ - Upstream-ID: c1c1bb895dde46095fc6d81d8653703928437591 + Upstream-ID: 1987ccee508ba5b18f016c85100d7ac3f70ff965 -commit 8c4739338f5e379d05b19d6e544540114965f07e -Author: Darren Tucker -Date: Tue Mar 15 09:24:43 2016 +1100 +commit 5bcc1e2769f7d6927d41daf0719a9446ceab8dd7 +Author: guenther@openbsd.org +Date: Sat Aug 27 04:05:12 2016 +0000 - Don't call Solaris setproject() with UsePAM=yes. + upstream commit - When Solaris Projects are enabled along with PAM setting the project - is PAM's responsiblity. bz#2425, based on patch from - brent.paulson at gmail.com. - -commit cff26f373c58457a32cb263e212cfff53fca987b -Author: Damien Miller -Date: Tue Mar 15 04:30:21 2016 +1100 - - remove slogin from *.spec + Pull in for struct timeval + + ok deraadt@ + + Upstream-ID: ae34525485a173bccd61ac8eefeb91c57e3b7df6 -commit c38905ba391434834da86abfc988a2b8b9b62477 -Author: djm@openbsd.org -Date: Mon Mar 14 16:20:54 2016 +0000 +commit fa4a4c96b19127dc2fd4e92f20d99c0c7f34b538 +Author: guenther@openbsd.org +Date: Sat Aug 27 04:04:56 2016 +0000 upstream commit - unbreak authentication using lone certificate keys in - ssh-agent: when attempting pubkey auth with a certificate, if no separate - private key is found among the keys then try with the certificate key itself. + Pull in for NULL - bz#2550 reported by Peter Moody + ok deraadt@ - Upstream-ID: f939cd76d68e6a9a3d1711b5a943d6ed1e623966 + Upstream-ID: 7baa6a0f1e049bb3682522b4b95a26c866bfc043 -commit 4b4bfb01cd40b9ddb948e6026ddd287cc303d871 +commit ae363d74ccc1451185c0c8bd4631e28c67c7fd36 Author: djm@openbsd.org -Date: Thu Mar 10 11:47:57 2016 +0000 +Date: Thu Aug 25 23:57:54 2016 +0000 upstream commit - sanitise characters destined for xauth reported by - github.com/tintinweb feedback and ok deraadt and markus + add a sIgnore opcode that silently ignores options and + use it to suppress noisy deprecation warnings for the Protocol directive. - Upstream-ID: 18ad8d0d74cbd2ea3306a16595a306ee356aa261 - -commit 732b463d37221722b1206f43aa59563766a6a968 -Author: Darren Tucker -Date: Mon Mar 14 16:04:23 2016 +1100 - - Pass supported malloc options to connect-privsep. + req henning, ok markus - This allows us to activate only the supported options during the malloc - option portion of the connect-privsep test. + Upstream-ID: 9fe040aca3d6ff393f6f7e60045cdd821dc4cbe0 -commit d29c5b9b3e9f27394ca97a364ed4bb4a55a59744 -Author: Darren Tucker -Date: Mon Mar 14 09:30:58 2016 +1100 +commit a94c60306643ae904add6e8ed219e4be3494255c +Author: djm@openbsd.org +Date: Thu Aug 25 23:56:51 2016 +0000 - Remove leftover roaming.h file. + upstream commit - Pointed out by des at des.no. - -commit 8ff20ec95f4377021ed5e9b2331320f5c5a34cea -Author: Darren Tucker -Date: Mon Mar 14 09:24:03 2016 +1100 - - Quote variables that may contain whitespace. + remove superfluous NOTREACHED comment - The variable $L_TMP_ID_FILE needs to be surrounded by quotes in order to - survive paths containing whitespace. bz#2551, from Corinna Vinschen via - Philip Hands. + Upstream-ID: a7485c1f1be618e8c9e38fd9be46c13b2d03b90c -commit 627824480c01f0b24541842c7206ab9009644d02 -Author: Darren Tucker -Date: Fri Mar 11 14:47:41 2016 +1100 +commit fc041c47144ce28cf71353124a8a5d183cd6a251 +Author: otto@openbsd.org +Date: Tue Aug 23 16:21:45 2016 +0000 - Include priv.h for priv_set_t. + upstream commit - From alex at cooperi.net. - -commit e960051f9a264f682c4d2fefbeecffcfc66b0ddf -Author: Darren Tucker -Date: Wed Mar 9 13:14:18 2016 +1100 - - Wrap stdint.h inside #ifdef HAVE_STDINT_H. - -commit 2c48bd344d2c4b5e08dae9aea5ff44fc19a5e363 -Author: Darren Tucker -Date: Wed Mar 9 12:46:50 2016 +1100 - - Add compat to monotime_double(). + fix previous, a condition was modified incorrectly; ok + markus@ deraadt@ - Apply all of the portability changes in monotime() to monotime() double. - Fixes build on at least older FreeBSD systems. + Upstream-ID: c443e339768e7ed396dff3bb55f693e7d3641453 -commit 7b40ef6c2eef40c339f6ea8920cb8a44838e10c9 -Author: Damien Miller -Date: Tue Mar 8 14:12:58 2016 -0800 +commit 23555eb13a9b0550371a16dcf8beaab7a5806a64 +Author: djm@openbsd.org +Date: Tue Aug 23 08:17:42 2016 +0000 - make a regress-binaries target + upstream commit - Easier to build all the regression/unit test binaries in one pass - than going through all of ${REGRESS_BINARIES} - -commit c425494d6b6181beb54a1b3763ef9e944fd3c214 -Author: Damien Miller -Date: Tue Mar 8 14:03:54 2016 -0800 - - unbreak kexfuzz for -Werror without __bounded__ - -commit 3ed9218c336607846563daea5d5ab4f701f4e042 -Author: Damien Miller -Date: Tue Mar 8 14:01:29 2016 -0800 - - unbreak PAM after canohost refactor - -commit 885fb2a44ff694f01e4f6470f803629e11f62961 -Author: Darren Tucker -Date: Tue Mar 8 11:58:43 2016 +1100 - - auth_get_canonical_hostname in portable code. + downgrade an error() to a debug2() to match similar cases + in addr_match_list() - "refactor canohost.c" replaced get_canonical_hostname, this makes the - same change to some portable-specific code. + Upstream-ID: 07c3d53e357214153d9d08f234411e0d1a3d6f5c -commit 95767262caa6692eff1e1565be1f5cb297949a89 +commit a39627134f6d90e7009eeb14e9582ecbc7a99192 Author: djm@openbsd.org -Date: Mon Mar 7 19:02:43 2016 +0000 +Date: Tue Aug 23 06:36:23 2016 +0000 upstream commit - refactor canohost.c: move functions that cache results closer - to the places that use them (authn and session code). After this, no state is - cached in canohost.c + remove Protocol directive from client/server configs that + causes spammy deprecation warnings - feedback and ok markus@ + hardcode SSH_PROTOCOLS=2, since that's all we support on the server + now (the client still may support both, so it could get confused) - Upstream-ID: 5f2e4df88d4803fc8ec59ec53629105e23ce625e + Upstream-Regress-ID: c16662c631af51633f9fd06aca552a70535de181 -commit af0bb38ffd1f2c4f9f43b0029be2efe922815255 +commit 6ee4f1c01ee31e65245881d49d4bccf014956066 Author: Damien Miller -Date: Fri Mar 4 15:11:55 2016 +1100 - - hook unittests/misc/kexfuzz into build - -commit 331b8e07ee5bcbdca12c11cc8f51a7e8de09b248 -Author: dtucker@openbsd.org -Date: Fri Mar 4 02:48:06 2016 +0000 +Date: Tue Aug 23 16:33:48 2016 +1000 - upstream commit - - Filter debug messages out of log before picking the last - two lines. Should prevent problems if any more debug output is added late in - the connection. - - Upstream-Regress-ID: 345d0a9589c381e7d640a4ead06cfaadf4db1363 + hook match and utf8 unittests up to Makefile -commit 0892edaa3ce623381d3a7635544cbc69b31cf9cb +commit 114efe2bc0dd2842d997940a833f115e6fc04854 Author: djm@openbsd.org -Date: Fri Mar 4 02:30:36 2016 +0000 +Date: Fri Aug 19 06:44:13 2016 +0000 upstream commit - add KEX fuzzer harness; ok deraadt@ + add tests for matching functions - Upstream-Regress-ID: 3df5242d30551b12b828aa9ba4a4cec0846be8d1 + Upstream-Regress-ID: 0869d4f5c5d627c583c6a929d69c17d5dd65882c -commit ae2562c47d41b68dbb00240fd6dd60bed205367a -Author: dtucker@openbsd.org -Date: Thu Mar 3 00:46:53 2016 +0000 +commit 857568d2ac81c14bcfd625b27536c1e28c992b3c +Author: Damien Miller +Date: Tue Aug 23 14:32:37 2016 +1000 - upstream commit - - Look back 3 lines for possible error messages. Changes - to the code mean that "Bad packet length" errors are 3 lines back instead of - the previous two, which meant we didn't skip some offsets that we intended - to. - - Upstream-Regress-ID: 24f36912740a634d509a3144ebc8eb7c09b9c684 + removing UseLogin bits from configure.ac -commit 988e429d903acfb298bfddfd75e7994327adfed0 +commit cc182d01cef8ca35a1d25ea9bf4e2ff72e588208 Author: djm@openbsd.org -Date: Fri Mar 4 03:35:44 2016 +0000 +Date: Tue Aug 23 03:24:10 2016 +0000 upstream commit - fix ClientAliveInterval when a time-based RekeyLimit is - set; previously keepalive packets were not being sent. bz#2252 report and - analysis by Christian Wittenhorst and Garrett Lee feedback and ok dtucker@ + fix negated address matching where the address list + consists of a single negated match, e.g. "Match addr !192.20.0.1" + + Report and patch from Jakub Jelen. bz#2397 ok dtucker@ - Upstream-ID: d48f9deadd35fdacdd5106b41bb07630ddd4aa81 + Upstream-ID: 01dcac3f3e6ca47518cf293e31c73597a4bb40d8 -commit 8ef04d7a94bcdb8b0085fdd2a79a844b7d40792d -Author: dtucker@openbsd.org -Date: Wed Mar 2 22:43:52 2016 +0000 +commit 4067ec8a4c64ccf16250c35ff577b4422767da64 +Author: djm@openbsd.org +Date: Tue Aug 23 03:22:49 2016 +0000 upstream commit - Improve accuracy of reported transfer speeds by waiting - for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@ + fix matching for pattern lists that contain a single + negated match, e.g. "Host !example" + + report and patch from Robin Becker. bz#1918 ok dtucker@ - Upstream-ID: 99f1cf15c9a8f161086b814d414d862795ae153d + Upstream-ID: 05a0cb323ea4bc20e98db099b42c067bfb9ea1ea -commit b8d4eafe29684fe4f5bb587f7eab948e6ed62723 -Author: dtucker@openbsd.org -Date: Wed Mar 2 22:42:40 2016 +0000 +commit 83b581862a1dbb06fc859959f829dde2654aef3c +Author: djm@openbsd.org +Date: Fri Aug 19 03:18:06 2016 +0000 upstream commit - Improve precision of progressmeter for sftp and scp by - storing sub-second timestamps. Pointed out by mmcc@, ok deraadt@ markus@ + remove UseLogin option and support for having /bin/login + manage login sessions; ok deraadt markus dtucker - Upstream-ID: 38fd83a3d83dbf81c8ff7b5d1302382fe54970ab + Upstream-ID: bea7213fbf158efab7e602d9d844fba4837d2712 -commit 18f64b969c70ed00e74b9d8e50359dbe698ce4c0 -Author: jca@openbsd.org -Date: Mon Feb 29 20:22:36 2016 +0000 +commit ffe6549c2f7a999cc5264b873a60322e91862581 +Author: naddy@openbsd.org +Date: Mon Aug 15 12:32:04 2016 +0000 upstream commit - Print ssize_t with %zd; ok deraadt@ mmcc@ + Catch up with the SSH1 code removal and delete all + mention of protocol 1 particularities, key files and formats, command line + options, and configuration keywords from the server documentation and + examples. ok jmc@ - Upstream-ID: 0590313bbb013ff6692298c98f7e0be349d124bd + Upstream-ID: 850328854675b4b6a0d4a90f0b4a9dd9ca4e905f -commit 6e7f68ce38130c794ec1fb8d2a6091fbe982628d -Author: djm@openbsd.org -Date: Sun Feb 28 22:27:00 2016 +0000 +commit c38ea634893a1975dbbec798fb968c9488013f4a +Author: naddy@openbsd.org +Date: Mon Aug 15 12:27:56 2016 +0000 upstream commit - rearrange DH public value tests to be a little more clear - - rearrange DH private value generation to explain rationale more - clearly and include an extra sanity check. + Remove more SSH1 server code: * Drop sshd's -k option. * + Retire configuration keywords that only apply to protocol 1, as well as the + "protocol" keyword. * Remove some related vestiges of protocol 1 support. - ok deraadt + ok markus@ - Upstream-ID: 9ad8a07e1a12684e1b329f9bd88941b249d4b2ad + Upstream-ID: 9402f82886de917779db12f8ee3f03d4decc244d -commit 2ed17aa34008bdfc8db674315adc425a0712be11 +commit 33ba55d9e358c07f069e579bfab80eccaaad52cb Author: Darren Tucker -Date: Tue Mar 1 15:24:20 2016 +1100 +Date: Wed Aug 17 16:26:04 2016 +1000 - Import updated moduli file from OpenBSD. - - Note that 1.5k bit groups have been removed. + Only check for prctl once. -commit 72b061d4ba0f909501c595d709ea76e06b01e5c9 +commit 976ba8a8fd66a969bf658280c1e5adf694cc2fc6 Author: Darren Tucker -Date: Fri Feb 26 14:40:04 2016 +1100 +Date: Wed Aug 17 15:33:10 2016 +1000 - Add a note about using xlc on AIX. + Fix typo. -commit fd4e4f2416baa2e6565ea49d52aade296bad3e28 +commit 9abf84c25ff4448891edcde60533a6e7b2870de1 Author: Darren Tucker -Date: Wed Feb 24 10:44:25 2016 +1100 +Date: Wed Aug 17 14:25:43 2016 +1000 - Skip PrintLastLog in config dump mode. + Correct LDFLAGS for clang example. - When DISABLE_LASTLOG is set, do not try to include PrintLastLog in the - config dump since it'll be reported as UNKNOWN. + --with-ldflags isn't used until after the -ftrapv test, so mention + LDFLAGS instead for now. -commit 99135c764fa250801da5ec3b8d06cbd0111caae8 -Author: Damien Miller -Date: Tue Feb 23 20:17:23 2016 +1100 +commit 1e8013a17ff11e3c6bd0012fb1fc8d5f1330eb21 +Author: Darren Tucker +Date: Wed Aug 17 14:08:42 2016 +1000 - update spec/README versions ahead of release + Remove obsolete CVS $Id from source files. + + Since -portable switched to git the CVS $Id tags are no longer being + updated and are becoming increasingly misleading. Remove them. -commit b86a334aaaa4d1e643eb1fd71f718573d6d948b5 -Author: Damien Miller -Date: Tue Feb 23 20:16:53 2016 +1100 +commit adab758242121181700e48b4f6c60d6b660411fe +Author: Darren Tucker +Date: Wed Aug 17 13:40:58 2016 +1000 - put back portable patchlevel to p1 + Remove now-obsolete CVS $Id tags from text files. + + Since -portable switched to git, the CVS $Id tags are no longer being + updated and are becoming increasingly misleading. Remove them. -commit 555dd35ff176847e3c6bd068ba2e8db4022eb24f -Author: djm@openbsd.org -Date: Tue Feb 23 09:14:34 2016 +0000 +commit 560c0068541315002ec4c1c00a560bbd30f2d671 +Author: Darren Tucker +Date: Wed Aug 17 13:38:30 2016 +1000 - upstream commit + Add a section for compiler specifics. - openssh-7.2 + Add a section for compiler specifics and document the runtime requirements + for clang's integer sanitization. + +commit a8fc0f42e1eda2fa3393d1ea5e61322d5e07a9cd +Author: Darren Tucker +Date: Wed Aug 17 13:35:43 2016 +1000 + + Test multiplying two long long ints. - Upstream-ID: 9db776b26014147fc907ece8460ef2bcb0f11e78 + When using clang with -ftrapv or -sanitize=integer the tests would pass + but linking would fail with "undefined reference to __mulodi4". + Explicitly test for this before enabling -trapv. -commit 1acc058d0a7913838c830ed998a1a1fb5b7864bf +commit a1cc637e7e11778eb727559634a6ef1c19c619f6 Author: Damien Miller -Date: Tue Feb 23 16:12:13 2016 +1100 +Date: Tue Aug 16 14:47:34 2016 +1000 - Disable tests where fs perms are incorrect - - Some tests have strict requirements on the filesystem permissions - for certain files and directories. This adds a regress/check-perm - tool that copies the relevant logic from sshd to exactly test - the paths in question. This lets us skip tests when the local - filesystem doesn't conform to our expectations rather than - continuing and failing the test run. + add a --with-login-program configure argument - ok dtucker@ + Saves messing around with LOGIN_PROGRAM env var, which come + packaging environments make hard to do during configure phase. -commit 39f303b1f36d934d8410b05625f25c7bcb75db4d +commit 8bd81e1596ab1bab355146cb65e82fb96ade3b23 Author: Damien Miller -Date: Tue Feb 23 12:56:59 2016 +1100 +Date: Tue Aug 16 13:30:56 2016 +1000 - fix sandbox on OSX Lion - - sshd was failing with: - - ssh_sandbox_child: sandbox_init: dlopen(/usr/lib/libsandbox.1.dylib, 261):cw - image not found [preauth] + add --with-pam-service to specify PAM service name - caused by chroot before sandboxing. Avoid by explicitly linking libsandbox - to sshd. Spotted by Darren. + Saves messing around with CFLAGS to do it. -commit 0d1451a32c7436e6d3d482351e776bc5e7824ce4 -Author: djm@openbsd.org -Date: Tue Feb 23 01:34:14 2016 +0000 +commit 74433a19bb6f4cef607680fa4d1d7d81ca3826aa +Author: Damien Miller +Date: Tue Aug 16 13:28:23 2016 +1000 - upstream commit - - fix spurious error message when incorrect passphrase - entered for keys; reported by espie@ ok deraadt@ + fix false positives when compiled with msan - Upstream-ID: 58b2e46e63ed6912ed1ee780bd3bd8560f9a5899 + Our explicit_bzero successfully confused clang -fsanitize-memory + in to thinking that memset is never called to initialise memory. + Ensure that it is called in a way that the compiler recognises. -commit 09d87d79741beb85768b5e788d7dfdf4bc3543dc -Author: sobrado@openbsd.org -Date: Sat Feb 20 23:06:23 2016 +0000 +commit 6cb6dcffe1a2204ba9006de20f73255c268fcb6b +Author: markus@openbsd.org +Date: Sat Aug 13 17:47:40 2016 +0000 upstream commit - set ssh(1) protocol version to 2 only. - - ok djm@ + remove ssh1 server code; ok djm@ - Upstream-ID: e168daf9d27d7e392e3c9923826bd8e87b2b3a10 + Upstream-ID: c24c0c32c49b91740d5a94ae914fb1898ea5f534 -commit 9262e07826ba5eebf8423f7ac9e47ec488c47869 -Author: sobrado@openbsd.org -Date: Sat Feb 20 23:02:39 2016 +0000 +commit 42d47adc5ad1187f22c726cbc52e71d6b1767ca2 +Author: jca@openbsd.org +Date: Fri Aug 12 19:19:04 2016 +0000 upstream commit - add missing ~/.ssh/id_ecdsa and ~/.ssh/id_ed25519 to - IdentityFile. + Use 2001:db8::/32, the official IPv6 subnet for + configuration examples. + + This makes the IPv6 example consistent with IPv4, and removes a dubious + mention of a 6bone subnet. - ok djm@ + ok sthen@ millert@ - Upstream-ID: 6ce99466312e4ae7708017c3665e3edb976f70cf + Upstream-ID: b027f3d0e0073419a132fd1bf002e8089b233634 -commit c12f0fdce8f985fca8d71829fd64c5b89dc777f5 -Author: sobrado@openbsd.org -Date: Sat Feb 20 23:01:46 2016 +0000 +commit b61f53c0c3b43c28e013d3b3696d64d1c0204821 +Author: dtucker@openbsd.org +Date: Thu Aug 11 01:42:11 2016 +0000 upstream commit - AddressFamily defaults to any. - - ok djm@ + Update moduli file. - Upstream-ID: 0d94aa06a4b889bf57a7f631c45ba36d24c13e0c + Upstream-ID: 6da9a37f74aef9f9cc639004345ad893cad582d8 -commit 907091acb188b1057d50c2158f74c3ecf1c2302b +commit f217d9bd42d306f69f56335231036b44502d8191 Author: Darren Tucker -Date: Fri Feb 19 09:05:39 2016 +1100 +Date: Thu Aug 11 11:42:48 2016 +1000 - Make Solaris privs code build on older systems. - - Not all systems with Solaris privs have priv_basicset so factor that - out and provide backward compatibility code. Similarly, not all have - PRIV_NET_ACCESS so wrap that in #ifdef. Based on code from - alex at cooperi.net and djm@ with help from carson at taltos.org and - wieland at purdue.edu. + Import updated moduli. -commit 292a8dee14e5e67dcd1b49ba5c7b9023e8420d59 -Author: djm@openbsd.org -Date: Wed Feb 17 22:20:14 2016 +0000 +commit 67dca60fbb4923b7a11c1645b90a5ca57c03d8be +Author: dtucker@openbsd.org +Date: Mon Aug 8 22:40:57 2016 +0000 upstream commit - rekey refactor broke SSH1; spotted by Tom G. Christensen + Improve error message for overlong ControlPath. ok markus@ + djm@ - Upstream-ID: 43f0d57928cc077c949af0bfa71ef574dcb58243 + Upstream-ID: aed374e2e88dd3eb41390003e5303d0089861eb5 -commit 3a13cb543df9919aec2fc6b75f3dd3802facaeca +commit 4706c1d8c15cd5565b59512853c2da9bd4ca26c9 Author: djm@openbsd.org -Date: Wed Feb 17 08:57:34 2016 +0000 +Date: Wed Aug 3 05:41:57 2016 +0000 upstream commit - rsa-sha2-512,rsa-sha2-256 cannot be selected explicitly - in *KeyTypes options yet. Remove them from the lists of algorithms for now. - committing on behalf of markus@ ok djm@ + small refactor of cipher.c: make ciphercontext opaque to + callers feedback and ok markus@ - Upstream-ID: c6e8820eb8e610ac21551832c0c89684a9a51bb7 + Upstream-ID: 094849f8be68c3bdad2c0f3dee551ecf7be87f6f -commit a685ae8d1c24fb7c712c55a4f3280ee76f5f1e4b -Author: jmc@openbsd.org -Date: Wed Feb 17 07:38:19 2016 +0000 +commit e600348a7afd6325cc5cd783cb424065cbc20434 +Author: dtucker@openbsd.org +Date: Wed Aug 3 04:23:55 2016 +0000 upstream commit - since these pages now clearly tell folks to avoid v1, - normalise the docs from a v2 perspective (i.e. stop pointing out which bits - are v2 only); - - ok/tweaks djm ok markus + Fix bug introduced in rev 1.467 which causes + "buffer_get_bignum_ret: incomplete message" errors when built with WITH_SSH1 + and run such that no Protocol 1 ephemeral host key is generated (eg "Protocol + 2", no SSH1 host key supplied). Reported by rainer.laatsch at t-online.de, + ok deraadt@ - Upstream-ID: eb474f8c36fb6a532dc05c282f7965e38dcfa129 + Upstream-ID: aa6b132da5c325523aed7989cc5a320497c919dc -commit c5c3f3279a0e4044b8de71b70d3570d692d0f29d +commit d7e7348e72f9b203189e3fffb75605afecba4fda Author: djm@openbsd.org -Date: Wed Feb 17 05:29:04 2016 +0000 +Date: Wed Jul 27 23:18:12 2016 +0000 upstream commit - make sandboxed privilege separation the default, not just - for new installs; "absolutely" deraadt@ + better bounds check on iovcnt (we only ever use fixed, + positive values) - Upstream-ID: 5221ef3b927d2df044e9aa3f5db74ae91743f69b + Upstream-ID: 9baa6eb5cd6e30c9dc7398e5fe853721a3a5bdee -commit eb3f7337a651aa01d5dec019025e6cdc124ed081 -Author: jmc@openbsd.org -Date: Tue Feb 16 07:47:54 2016 +0000 +commit 5faa52d295f764562ed6dd75c4a4ce9134ae71e3 +Author: Darren Tucker +Date: Tue Aug 2 15:22:40 2016 +1000 - upstream commit - - no need to state that protocol 2 is the default twice; - - Upstream-ID: b1e4c36b0c2e12e338e5b66e2978f2ac953b95eb + Use tabs consistently inside "case $host". -commit e7901efa9b24e5b0c7e74f2c5520d47eead4d005 -Author: djm@openbsd.org -Date: Tue Feb 16 05:11:04 2016 +0000 +commit 20e5e8ba9c5d868d897896190542213a60fffbd2 +Author: Darren Tucker +Date: Tue Aug 2 12:16:34 2016 +1000 - upstream commit + Explicitly test for broken strnvis. - Replace list of ciphers and MACs adjacent to -1/-2 flag - descriptions in ssh(1) with a strong recommendation not to use protocol 1. - Add a similar warning to the Protocol option descriptions in ssh_config(5) - and sshd_config(5); + NetBSD added an strnvis and unfortunately made it incompatible with the + existing one in OpenBSD and Linux's libbsd (the former having existed + for over ten years). Despite this incompatibility being reported during + development (see http://gnats.netbsd.org/44977) they still shipped it. + Even more unfortunately FreeBSD and later MacOS picked up this incompatible + implementation. Try to detect this mess, and assume the only safe option + if we're cross compiling. - prompted by and ok mmcc@ + OpenBSD 2.9 (2001): strnvis(char *dst, const char *src, size_t dlen, int flag); + NetBSD 6.0 (2012): strnvis(char *dst, size_t dlen, const char *src, int flag); - Upstream-ID: 961f99e5437d50e636feca023978950a232ead5e + ok djm@ -commit 5a0fcb77287342e2fc2ba1cee79b6af108973dc2 -Author: djm@openbsd.org -Date: Tue Feb 16 03:37:48 2016 +0000 +commit b0b48beab1b74100b61ecbadb9140c9ab4c2ea8c +Author: Damien Miller +Date: Tue Aug 2 11:06:23 2016 +1000 - upstream commit - - add a "Close session" log entry (at loglevel=verbose) to - correspond to the existing "Starting session" one. Also include the session - id number to make multiplexed sessions more apparent. - - feedback and ok dtucker@ - - Upstream-ID: e72d2ac080e02774376325136e532cb24c2e617c + update recommended autoconf version -commit 624fd395b559820705171f460dd33d67743d13d6 -Author: djm@openbsd.org -Date: Wed Feb 17 02:24:17 2016 +0000 +commit 23902e31dfd18c6d7bb41ccd73de3b5358a377da +Author: Damien Miller +Date: Tue Aug 2 10:48:04 2016 +1000 - upstream commit - - include bad $SSH_CONNECTION in failure output + update config.guess and config.sub to current - Upstream-Regress-ID: b22d72edfde78c403aaec2b9c9753ef633cc0529 + upstream commit 562f3512b3911ba0c77a7f68214881d1f241f46e -commit 60d860e54b4f199e5e89963b1c086981309753cb +commit dd1031b78b83083615b68d7163c44f4408635be2 Author: Darren Tucker -Date: Wed Feb 17 13:37:09 2016 +1100 +Date: Tue Aug 2 10:01:52 2016 +1000 - Rollback addition of va_start. + Replace spaces with tabs. - va_start was added in 0f754e29dd3760fc0b172c1220f18b753fb0957e, however - it has the wrong number of args and it's not usable in non-variadic - functions anyway so it breaks things (for example Solaris 2.6 as - reported by Tom G. Christensen).i ok djm@ + Mechanically replace spaces with tabs in compat files not synced with + OpenBSD. -commit 2fee909c3cee2472a98b26eb82696297b81e0d38 +commit c20dccb5614c5714f4155dda01bcdebf97cfae7e Author: Darren Tucker -Date: Wed Feb 17 09:48:15 2016 +1100 +Date: Tue Aug 2 09:44:25 2016 +1000 - Look for gethostbyname in libresolv and libnsl. + Strip trailing whitespace. - Should fix build problem on Solaris 2.6 reported by Tom G. Christensen. + Mechanically strip trailing whitespace on files not synced with OpenBSD + (or in the case of bsd-snprint.c, rsync). -commit 5ac712d81a84396aab441a272ec429af5b738302 -Author: Damien Miller -Date: Tue Feb 16 10:45:02 2016 +1100 +commit 30f9bd1c0963c23bfba8468dfd26aa17609ba42f +Author: Darren Tucker +Date: Tue Aug 2 09:06:27 2016 +1000 - make existing ssh_malloc_init only for __OpenBSD__ + Repair $OpenBSD markers. -commit 24c9bded569d9f2449ded73f92fb6d12db7a9eec -Author: djm@openbsd.org -Date: Mon Feb 15 23:32:37 2016 +0000 +commit 9715d4ad4b53877ec23dc8681dd7a405de9419a6 +Author: Darren Tucker +Date: Tue Aug 2 09:02:42 2016 +1000 - upstream commit - - memleak of algorithm name in mm_answer_sign; reported by - Jakub Jelen - - Upstream-ID: ccd742cd25952240ebd23d7d4d6b605862584d08 + Repair $OpenBSD marker. -commit ffb1e7e896139a42ceb78676f637658f44612411 -Author: dtucker@openbsd.org -Date: Mon Feb 15 09:47:49 2016 +0000 +commit cf3e0be7f5828a5e5f6c296a607d20be2f07d60c +Author: Tim Rice +Date: Mon Aug 1 14:31:52 2016 -0700 - upstream commit - - Add a function to enable security-related malloc_options. - With and ok deraadt@, something similar has been in the snaps for a while. + modified: configure.ac opensshd.init.in + Skip generating missing RSA1 key on startup unless ssh1 support is enabled. + Spotted by Jean-Pierre Radley + +commit 99522ba7ec6963a05c04a156bf20e3ba3605987c +Author: Damien Miller +Date: Thu Jul 28 08:54:27 2016 +1000 + + define _OPENBSD_SOURCE for reallocarray on NetBSD - Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed + Report by and debugged with Hisashi T Fujinaka, dtucker nailed + the problem (lack of prototype causing return type confusion). -commit ef39e8c0497ff0564990a4f9e8b7338b3ba3507c +commit 3e1e076550c27c6bbdddf36d8f42bd79fbaaa187 Author: Damien Miller -Date: Tue Feb 16 10:34:39 2016 +1100 +Date: Wed Jul 27 08:25:42 2016 +1000 - sync ssh-copy-id with upstream 783ef08b0a75 + KNF -commit d2d772f55b19bb0e8d03c2fe1b9bb176d9779efd -Author: djm@openbsd.org -Date: Fri Feb 12 00:20:30 2016 +0000 +commit d99ee9c4e5e217e7d05eeec84e9ce641f4675331 +Author: Damien Miller +Date: Wed Jul 27 08:25:23 2016 +1000 - upstream commit - - avoid fatal() for PKCS11 tokens that present empty key IDs - bz#1773, ok markus@ + Linux auditing also needs packet.h + +commit 393bd381a45884b589baa9aed4394f1d250255ca +Author: Damien Miller +Date: Wed Jul 27 08:18:05 2016 +1000 + + fix auditing on Linux - Upstream-ID: 044a764fee526f2c4a9d530bd10695422d01fc54 + get_remote_ipaddr() was replaced with ssh_remote_ipaddr() + +commit 80e766fb089de4f3c92b1600eb99e9495e37c992 +Author: Damien Miller +Date: Sun Jul 24 21:50:13 2016 +1000 + + crank version numbers -commit e4c918a6c721410792b287c9fd21356a1bed5805 +commit b1a478792d458f2e938a302e64bab2b520edc1b3 Author: djm@openbsd.org -Date: Thu Feb 11 02:56:32 2016 +0000 +Date: Sun Jul 24 11:45:36 2016 +0000 upstream commit - sync crypto algorithm lists in ssh_config(5) and - sshd_config(5) with current reality. bz#2527 + openssh-7.3 - Upstream-ID: d7fd1b6c1ed848d866236bcb1d7049d2bb9b2ff6 + Upstream-ID: af106a7eb665f642648cf1993e162c899f358718 -commit e30cabfa4ab456a30b3224f7f545f1bdfc4a2517 -Author: djm@openbsd.org -Date: Thu Feb 11 02:21:34 2016 +0000 +commit 353766e0881f069aeca30275ab706cd60a1a8fdd +Author: Darren Tucker +Date: Sat Jul 23 16:14:42 2016 +1000 - upstream commit - - fix regression in openssh-6.8 sftp client: existing - destination directories would incorrectly terminate recursive uploads; - bz#2528 + Move Cygwin IPPORT_RESERVED overrride to defines.h - Upstream-ID: 3306be469f41f26758e3d447987ac6d662623e18 + Patch from vinschen at redhat.com. -commit 714e367226ded4dc3897078be48b961637350b05 +commit 368dd977ae07afb93f4ecea23615128c95ab2b32 Author: djm@openbsd.org -Date: Tue Feb 9 05:30:04 2016 +0000 +Date: Sat Jul 23 02:54:08 2016 +0000 upstream commit - turn off more old crypto in the client: hmac-md5, ripemd, - truncated HMACs, RC4, blowfish. ok markus@ dtucker@ + fix pledge violation with ssh -f; reported by Valentin + Kozamernik ok dtucker@ - Upstream-ID: 96aa11c2c082be45267a690c12f1d2aae6acd46e + Upstream-ID: a61db7988db88d9dac3c4dd70e18876a8edf84aa -commit 5a622844ff7f78dcb75e223399f9ef0977e8d0a3 +commit f00211e3c6d24d6ea2b64b4b1209f671f6c1d42e Author: djm@openbsd.org -Date: Mon Feb 8 23:40:12 2016 +0000 +Date: Fri Jul 22 07:00:46 2016 +0000 upstream commit - don't attempt to percent_expand() already-canonicalised - addresses, avoiding unnecessary failures when attempting to connect to scoped - IPv6 addresses (that naturally contain '%' characters) + improve wording; suggested by jmc@ - Upstream-ID: f24569cffa1a7cbde5f08dc739a72f4d78aa5c6a + Upstream-ID: 55cb0a24c8e0618b3ceec80998dc82c85db2d2f8 -commit 19bcf2ea2d17413f2d9730dd2a19575ff86b9b6a -Author: djm@openbsd.org -Date: Mon Feb 8 10:57:07 2016 +0000 +commit 83cbca693c3b0719270e6a0f2efe3f9ee93a65b8 +Author: dtucker@openbsd.org +Date: Fri Jul 22 05:46:11 2016 +0000 upstream commit - refactor activation of rekeying - - This makes automatic rekeying internal to the packet code (previously - the server and client loops needed to assist). In doing to it makes - application of rekey limits more accurate by accounting for packets - about to be sent as well as packets queued during rekeying events - themselves. - - Based on a patch from dtucker@ which was in turn based on a patch - Aleksander Adamowski in bz#2521; ok markus@ + Lower loglevel for "Authenticated with partial success" + message similar to other similar level. bz#2599, patch from cgallek at + gmail.com, ok markus@ - Upstream-ID: a441227fd64f9739850ca97b4cf794202860fcd8 + Upstream-ID: 3faab814e947dc7b2e292edede23e94c608cb4dd -commit 603ba41179e4b53951c7b90ee95b6ef3faa3f15d -Author: naddy@openbsd.org -Date: Fri Feb 5 13:28:19 2016 +0000 +commit 10358abd087ab228b7ce2048efc4f3854a9ab9a6 +Author: Damien Miller +Date: Fri Jul 22 14:06:36 2016 +1000 - upstream commit - - Only check errno if read() has returned an error. EOF is - not an error. This fixes a problem where the mux master would sporadically - fail to notice that the client had exited. ok mikeb@ djm@ + retry waitpid on EINTR failure - Upstream-ID: 3c2dadc21fac6ef64665688aac8a75fffd57ae53 + patch from Jakub Jelen on bz#2581; ok dtucker@ -commit 56d7dac790693ce420d225119283bc355cff9185 -Author: jsg@openbsd.org -Date: Fri Feb 5 04:31:21 2016 +0000 +commit da88a70a89c800e74ea8e5661ffa127a3cc79a92 +Author: djm@openbsd.org +Date: Fri Jul 22 03:47:36 2016 +0000 upstream commit - avoid an uninitialised value when NumberOfPasswordPrompts - is 0 ok markus@ djm@ + constify a few functions' arguments; patch from Jakub + Jelen bz#2581 - Upstream-ID: 11b068d83c2865343aeb46acf1e9eec00f829b6b + Upstream-ID: f2043f51454ea37830ff6ad60c8b32b4220f448d -commit deae7d52d59c5019c528f977360d87fdda15d20b +commit c36d91bd4ebf767f310f7cea88d61d1c15f53ddf Author: djm@openbsd.org -Date: Fri Feb 5 03:07:06 2016 +0000 +Date: Fri Jul 22 03:39:13 2016 +0000 upstream commit - mention internal DH-GEX fallback groups; bz#2302 + move debug("%p", key) to before key is free'd; probable + undefined behaviour on strict compilers; reported by Jakub Jelen bz#2581 - Upstream-ID: e7b395fcca3122cd825515f45a2e41c9a157e09e + Upstream-ID: 767f323e1f5819508a0e35e388ec241bac2f953a -commit cac3b6665f884d46192c0dc98a64112e8b11a766 +commit 286f5a77c3bfec1e8892ca268087ac885ac871bf Author: djm@openbsd.org -Date: Fri Feb 5 02:37:56 2016 +0000 +Date: Fri Jul 22 03:35:11 2016 +0000 upstream commit - better description for MaxSessions; bz#2531 + reverse the order in which -J/JumpHost proxies are visited to + be more intuitive and document - Upstream-ID: e2c0d74ee185cd1a3e9d4ca1f1b939b745b354da - -commit 5ef4b0fdcc7a239577a754829b50022b91ab4712 -Author: Damien Miller -Date: Wed Jan 27 17:45:56 2016 +1100 - - avoid FreeBSD RCS Id in comment + reported by and manpage bits naddy@ - Change old $FreeBSD version string in comment so it doesn't - become an RCS ident downstream; requested by des AT des.no + Upstream-ID: 3a68fd6a841fd6cf8cedf6552a9607ba99df179a -commit 696d12683c90d20a0a9c5f4275fc916b7011fb04 -Author: djm@openbsd.org -Date: Thu Feb 4 23:43:48 2016 +0000 +commit fcd135c9df440bcd2d5870405ad3311743d78d97 +Author: dtucker@openbsd.org +Date: Thu Jul 21 01:39:35 2016 +0000 upstream commit - printf argument casts to avoid warnings on strict - compilers + Skip passwords longer than 1k in length so clients can't + easily DoS sshd by sending very long passwords, causing it to spend CPU + hashing them. feedback djm@, ok markus@. + + Brought to our attention by tomas.kuthan at oracle.com, shilei-c at + 360.cn and coredump at autistici.org - Upstream-ID: 7b9f6712cef01865ad29070262d366cf13587c9c + Upstream-ID: d0af7d4a2190b63ba1d38eec502bc4be0be9e333 -commit 5658ef2501e785fbbdf5de2dc33b1ff7a4dca73a -Author: millert@openbsd.org -Date: Mon Feb 1 21:18:17 2016 +0000 +commit 324583e8fb3935690be58790425793df619c6d4d +Author: naddy@openbsd.org +Date: Wed Jul 20 10:45:27 2016 +0000 upstream commit - Avoid ugly "DISPLAY "(null)" invalid; disabling X11 - forwarding" message when DISPLAY is not set. This could also result in a - crash on systems with a printf that doesn't handle NULL. OK djm@ + Do not clobber the global jump_host variables when + parsing an inactive configuration. ok djm@ - Upstream-ID: 20ee0cfbda678a247264c20ed75362042b90b412 + Upstream-ID: 5362210944d91417d5976346d41ac0b244350d31 -commit 537f88ec7bcf40bd444ac5584c707c5588c55c43 -Author: dtucker@openbsd.org -Date: Fri Jan 29 05:18:15 2016 +0000 +commit 32d921c323b989d28405e78d0a8923d12913d737 +Author: jmc@openbsd.org +Date: Tue Jul 19 12:59:16 2016 +0000 upstream commit - Add regression test for RekeyLimit parsing of >32bit values - (4G and 8G). + tweak previous; - Upstream-Regress-ID: 548390350c62747b6234f522a99c319eee401328 + Upstream-ID: f3c1a5b3f05dff366f60c028728a2b43f15ff534 -commit 4c6cb8330460f94e6c7ae28a364236d4188156a3 +commit d7eabc86fa049a12ba2c3fb198bd1d51b37f7025 Author: dtucker@openbsd.org -Date: Fri Jan 29 23:04:46 2016 +0000 +Date: Tue Jul 19 11:38:53 2016 +0000 upstream commit - Remove leftover roaming dead code. ok djm markus. + Allow wildcard for PermitOpen hosts as well as ports. + bz#2582, patch from openssh at mzpqnxow.com and jjelen at redhat.com. ok + markus@ - Upstream-ID: 13d1f9c8b65a5109756bcfd3b74df949d53615be + Upstream-ID: af0294e9b9394c4e16e991424ca0a47a7cc605f2 -commit 28136471809806d6246ef41e4341467a39fe2f91 -Author: djm@openbsd.org -Date: Fri Jan 29 05:46:01 2016 +0000 +commit b98a2a8348e907b3d71caafd80f0be8fdd075943 +Author: markus@openbsd.org +Date: Mon Jul 18 11:35:33 2016 +0000 upstream commit - include packet type of non-data packets in debug3 output; - ok markus dtucker + Reduce timing attack against obsolete CBC modes by always + computing the MAC over a fixed size of data. Reported by Jean Paul + Degabriele, Kenny Paterson, Torben Hansen and Martin Albrecht. ok djm@ - Upstream-ID: 034eaf639acc96459b9c5ce782db9fcd8bd02d41 + Upstream-ID: f20a13279b00ba0afbacbcc1f04e62e9d41c2912 -commit 6fd6e28daccafaa35f02741036abe64534c361a1 -Author: dtucker@openbsd.org -Date: Fri Jan 29 03:31:03 2016 +0000 +commit dbf788b4d9d9490a5fff08a7b09888272bb10fcc +Author: Darren Tucker +Date: Thu Jul 21 14:17:31 2016 +1000 - upstream commit + Search users for one with a valid salt. - Revert "account for packets buffered but not yet - processed" change as it breaks for very small RekeyLimit values due to - continuous rekeying. ok djm@ + If the root account is locked (eg password "!!" or "*LK*") keep looking + until we find a user with a valid salt to use for crypting passwords of + invalid users. ok djm@ + +commit e8b58f48fbb1b524fb4f0d4865fa0005d6a4b782 +Author: Darren Tucker +Date: Mon Jul 18 17:22:49 2016 +1000 + + Explicitly specify source files for regress tools. - Upstream-ID: 7e03f636cb45ab60db18850236ccf19079182a19 + Since adding $(REGRESSLIBS), $? is wrong because it includes only the + changed source files. $< seems like it'd be right however it doesn't + seem to work on some non-GNU makes, so do what works everywhere. -commit 921ff00b0ac429666fb361d2d6cb1c8fff0006cb -Author: dtucker@openbsd.org -Date: Fri Jan 29 02:54:45 2016 +0000 +commit eac1bbd06872c273f16ac0f9976b0aef026b701b +Author: Darren Tucker +Date: Mon Jul 18 17:12:22 2016 +1000 - upstream commit - - Allow RekeyLimits in excess of 4G up to 2**63 bits - (limited by the return type of scan_scaled). Part of bz#2521, ok djm. - - Upstream-ID: 13bea82be566b9704821b1ea05bf7804335c7979 + Conditionally include err.h. -commit c0060a65296f01d4634f274eee184c0e93ba0f23 -Author: dtucker@openbsd.org -Date: Fri Jan 29 02:42:46 2016 +0000 +commit 0a454147568746c503f669e1ba861f76a2e7a585 +Author: Darren Tucker +Date: Mon Jul 18 16:26:26 2016 +1000 - upstream commit - - Account for packets buffered but not yet processed when - computing whether or not it is time to perform rekeying. bz#2521, based - loosely on a patch from olo at fb.com, ok djm@ + Remove local implementation of err, errx. - Upstream-ID: 67e268b547f990ed220f3cb70a5624d9bda12b8c + We now have a shared implementation in libopenbsd-compat. -commit 44cf930e670488c85c9efeb373fa5f4b455692ac +commit eb999a4590846ba4d56ddc90bd07c23abfbab7b1 Author: djm@openbsd.org -Date: Wed Jan 27 06:44:58 2016 +0000 +Date: Mon Jul 18 06:08:01 2016 +0000 upstream commit - change old $FreeBSD version string in comment so it doesn't - become an RCS ident downstream; requested by des AT des.no + Add some unsigned overflow checks for extra_pad. None of + these are reachable with the amount of padding that we use internally. + bz#2566, pointed out by Torben Hansen. ok markus@ - Upstream-ID: 8ca558c01f184e596b45e4fc8885534b2c864722 + Upstream-ID: 4d4be8450ab2fc1b852d5884339f8e8c31c3fd76 -commit ebacd377769ac07d1bf3c75169644336056b7060 -Author: djm@openbsd.org -Date: Wed Jan 27 00:53:12 2016 +0000 +commit c71ba790c304545464bb494de974cdf0f4b5cf1e +Author: Darren Tucker +Date: Mon Jul 18 15:43:25 2016 +1000 - upstream commit - - make the debug messages a bit more useful here + Add dependency on libs for unit tests. - Upstream-ID: 478ccd4e897e0af8486b294aa63aa3f90ab78d64 + Makes "./configure && make tests" work again. ok djm@ -commit 458abc2934e82034c5c281336d8dc0f910aecad3 -Author: jsg@openbsd.org -Date: Sat Jan 23 05:31:35 2016 +0000 +commit 8199d0311aea3e6fd0284c9025e7a83f4ece79e8 +Author: Darren Tucker +Date: Mon Jul 18 13:47:39 2016 +1000 - upstream commit - - Zero a stack buffer with explicit_bzero() instead of - memset() when returning from client_loop() for consistency with - buffer_free()/sshbuf_free(). - - ok dtucker@ deraadt@ djm@ - - Upstream-ID: bc9975b2095339811c3b954694d7d15ea5c58f66 + Correct location for kexfuzz in clean target. -commit 65a3c0dacbc7dbb75ddb6a70ebe22d8de084d0b0 -Author: dtucker@openbsd.org -Date: Wed Jan 20 09:22:39 2016 +0000 +commit 01558b7b07af43da774d3a11a5c51fa9c310849d +Author: Darren Tucker +Date: Mon Jul 18 09:33:25 2016 +1000 - upstream commit + Handle PAM_MAXTRIES from modules. - Include sys/time.h for gettimeofday. From sortie at - maxsi.org. + bz#2249: handle the case where PAM returns PAM_MAXTRIES by ceasing to offer + password and keyboard-interative authentication methods. Should prevent + "sshd ignoring max retries" warnings in the log. ok djm@ - Upstream-ID: 6ed0c33b836d9de0a664cd091e86523ecaa2fb3b + It probably won't trigger with keyboard-interactive in the default + configuration because the retry counter is stored in module-private + storage which goes away with the sshd PAM process (see bz#688). On the + other hand, those cases probably won't log a warning either. -commit fc77ccdc2ce6d5d06628b8da5048a6a5f6ffca5a -Author: markus@openbsd.org -Date: Thu Jan 14 22:56:56 2016 +0000 +commit 65c6c6b567ab5ab12945a5ad8e0ab3a8c26119cc +Author: djm@openbsd.org +Date: Sun Jul 17 04:20:16 2016 +0000 upstream commit - fd leaks; report Qualys Security Advisory team; ok - deraadt@ + support UTF-8 characters in ssh(1) banners using + schwarze@'s safe fmprintf printer; bz#2058 + + feedback schwarze@ ok dtucker@ - Upstream-ID: 4ec0f12b9d8fa202293c9effa115464185aa071d + Upstream-ID: a72ce4e3644c957643c9524eea2959e41b91eea7 -commit a306863831c57ec5fad918687cc5d289ee8e2635 -Author: markus@openbsd.org -Date: Thu Jan 14 16:17:39 2016 +0000 +commit e4eb7d910976fbfc7ce3e90c95c11b07b483d0d7 +Author: jmc@openbsd.org +Date: Sat Jul 16 06:57:55 2016 +0000 upstream commit - remove roaming support; ok djm@ + - add proxyjump to the options list - formatting fixes - + update usage() + + ok djm - Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56 + Upstream-ID: 43d318e14ce677a2eec8f21ef5ba2f9f68a59457 -commit 6ef49e83e30688504552ac10875feabd5521565f -Author: deraadt@openbsd.org -Date: Thu Jan 14 14:34:34 2016 +0000 +commit af1f084857621f14bd9391aba8033d35886c2455 +Author: dtucker@openbsd.org +Date: Fri Jul 15 05:01:58 2016 +0000 upstream commit - Disable experimental client-side roaming support. Server - side was disabled/gutted for years already, but this aspect was surprisingly - forgotten. Thanks for report from Qualys + Reduce the syslog level of some relatively common protocol + events from LOG_CRIT by replacing fatal() calls with logdie(). Part of + bz#2585, ok djm@ - Upstream-ID: 2328004b58f431a554d4c1bf67f5407eae3389df - -commit 8d7b523b96d3be180572d9d338cedaafc0570f60 -Author: Damien Miller -Date: Thu Jan 14 11:08:19 2016 +1100 - - bump version numbers + Upstream-ID: 9005805227c94edf6ac02a160f0e199638d288e5 -commit 8c3d512a1fac8b9c83b4d0c9c3f2376290bd84ca +commit bd5f2b78b69cf38d6049a0de445a79c8595e4a1f Author: Damien Miller -Date: Thu Jan 14 11:04:04 2016 +1100 +Date: Fri Jul 15 19:14:48 2016 +1000 - openssh-7.1p2 + missing openssl/dh.h -commit e6c85f8889c5c9eb04796fdb76d2807636b9eef5 +commit 4a984fd342effe5f0aad874a0d538c4322d973c0 Author: Damien Miller -Date: Fri Jan 15 01:30:36 2016 +1100 +Date: Fri Jul 15 18:47:07 2016 +1000 - forcibly disable roaming support in the client + cast to avoid type warning in error message -commit ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c -Author: djm@openbsd.org -Date: Wed Jan 13 23:04:47 2016 +0000 +commit 5abfb15ced985c340359ae7fb65a625ed3692b3e +Author: Darren Tucker +Date: Fri Jul 15 14:48:30 2016 +1000 - upstream commit - - eliminate fallback from untrusted X11 forwarding to trusted - forwarding when the X server disables the SECURITY extension; Reported by - Thomas Hoger; ok deraadt@ + Move VA_COPY macro into compat header. - Upstream-ID: f76195bd2064615a63ef9674a0e4096b0713f938 + Some AIX compilers unconditionally undefine va_copy but don't set it back + to an internal function, causing link errors. In some compat code we + already use VA_COPY instead so move the two existing instances into the + shared header and use for sshbuf-getput-basic.c too. Should fix building + with at lease some versions of AIX's compiler. bz#2589, ok djm@ -commit 9a728cc918fad67c8a9a71201088b1e150340ba4 -Author: djm@openbsd.org -Date: Tue Jan 12 23:42:54 2016 +0000 +commit 832b7443b7a8e181c95898bc5d73497b7190decd +Author: Damien Miller +Date: Fri Jul 15 14:45:34 2016 +1000 - upstream commit - - use explicit_bzero() more liberally in the buffer code; ok - deraadt + disable ciphers not supported by OpenSSL - Upstream-ID: 0ece37069fd66bc6e4f55eb1321f93df372b65bf + bz#2466 ok dtucker@ -commit 4626cbaf78767fc8e9c86dd04785386c59ae0839 +commit 5fbe93fc6fbb2fe211e035703dec759d095e3dd8 Author: Damien Miller -Date: Fri Jan 8 14:24:56 2016 +1100 +Date: Fri Jul 15 13:54:31 2016 +1000 - Support Illumos/Solaris fine-grained privileges - - Includes a pre-auth privsep sandbox and several pledge() - emulations. bz#2511, patch by Alex Wilson. - - ok dtucker@ + add a --disable-pkcs11 knob -commit 422d1b3ee977ff4c724b597fb2e437d38fc8de9d -Author: djm@openbsd.org -Date: Thu Dec 31 00:33:52 2015 +0000 +commit 679ce88ec2a8e2fe6515261c489e8c1449bb9da9 +Author: Damien Miller +Date: Fri Jul 15 13:44:38 2016 +1000 - upstream commit - - fix three bugs in KRL code related to (unused) signature - support: verification length was being incorrectly calculated, multiple - signatures were being incorrectly processed and a NULL dereference that - occurred when signatures were verified. Reported by Carl Jackson + fix newline escaping for unsupported_algorithms - Upstream-ID: e705e97ad3ccce84291eaa651708dd1b9692576b + The hmac-ripemd160 was incorrect and could lead to broken + Makefiles on systems that lacked support for it, but I made + all the others consistent too. -commit 6074c84bf95d00f29cc7d5d3cd3798737851aa1a +commit ed877ef653847d056bb433975d731b7a1132a979 Author: djm@openbsd.org -Date: Wed Dec 30 23:46:14 2015 +0000 - - upstream commit - - unused prototype - - Upstream-ID: f3eef4389d53ed6c0d5c77dcdcca3060c745da97 - -commit 6213f0e180e54122bb1ba928e11c784e2b4e5380 -Author: guenther@openbsd.org -Date: Sat Dec 26 20:51:35 2015 +0000 +Date: Fri Jul 15 00:24:30 2016 +0000 upstream commit - Use pread/pwrite instead separate lseek+read/write for - lastlog. Cast to off_t before multiplication to avoid truncation on ILP32 - - ok kettenis@ mmcc@ - - Upstream-ID: fc40092568cd195719ddf1a00aa0742340d616cf - -commit d7d2bc95045a43dd56ea696cc1d030ac9d77e81f -Author: semarie@openbsd.org -Date: Sat Dec 26 07:46:03 2015 +0000 - - upstream commit + Add a ProxyJump ssh_config(5) option and corresponding -J + ssh(1) command-line flag to allow simplified indirection through a SSH + bastion or "jump host". - adjust pledge promises for ControlMaster: when using - "ask" or "autoask", the process will use ssh-askpass for asking confirmation. + These options construct a proxy command that connects to the + specified jump host(s) (more than one may be specified) and uses + port-forwarding to establish a connection to the next destination. - problem found by halex@ + This codifies the safest way of indirecting connections through SSH + servers and makes it easy to use. - ok halex@ + ok markus@ - Upstream-ID: 38a58b30ae3eef85051c74d3c247216ec0735f80 + Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397 -commit 271df8185d9689b3fb0523f58514481b858f6843 -Author: djm@openbsd.org -Date: Sun Dec 13 22:42:23 2015 +0000 +commit 5c02dd126206a26785379e80f2d3848e4470b711 +Author: Darren Tucker +Date: Fri Jul 15 12:56:39 2016 +1000 - upstream commit - - unbreak connections with peers that set - first_kex_follows; fix from Matt Johnston va bz#2515 + Map umac_ctx struct name too. - Upstream-ID: decc88ec4fc7515594fdb42b04aa03189a44184b + Prevents size mismatch linker warnings on Solaris 11. -commit 43849a47c5f8687699eafbcb5604f6b9c395179f -Author: doug@openbsd.org -Date: Fri Dec 11 17:41:37 2015 +0000 +commit 283b97ff33ea2c641161950849931bd578de6946 +Author: Darren Tucker +Date: Fri Jul 15 13:49:44 2016 +1000 - upstream commit - - Add "id" to ssh-agent pledge for subprocess support. - - Found the hard way by Jan Johansson when using ssh-agent with X. Also, - rearranged proc/exec and retval to match other pledge calls in the tree. + Mitigate timing of disallowed users PAM logins. - ok djm@ + When sshd decides to not allow a login (eg PermitRootLogin=no) and + it's using PAM, it sends a fake password to PAM so that the timing for + the failure is not noticeably different whether or not the password + is correct. This behaviour can be detected by sending a very long + password string which is slower to hash than the fake password. - Upstream-ID: 914255f6850e5e7fa830a2de6c38605333b584db + Mitigate by constructing an invalid password that is the same length + as the one from the client and thus takes the same time to hash. + Diff from djm@ -commit 52d7078421844b2f88329f5be3de370b0a938636 -Author: mmcc@openbsd.org -Date: Fri Dec 11 04:21:11 2015 +0000 +commit 9286875a73b2de7736b5e50692739d314cd8d9dc +Author: Darren Tucker +Date: Fri Jul 15 13:32:45 2016 +1000 - upstream commit - - Remove NULL-checks before sshbuf_free(). + Determine appropriate salt for invalid users. - ok djm@ + When sshd is processing a non-PAM login for a non-existent user it uses + the string from the fakepw structure as the salt for crypt(3)ing the + password supplied by the client. That string has a Blowfish prefix, so on + systems that don't understand that crypt will fail fast due to an invalid + salt, and even on those that do it may have significantly different timing + from the hash methods used for real accounts (eg sha512). This allows + user enumeration by, eg, sending large password strings. This was noted + by EddieEzra.Harari at verint.com (CVE-2016-6210). - Upstream-ID: 5ebed00ed5f9f03b119a345085e8774565466917 + To mitigate, use the same hash algorithm that root uses for hashing + passwords for users that do not exist on the system. ok djm@ -commit a4b9e0f4e4a6980a0eb8072f76ea611cab5b77e7 -Author: djm@openbsd.org -Date: Fri Dec 11 03:24:25 2015 +0000 +commit a162dd5e58ca5b224d7500abe35e1ef32b5de071 +Author: Darren Tucker +Date: Thu Jul 14 21:19:59 2016 +1000 - upstream commit - - include remote port number in a few more messages; makes - tying log messages together into a session a bit easier; bz#2503 ok dtucker@ - - Upstream-ID: 9300dc354015f7a7368d94a8ff4a4266a69d237e + OpenSSL 1.1.x not currently supported. -commit 6091c362e89079397e68744ae30df121b0a72c07 -Author: djm@openbsd.org -Date: Fri Dec 11 03:20:09 2015 +0000 +commit 7df91b01fc558a33941c5c5f31abbcdc53a729fb +Author: Darren Tucker +Date: Thu Jul 14 12:25:24 2016 +1000 - upstream commit - - don't try to load SSHv1 private key when compiled without - SSHv1 support. From Iain Morgan bz#2505 + Check for VIS_ALL. - Upstream-ID: 8b8e7b02a448cf5e5635979df2d83028f58868a7 + If we don't have it, set BROKEN_STRNVIS to activate the compat replacement. -commit cce6a36bb95e81fa8bfb46daf22eabcf13afc352 -Author: djm@openbsd.org -Date: Fri Dec 11 03:19:09 2015 +0000 +commit ee67716f61f1042d5e67f91c23707cca5dcdd7d0 +Author: dtucker@openbsd.org +Date: Thu Jul 14 01:24:21 2016 +0000 upstream commit - use SSH_MAX_PUBKEY_BYTES consistently as buffer size when - reading key files. Increase it to match the size of the buffers already being - used. + Correct equal in test. - Upstream-ID: 1b60586b484b55a947d99a0b32bd25e0ced56fae + Upstream-Regress-ID: 4e32f7a5c57a619c4e8766cb193be2a1327ec37a -commit 89540b6de025b80404a0cb8418c06377f3f98848 -Author: mmcc@openbsd.org -Date: Fri Dec 11 02:31:47 2015 +0000 +commit 372807c2065c8572fdc6478b25cc5ac363743073 +Author: tb@openbsd.org +Date: Mon Jul 11 21:38:13 2016 +0000 upstream commit - Remove NULL-checks before sshkey_free(). + Add missing "recvfd" pledge promise: Raf Czlonka reported + ssh coredumps when Control* keywords were set in ssh_config. This patch also + fixes similar problems with scp and sftp. - ok djm@ + ok deraadt, looks good to millert - Upstream-ID: 3e35afe8a25e021216696b5d6cde7f5d2e5e3f52 + Upstream-ID: ca2099eade1ef3e87a79614fefa26a0297ad8a3b -commit 79394ed6d74572c2d2643d73937dad33727fc240 -Author: dtucker@openbsd.org -Date: Fri Dec 11 02:29:03 2015 +0000 +commit e0453f3df64bf485c61c7eb6bd12893eee9fe2cd +Author: tedu@openbsd.org +Date: Mon Jul 11 03:19:44 2016 +0000 upstream commit - fflush stdout so that output is seen even when running in - debug mode when output may otherwise not be flushed. Patch from dustin at - null-ptr.net. + obsolete note about fascistloggin is obsolete. ok djm + dtucker - Upstream-ID: b0c6b4cd2cdb01d7e9eefbffdc522e35b5bc4acc + Upstream-ID: dae60df23b2bb0e89f42661ddd96a7b0d1b7215a -commit ee607cccb6636eb543282ba90e0677b0604d8b7a +commit a2333584170a565adf4f209586772ef8053b10b8 Author: Darren Tucker -Date: Tue Dec 15 15:23:49 2015 +1100 +Date: Thu Jul 14 10:59:09 2016 +1000 - Increase robustness of redhat/openssh.spec - - - remove configure --with-rsh, because this option isn't supported anymore - - replace last occurrence of BuildPreReq by BuildRequires - - update grep statement to query the krb5 include directory + Add compat code for missing wcwidth. - Patch from CarstenGrohmann via github, ok djm. + If we don't have wcwidth force fallback implementations of nl_langinfo + and mbtowc. Based on advice from Ingo Schwarze. + +commit 8aaec7050614494014c47510b7e94daf6e644c62 +Author: Damien Miller +Date: Thu Jul 14 09:48:48 2016 +1000 -commit b5fa0cd73555b991a543145603658d7088ec6b60 + fix missing include for systems with err.h + +commit 6310ef27a2567cda66d6cf0c1ad290ee1167f243 Author: Darren Tucker -Date: Tue Dec 15 15:10:32 2015 +1100 +Date: Wed Jul 13 14:42:35 2016 +1000 - Allow --without-ssl-engine with --without-openssl + Move err.h replacements into compat lib. - Patch from Mike Frysinger via github. + Move implementations of err.h replacement functions into their own file + in the libopenbsd-compat so we can use them in kexfuzz.c too. ok djm@ -commit c1d7e546f6029024f3257cc25c92f2bddf163125 +commit f3f2cc8386868f51440c45210098f65f9787449a Author: Darren Tucker -Date: Tue Dec 15 14:27:09 2015 +1100 +Date: Mon Jul 11 17:23:38 2016 +1000 - Include openssl crypto.h for SSLeay. + Check for wchar.h and langinfo.h - Patch from doughdemon via github. + Wrap includes in the appropriate #ifdefs. -commit c6f5f01651526e88c00d988ce59d71f481ebac62 -Author: Darren Tucker -Date: Tue Dec 15 13:59:12 2015 +1100 +commit b9c50614eba9d90939b2b119b6e1b7e03b462278 +Author: Damien Miller +Date: Fri Jul 8 13:59:13 2016 +1000 - Add sys/time.h for gettimeofday. + whitelist more architectures for seccomp-bpf - Should allow it it compile with MUSL libc. Based on patch from - doughdemon via github. + bz#2590 - testing and patch from Jakub Jelen -commit 39736be06c7498ef57d6970f2d85cf066ae57c82 -Author: djm@openbsd.org -Date: Fri Dec 11 02:20:28 2015 +0000 +commit 18813a32b6fd964037e0f5e1893cb4468ac6a758 +Author: guenther@openbsd.org +Date: Mon Jul 4 18:01:44 2016 +0000 upstream commit - correct error messages; from Tomas Kuthan bz#2507 + DEBUGLIBS has been broken since the gcc4 switch, so delete + it. CFLAGS contains -g by default anyway + + problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) + ok millert@ kettenis@ deraadt@ - Upstream-ID: 7454a0affeab772398052954c79300aa82077093 + Upstream-Regress-ID: 4a0bb72f95c63f2ae9daa8a040ac23914bddb542 -commit 94141b7ade24afceeb6762a3f99e09e47a6c42b6 -Author: mmcc@openbsd.org -Date: Fri Dec 11 00:20:04 2015 +0000 +commit 6d31193d0baa3da339c196ac49625b7ba1c2ecc7 +Author: djm@openbsd.org +Date: Fri Jul 8 03:44:42 2016 +0000 upstream commit - Pass (char *)NULL rather than (char *)0 to execl and - execlp. + Improve crypto ordering for Encrypt-then-MAC (EtM) mode + MAC algorithms. + + Previously we were computing the MAC, decrypting the packet and then + checking the MAC. This gave rise to the possibility of creating a + side-channel oracle in the decryption step, though no such oracle has + been identified. - ok dtucker@ + This adds a mac_check() function that computes and checks the MAC in + one pass, and uses it to advance MAC checking for EtM algorithms to + before payload decryption. + + Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and + Martin Albrecht. feedback and ok markus@ - Upstream-ID: 56c955106cbddba86c3dd9bbf786ac0d1b361492 + Upstream-ID: 1999bb67cab47dda5b10b80d8155fe83d4a1867b -commit d59ce08811bf94111c2f442184cf7d1257ffae24 -Author: mmcc@openbsd.org -Date: Thu Dec 10 17:08:40 2015 +0000 +commit 71f5598f06941f645a451948c4a5125c83828e1c +Author: guenther@openbsd.org +Date: Mon Jul 4 18:01:44 2016 +0000 upstream commit - Remove NULL-checks before free(). + DEBUGLIBS has been broken since the gcc4 switch, so + delete it. CFLAGS contains -g by default anyway - ok dtucker@ + problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) + ok millert@ kettenis@ deraadt@ - Upstream-ID: e3d3cb1ce900179906af36517b5eea0fb15e6ef8 + Upstream-ID: 96c5054e3e1f170c6276902d5bc65bb3b87a2603 -commit 8e56dd46cb37879c73bce2d6032cf5e7f82d5a71 -Author: mmcc@openbsd.org -Date: Thu Dec 10 07:01:35 2015 +0000 +commit e683fc6f1c8c7295648dbda679df8307786ec1ce +Author: dtucker@openbsd.org +Date: Thu Jun 30 05:17:05 2016 +0000 upstream commit - Fix a couple "the the" typos. ok dtucker@ + Explicitly check for 100% completion to avoid potential + floating point rounding error, which could cause progressmeter to report 99% + on completion. While there invert the test so the 100% case is clearer. with + & ok djm@ - Upstream-ID: ec364c5af32031f013001fd28d1bd3dfacfe9a72 + Upstream-ID: a166870c5878e422f3c71ff802e2ccd7032f715d -commit 6262a0522ddc2c0f2e9358dcb68d59b46e9c533e -Author: markus@openbsd.org -Date: Mon Dec 7 20:04:09 2015 +0000 +commit 772e6cec0ed740fc7db618dc30b4134f5a358b43 +Author: jmc@openbsd.org +Date: Wed Jun 29 17:14:28 2016 +0000 upstream commit - stricter encoding type checks for ssh-rsa; ok djm@ - - Upstream-ID: 8cca7c787599a5e8391e184d0b4f36fdc3665650 - -commit d86a3ba7af160c13496102aed861ae48a4297072 -Author: Damien Miller -Date: Wed Dec 9 09:18:45 2015 +1100 - - Don't set IPV6_V6ONLY on OpenBSD + sort the -o list; - It isn't necessary and runs afoul of pledge(2) restrictions. + Upstream-ID: 1a97465ede8790b4d47cb618269978e07f41f8ac -commit da98c11d03d819a15429d8fff9688acd7505439f +commit 46ecd19e554ccca15a7309cd1b6b44bc8e6b84af Author: djm@openbsd.org -Date: Mon Dec 7 02:20:46 2015 +0000 +Date: Thu Jun 23 05:17:51 2016 +0000 upstream commit - basic unit tests for rsa-sha2-* signature types + fix AuthenticationMethods during configuration re-parse; + reported by Juan Francisco Cantero Hurtado - Upstream-Regress-ID: 7dc4b9db809d578ff104d591b4d86560c3598d3c + Upstream-ID: 8ffa1dac25c7577eca8238e825317ab20848f9b4 -commit 3da893fdec9936dd2c23739cdb3c0c9d4c59fca0 -Author: markus@openbsd.org -Date: Sat Dec 5 20:53:21 2015 +0000 +commit 3147e7595d0f2f842a666c844ac53e6c7a253d7e +Author: djm@openbsd.org +Date: Sun Jun 19 07:48:02 2016 +0000 upstream commit - prefer rsa-sha2-512 over -256 for hostkeys, too; noticed - by naddy@ + revert 1.34; causes problems loading public keys + + reported by semarie@ - Upstream-ID: 685f55f7ec566a8caca587750672723a0faf3ffe + Upstream-ID: b393794f8935c8b15d98a407fe7721c62d2ed179 -commit 8b56e59714d87181505e4678f0d6d39955caf10e -Author: tobias@openbsd.org -Date: Fri Dec 4 21:51:06 2015 +0000 +commit ad23a75509f4320d43f628c50f0817e3ad12bfa7 +Author: jmc@openbsd.org +Date: Fri Jun 17 06:33:30 2016 +0000 upstream commit - Properly handle invalid %-format by calling fatal. - - ok deraadt, djm + grammar fix; - Upstream-ID: 5692bce7d9f6eaa9c488cb93d3b55e758bef1eac + Upstream-ID: 5d5b21c80f1e81db367333ce0bb3e5874fb3e463 -commit 76c9fbbe35aabc1db977fb78e827644345e9442e -Author: markus@openbsd.org -Date: Fri Dec 4 16:41:28 2015 +0000 +commit 5e28b1a2a3757548b40018cc2493540a17c82e27 +Author: djm@openbsd.org +Date: Fri Jun 17 05:06:23 2016 +0000 upstream commit - implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures - (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and - draft-ssh-ext-info-04.txt; with & ok djm@ + translate OpenSSL error codes to something more + meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@ - Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309 + Upstream-ID: 4cb0795a366381724314e6515d57790c5930ffe5 -commit 6064a8b8295cb5a17b5ebcfade53053377714f40 +commit b64faeb5eda7eff8210c754d00464f9fe9d23de5 Author: djm@openbsd.org -Date: Fri Dec 4 00:24:55 2015 +0000 +Date: Fri Jun 17 05:03:40 2016 +0000 upstream commit - clean up agent_fd handling; properly initialise it to -1 - and make tests consistent + ban AuthenticationMethods="" and accept + AuthenticationMethods=any for the default behaviour of not requiring multiple + authentication - ok markus@ + bz#2398 from Jakub Jelen; ok dtucker@ - Upstream-ID: ac9554323d5065745caf17b5e37cb0f0d4825707 + Upstream-ID: fabd7f44d59e4518d241d0d01e226435cc23cf27 -commit b91926a97620f3e51761c271ba57aa5db790f48d -Author: semarie@openbsd.org -Date: Thu Dec 3 17:00:18 2015 +0000 +commit 9816fc5daee5ca924dd5c4781825afbaab728877 +Author: dtucker@openbsd.org +Date: Thu Jun 16 11:00:17 2016 +0000 upstream commit - pledges ssh client: - mux client: which is used when - ControlMaster is in use. will end with "stdio proc tty" (proc is to - permit sending SIGWINCH to mux master on window resize) - - - client loop: several levels of pledging depending of your used options - - ok deraadt@ + Include stdarg.h for va_copy as per man page. - Upstream-ID: 21676155a700e51f2ce911e33538e92a2cd1d94b + Upstream-ID: 105d6b2f1af2fbd9d91c893c436ab121434470bd -commit bcce47466bbc974636f588b5e4a9a18ae386f64a -Author: doug@openbsd.org -Date: Wed Dec 2 08:30:50 2015 +0000 +commit b6cf84b51bc0f5889db48bf29a0c771954ade283 +Author: jmc@openbsd.org +Date: Thu Jun 16 06:10:45 2016 +0000 upstream commit - Add "cpath" to the ssh-agent pledge so the cleanup - handler can unlink(). + keys stored in openssh format can have comments too; diff + from yonas yanfa, tweaked a bit; - ok djm@ + ok djm - Upstream-ID: 9e632991d48241d56db645602d381253a3d8c29d + Upstream-ID: 03d48536da6e51510d73ade6fcd44ace731ceb27 -commit a90d001543f46716b6590c6dcc681d5f5322f8cf -Author: djm@openbsd.org -Date: Wed Dec 2 08:00:58 2015 +0000 +commit aa37768f17d01974b6bfa481e5e83841b6c76f86 +Author: Darren Tucker +Date: Mon Jun 20 15:55:34 2016 +1000 - upstream commit - - ssh-agent pledge needs proc for askpass; spotted by todd@ + get_remote_name_or_ip inside LOGIN_NEEDS_UTMPX - Upstream-ID: 349aa261b29cc0e7de47ef56167769c432630b2a + Apply the same get_remote_name_or_ip -> session_get_remote_name_or_ip + change as commit 95767262 to the code inside #ifdef LOGIN_NEEDS_UTMPX. + Fixes build on AIX. -commit d952162b3c158a8f23220587bb6c8fcda75da551 -Author: djm@openbsd.org -Date: Tue Dec 1 23:29:24 2015 +0000 +commit 009891afc8df37bc2101e15d1e0b6433cfb90549 +Author: Darren Tucker +Date: Fri Jun 17 14:34:09 2016 +1000 + + Remove duplicate code from PAM. ok djm@ + +commit e690fe85750e93fca1fb7c7c8587d4130a4f7aba +Author: dtucker@openbsd.org +Date: Wed Jun 15 00:40:40 2016 +0000 upstream commit - basic pledge() for ssh-agent, more refinement needed + Remove "POSSIBLE BREAK-IN ATTEMPT!" from log message + about forward and reverse DNS not matching. We haven't supported IP-based + auth methods for a very long time so it's now misleading. part of bz#2585, + ok markus@ - Upstream-ID: 5b5b03c88162fce549e45e1b6dd833f20bbb5e13 + Upstream-ID: 5565ef0ee0599b27f0bd1d3bb1f8a323d8274e29 -commit f0191d7c8e76e30551084b79341886d9bb38e453 -Author: Damien Miller -Date: Mon Nov 30 10:53:25 2015 +1100 +commit 57b4ee04cad0d3e0fec1194753b0c4d31e39a1cd +Author: Darren Tucker +Date: Wed Jun 15 11:22:38 2016 +1000 - Revert "stub for pledge(2) for systems that lack it" - - This reverts commit 14c887c8393adde2d9fd437d498be30f8c98535c. + Move platform_disable_tracing into its own file. - dtucker beat me to it :/ + Prevents link errors resolving the extern "options" when platform.o + gets linked into ssh-agent when building --with-pam. -commit 6283cc72eb0e49a3470d30e07ca99a1ba9e89676 -Author: Damien Miller -Date: Mon Nov 30 10:37:03 2015 +1100 +commit 78dc8e3724e30ee3e1983ce013e80277dc6ca070 +Author: Darren Tucker +Date: Tue Jun 14 13:55:12 2016 +1000 - revert 7d4c7513: bring back S/Key prototypes + Track skipped upstream commit IDs. - (but leave RCSID changes) + There are a small number of "upstream" commits that do not correspond to + a file in -portable. This file tracks those so that we can reconcile + OpenBSD and Portable to ensure that no commits are accidentally missed. + + If you add something to .skipped-commit-ids please also add an upstream + ID line in the following format when you commit it. + + Upstream-ID: 321065a95a7ccebdd5fd08482a1e19afbf524e35 + Upstream-ID: d4f699a421504df35254cf1c6f1a7c304fb907ca + Upstream-ID: aafe246655b53b52bc32c8a24002bc262f4230f7 + Upstream-ID: 8fa9cd1dee3c3339ae329cf20fb591db6d605120 + Upstream-ID: f31327a48dd4103333cc53315ec53fe65ed8a17a + Upstream-ID: edbfde98c40007b7752a4ac106095e060c25c1ef + Upstream-ID: 052fd565e3ff2d8cec3bc957d1788f50c827f8e2 + Upstream-ID: 7cf73737f357492776223da1c09179fa6ba74660 + Upstream-ID: 180d84674be1344e45a63990d60349988187c1ae + Upstream-ID: f6ae971186ba68d066cd102e57d5b0b2c211a5ee -commit 14c887c8393adde2d9fd437d498be30f8c98535c -Author: Damien Miller -Date: Mon Nov 30 09:45:29 2015 +1100 +commit 9f919d1a3219d476d6a662d18df058e1c4f36a6f +Author: Darren Tucker +Date: Tue Jun 14 13:51:01 2016 +1000 - stub for pledge(2) for systems that lack it + Remove now-defunct .cvsignore files. ok djm -commit 452c0b6af5d14c37553e30059bf74456012493f3 -Author: djm@openbsd.org -Date: Sun Nov 29 22:18:37 2015 +0000 +commit 68777faf271efb2713960605c748f6c8a4b26d55 +Author: dtucker@openbsd.org +Date: Wed Jun 8 02:13:01 2016 +0000 upstream commit - pledge, better fatal() messages; feedback deraadt@ + Back out rev 1.28 "Check min and max sizes sent by the + client" change. It caused "key_verify failed for server_host_key" in clients + that send a DH-GEX min value less that DH_GRP_MIN, eg old OpenSSH and PuTTY. + ok djm@ - Upstream-ID: 3e00f6ccfe2b9a7a2d1dbba5409586180801488f + Upstream-ID: 452979d3ca5c1e9dff063287ea0a5314dd091f65 -commit 6da413c085dba37127687b2617a415602505729b -Author: deraadt@openbsd.org -Date: Sat Nov 28 06:50:52 2015 +0000 +commit a86ec4d0737ac5879223e7cd9d68c448df46e169 +Author: Darren Tucker +Date: Tue Jun 14 10:48:27 2016 +1000 - upstream commit - - do not leak temp file if there is no known_hosts file - from craig leres, ok djm + Use Solaris setpflags(__PROC_PROTECT, ...). - Upstream-ID: c820497fd5574844c782e79405c55860f170e426 + Where possible, use Solaris setpflags to disable process tracing on + ssh-agent and sftp-server. bz#2584, based on a patch from huieying.lee + at oracle.com, ok djm. + +commit 0f916d39b039fdc0b5baf9b5ab0754c0f11ec573 +Author: Darren Tucker +Date: Tue Jun 14 10:43:53 2016 +1000 + + Shorten prctl code a tiny bit. -commit 3ddd15e1b63a4d4f06c8ab16fbdd8a5a61764f16 +commit 0fb7f5985351fbbcd2613d8485482c538e5123be Author: Darren Tucker -Date: Mon Nov 30 07:23:53 2015 +1100 +Date: Thu Jun 9 16:23:07 2016 +1000 - Add a null implementation of pledge. + Move prctl PR_SET_DUMPABLE into platform.c. - Fixes builds on almost everything. + This should make it easier to add additional platform support such as + Solaris (bz#2584). -commit b1d6b3971ef256a08692efc409fc9ada719111cc -Author: djm@openbsd.org -Date: Sat Nov 28 06:41:03 2015 +0000 +commit e6508898c3cd838324ecfe1abd0eb8cf802e7106 +Author: dtucker@openbsd.org +Date: Fri Jun 3 04:10:41 2016 +0000 upstream commit - don't include port number in tcpip-forward replies for - requests that don't allocate a port; bz#2509 diagnosed by Ron Frederick ok - markus + Add a test for ssh(1)'s config file parsing. - Upstream-ID: 77efad818addb61ec638b5a2362f1554e21a970a + Upstream-Regress-ID: 558b7f4dc45cc3761cc3d3e889b9f3c5bc91e601 -commit 9080bd0b9cf10d0f13b1f642f20cb84285cb8d65 -Author: deraadt@openbsd.org -Date: Fri Nov 27 00:49:31 2015 +0000 +commit ab0a536066dfa32def0bd7272c096ebb5eb25b11 +Author: dtucker@openbsd.org +Date: Fri Jun 3 03:47:59 2016 +0000 upstream commit - pledge "stdio rpath wpath cpath fattr tty proc exec" - except for the -p option (which sadly has insane semantics...) ok semarie - dtucker + Add 'sshd' to the test ID as I'm about to add a similar + set for ssh. - Upstream-ID: 8854bbd58279abe00f6c33f8094bdc02c8c65059 + Upstream-Regress-ID: aea7a9c3bac638530165c801ce836875b228ae7a -commit 4d90625b229cf6b3551d81550a9861897509a65f -Author: halex@openbsd.org -Date: Fri Nov 20 23:04:01 2015 +0000 +commit a5577c1ed3ecdfe4b7b1107c526cae886fc91afb +Author: schwarze@openbsd.org +Date: Mon May 30 12:14:08 2016 +0000 upstream commit - allow comment change for all supported formats - - ok djm@ + stricter malloc.conf(5) options for utf8 tests - Upstream-ID: 5fc477cf2f119b2d44aa9c683af16cb00bb3744b + Upstream-Regress-ID: 111efe20a0fb692fa1a987f6e823310f9b25abf6 -commit 8ca915fc761519dd1f7766a550ec597a81db5646 -Author: djm@openbsd.org -Date: Fri Nov 20 01:45:29 2015 +0000 +commit 75f0844b4f29d62ec3a5e166d2ee94b02df819fc +Author: schwarze@openbsd.org +Date: Mon May 30 12:05:56 2016 +0000 upstream commit - add cast to make -Werror clean + Fix two rare edge cases: 1. If vasprintf() returns < 0, + do not access a NULL pointer in snmprintf(), and do not free() the pointer + returned from vasprintf() because on some systems other than OpenBSD, it + might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and "" + rather than -1 and NULL. + + Besides, free(dst) is pointless after failure (not a bug). - Upstream-ID: 288db4f8f810bd475be01320c198250a04ff064d - -commit ac9473580dcd401f8281305af98635cdaae9bf96 -Author: Damien Miller -Date: Fri Nov 20 12:35:41 2015 +1100 - - fix multiple authentication using S/Key w/ privsep + One half OK martijn@, the other half OK deraadt@; + committing quickly before people get hurt. - bz#2502, patch from Kevin Korb and feandil_ + Upstream-Regress-ID: b164f20923812c9bac69856dbc1385eb1522cba4 -commit 88b6fcdeb87a2fb76767854d9eb15006662dca57 -Author: djm@openbsd.org -Date: Thu Nov 19 08:23:27 2015 +0000 +commit 016881eb33a7948028848c90f4c7ac42e3af0e87 +Author: schwarze@openbsd.org +Date: Thu May 26 19:14:25 2016 +0000 upstream commit - ban ConnectionAttempts=0, it makes no sense and would cause - ssh_connect_direct() to print an uninitialised stack variable; bz#2500 - reported by dvw AT phas.ubc.ca + test the new utf8 module - Upstream-ID: 32b5134c608270583a90b93a07b3feb3cbd5f7d5 + Upstream-Regress-ID: c923d05a20e84e4ef152cbec947fdc4ce6eabbe3 -commit 964ab3ee7a8f96bdbc963d5b5a91933d6045ebe7 -Author: djm@openbsd.org -Date: Thu Nov 19 01:12:32 2015 +0000 +commit d4219028bdef448e089376f3afe81ef6079da264 +Author: dtucker@openbsd.org +Date: Tue May 3 15:30:46 2016 +0000 upstream commit - trailing whitespace + Set umask to prevent "Bad owner or permissions" errors. - Upstream-ID: 31fe0ad7c4d08e87f1d69c79372f5e3c5cd79051 + Upstream-Regress-ID: 8fdf2fc4eb595ccd80c443f474d639f851145417 -commit f96516d052dbe38561f6b92b0e4365d8e24bb686 +commit 07d5608bb237e9b3fe86a2aeaa429392230faebf Author: djm@openbsd.org -Date: Thu Nov 19 01:09:38 2015 +0000 +Date: Tue May 3 14:41:04 2016 +0000 upstream commit - print host certificate contents at debug level + support doas - Upstream-ID: 39354cdd8a2b32b308fd03f98645f877f540f00d + Upstream-Regress-ID: 8d5572b27ea810394eeda432d8b4e9e1064a7c38 -commit 499cf36fecd6040e30e2912dd25655bc574739a7 +commit 01cabf10adc7676cba5f40536a34d3b246edb73f Author: djm@openbsd.org -Date: Thu Nov 19 01:08:55 2015 +0000 +Date: Tue May 3 13:48:33 2016 +0000 upstream commit - move the certificate validity formatting code to - sshkey.[ch] + unit tests for sshbuf_dup_string() - Upstream-ID: f05f7c78fab20d02ff1d5ceeda533ef52e8fe523 + Upstream-Regress-ID: 7521ff150dc7f20511d1c2c48fd3318e5850a96d -commit bcb7bc77bbb1535d1008c7714085556f3065d99d -Author: djm@openbsd.org -Date: Wed Nov 18 08:37:28 2015 +0000 +commit 6915f1698e3d1dd4e22eac20f435e1dfc1d46372 +Author: jmc@openbsd.org +Date: Fri Jun 3 06:44:12 2016 +0000 upstream commit - fix "ssh-keygen -l" of private key, broken in support for - multiple plain keys on stdin + tweak previous; - Upstream-ID: 6b3132d2c62d03d0bad6f2bcd7e2d8b7dab5cd9d + Upstream-ID: 92979f1a0b63e041a0e5b08c9ed0ba9b683a3698 -commit 259adb6179e23195c8f6913635ea71040d1ccd63 -Author: millert@openbsd.org -Date: Mon Nov 16 23:47:52 2015 +0000 +commit 0cb2f4c2494b115d0f346ed2d8b603ab3ba643f4 +Author: dtucker@openbsd.org +Date: Fri Jun 3 04:09:38 2016 +0000 upstream commit - Replace remaining calls to index(3) with strchr(3). OK - jca@ krw@ + Allow ExitOnForwardFailure and ClearAllForwardings to be + overridden when using ssh -W (but still default to yes in that case). + bz#2577, ok djm@. - Upstream-ID: 33837d767a0cf1db1489b96055f9e330bc0bab6d + Upstream-ID: 4b20c419e93ca11a861c81c284090cfabc8c54d4 -commit c56a255162c2166884539c0a1f7511575325b477 -Author: djm@openbsd.org -Date: Mon Nov 16 22:53:07 2015 +0000 +commit 8543ff3f5020fe659839b15f05b8c522bde6cee5 +Author: dtucker@openbsd.org +Date: Fri Jun 3 03:14:41 2016 +0000 upstream commit - Allow fingerprinting from standard input "ssh-keygen -lf - -" - - Support fingerprinting multiple plain keys in a file and authorized_keys - files too (bz#1319) - - ok markus@ + Move the host and port used by ssh -W into the Options + struct. This will make future changes a bit easier. ok djm@ - Upstream-ID: 903f8b4502929d6ccf53509e4e07eae084574b77 + Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382 -commit 5b4010d9b923cf1b46c9c7b1887c013c2967e204 -Author: djm@openbsd.org -Date: Mon Nov 16 22:51:05 2015 +0000 +commit 6b87311d3acdc460f926b2c40f4c4f3fd345f368 +Author: dtucker@openbsd.org +Date: Wed Jun 1 04:19:49 2016 +0000 upstream commit - always call privsep_preauth_child() regardless of whether - sshd was started by root; it does important priming before sandboxing and - failing to call it could result in sandbox violations later; ok markus@ + Check min and max sizes sent by the client against what + we support before passing them to the monitor. ok djm@ - Upstream-ID: c8a6d0d56c42f3faab38460dc917ca0d1705d383 + Upstream-ID: 750627e8117084215412bff00a25b1586ab17ece -commit 3a9f84b58b0534bbb485f1eeab75665e2d03371f -Author: djm@openbsd.org -Date: Mon Nov 16 22:50:01 2015 +0000 +commit 564cd2a8926ccb1dca43a535073540935b5e0373 +Author: dtucker@openbsd.org +Date: Tue May 31 23:46:14 2016 +0000 upstream commit - improve sshkey_read() semantics; only update *cpp when a - key is successfully read; ok markus@ + Ensure that the client's proposed DH-GEX max value is at + least as big as the minimum the server will accept. ok djm@ - Upstream-ID: f371e78e8f4fab366cf69a42bdecedaed5d1b089 + Upstream-ID: b4b84fa04aab2de7e79a6fee4a6e1c189c0fe775 + +commit df820722e40309c9b3f360ea4ed47a584ed74333 +Author: Darren Tucker +Date: Mon Jun 6 11:36:13 2016 +1000 + + Add compat bits to utf8.c. + +commit 05c6574652571becfe9d924226c967a3f4b3f879 +Author: Darren Tucker +Date: Mon Jun 6 11:33:43 2016 +1000 + + Fix utf->utf8 typo. -commit db6f8dc5dd5655b59368efd074994d4568bc3556 -Author: logan@openbsd.org -Date: Mon Nov 16 06:13:04 2015 +0000 +commit 6c1717190b4d5ddd729cd9e24e8ed71ed4f087ce +Author: schwarze@openbsd.org +Date: Mon May 30 18:34:41 2016 +0000 upstream commit - 1) Use xcalloc() instead of xmalloc() to check for - potential overflow. (Feedback from both mmcc@ and djm@) 2) move set_size - just before the for loop. (suggested by djm@) + Backout rev. 1.43 for now. + + The function update_progress_meter() calls refresh_progress_meter() + which calls snmprintf() which calls malloc(); but update_progress_meter() + acts as the SIGALRM signal handler. - OK djm@ + "malloc(): error: recursive call" reported by sobrado@. - Upstream-ID: 013534c308187284756c3141f11d2c0f33c47213 + Upstream-ID: aaae57989431e5239c101f8310f74ccc83aeb93e -commit 383f10fb84a0fee3c01f9d97594f3e22aa3cd5e0 -Author: djm@openbsd.org -Date: Mon Nov 16 00:30:02 2015 +0000 +commit cd9e1eabeb4137182200035ab6fa4522f8d24044 +Author: schwarze@openbsd.org +Date: Mon May 30 12:57:21 2016 +0000 upstream commit - Add a new authorized_keys option "restrict" that - includes all current and future key restrictions (no-*-forwarding, etc). Also - add permissive versions of the existing restrictions, e.g. "no-pty" -> "pty". - This simplifies the task of setting up restricted keys and ensures they are - maximally-restricted, regardless of any permissions we might implement in the - future. - - Example: + Even when only writing an unescaped character, the dst + buffer may need to grow, or it would be overrun; issue found by tb@ with + malloc.conf(5) 'C'. - restrict,pty,command="nethack" ssh-ed25519 AAAAC3NzaC1lZDI1... + While here, reserve an additional byte for the terminating NUL + up front such that we don't have to realloc() later just for that. - Idea from Jann Horn; ok markus@ + OK tb@ - Upstream-ID: 04ceb9d448e46e67e13887a7ae5ea45b4f1719d0 + Upstream-ID: 30ebcc0c097c4571b16f0a78b44969f170db0cff -commit e41a071f7bda6af1fb3f081bed0151235fa61f15 -Author: jmc@openbsd.org -Date: Sun Nov 15 23:58:04 2015 +0000 +commit ac284a355f8065eaef2a16f446f3c44cdd17371d +Author: schwarze@openbsd.org +Date: Mon May 30 12:05:56 2016 +0000 upstream commit - correct section number for ssh-agent; + Fix two rare edge cases: 1. If vasprintf() returns < 0, + do not access a NULL pointer in snmprintf(), and do not free() the pointer + returned from vasprintf() because on some systems other than OpenBSD, it + might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and "" + rather than -1 and NULL. - Upstream-ID: 44be72fd8bcc167635c49b357b1beea8d5674bd6 - -commit 1a11670286acddcc19f5eff0966c380831fc4638 -Author: jmc@openbsd.org -Date: Sun Nov 15 23:54:15 2015 +0000 - - upstream commit + Besides, free(dst) is pointless after failure (not a bug). - do not confuse mandoc by presenting "Dd"; + One half OK martijn@, the other half OK deraadt@; + committing quickly before people get hurt. - Upstream-ID: 1470fce171c47b60bbc7ecd0fc717a442c2cfe65 + Upstream-ID: b7bcd2e82fc168a8eff94e41f5db336ed986fed0 -commit f361df474c49a097bfcf16d1b7b5c36fcd844b4b -Author: jcs@openbsd.org -Date: Sun Nov 15 22:26:49 2015 +0000 +commit 0e059cdf5fd86297546c63fa8607c24059118832 +Author: schwarze@openbsd.org +Date: Wed May 25 23:48:45 2016 +0000 upstream commit - Add an AddKeysToAgent client option which can be set to - 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a - private key that is used during authentication will be added to ssh-agent if - it is running (with confirmation enabled if set to 'confirm'). + To prevent screwing up terminal settings when printing to + the terminal, for ASCII and UTF-8, escape bytes not forming characters and + bytes forming non-printable characters with vis(3) VIS_OCTAL. For other + character sets, abort printing of the current string in these cases. In + particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * + sanitize data received from the remote host; * sanitize filenames, usernames, + and similar data even locally; * take character display widths into account + for the progressmeter. + + This is believed to be sufficient to keep the local terminal safe + on OpenBSD, but bad things can still happen on other systems with + state-dependent locales because many places in the code print + unencoded ASCII characters into the output stream. - Initial version from Joachim Schipper many years ago. + Using feedback from djm@ and martijn@, + various aspects discussed with many others. - ok markus@ + deraadt@ says it should go in now, i probably already hesitated too long - Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4 + Upstream-ID: e66afbc94ee396ddcaffd433b9a3b80f387647e0 -commit d87063d9baf5479b6e813d47dfb694a97df6f6f5 -Author: djm@openbsd.org -Date: Fri Nov 13 04:39:35 2015 +0000 +commit 8c02e3639acefe1e447e293dbe23a0917abd3734 +Author: dtucker@openbsd.org +Date: Tue May 24 04:43:45 2016 +0000 upstream commit - send SSH2_MSG_UNIMPLEMENTED replies to unexpected - messages during KEX; bz#2949, ok dtucker@ + KNF compression proposal and simplify the client side a + little. ok djm@ - Upstream-ID: 2b3abdff344d53c8d505f45c83a7b12e84935786 + Upstream-ID: aa814b694efe9e5af8a26e4c80a05526ae6d6605 -commit 9fd04681a1e9b0af21e08ff82eb674cf0a499bfc -Author: djm@openbsd.org -Date: Fri Nov 13 04:38:06 2015 +0000 +commit 7ec4946fb686813eb5f8c57397e465f5485159f4 +Author: dtucker@openbsd.org +Date: Tue May 24 02:31:57 2016 +0000 upstream commit - Support "none" as an argument for sshd_config - ForceCommand and ChrootDirectory. Useful inside Match blocks to override a - global default. bz#2486 ok dtucker@ + Back out 'plug memleak'. - Upstream-ID: 7ef478d6592bc7db5c7376fc33b4443e63dccfa5 + Upstream-ID: 4faacdde136c24a961e24538de373660f869dbc0 -commit 94bc0b72c29e511cbbc5772190d43282e5acfdfe +commit 82f24c3ddc52053aeb7beb3332fa94c92014b0c5 Author: djm@openbsd.org -Date: Fri Nov 13 04:34:15 2015 +0000 +Date: Mon May 23 23:30:50 2016 +0000 upstream commit - support multiple certificates (one per line) and - reading from standard input (using "-f -") for "ssh-keygen -L"; ok dtucker@ + prefer agent-hosted keys to keys from PKCS#11; ok markus - Upstream-ID: ecbadeeef3926e5be6281689b7250a32a80e88db + Upstream-ID: 7417f7653d58d6306d9f8c08d0263d050e2fd8f4 -commit b6b9108f5b561c83612cb97ece4134eb59fde071 -Author: djm@openbsd.org -Date: Fri Nov 13 02:57:46 2015 +0000 +commit a0cb7778fbc9b43458f7072eb68dd858766384d1 +Author: dtucker@openbsd.org +Date: Mon May 23 00:17:27 2016 +0000 upstream commit - list a couple more options usable in Match blocks; - bz#2489 + Plug mem leak in filter_proposal. ok djm@ - Upstream-ID: e4d03f39d254db4c0cc54101921bb89fbda19879 + Upstream-ID: bf968da7cfcea2a41902832e7d548356a4e2af34 -commit a7994b3f5a5a5a33b52b0a6065d08e888f0a99fb -Author: djm@openbsd.org -Date: Wed Nov 11 04:56:39 2015 +0000 +commit ae9c0d4d5c581b3040d1f16b5c5f4b1cd1616743 +Author: Darren Tucker +Date: Fri Jun 3 16:03:44 2016 +1000 - upstream commit - - improve PEEK/POKE macros: better casts, don't multiply - evaluate arguments; ok deraadt@ + Update vis.h and vis.c from OpenBSD. - Upstream-ID: 9a1889e19647615ededbbabab89064843ba92d3e + This will be needed for the upcoming utf8 changes. -commit 7d4c7513a7f209cb303a608ac6e46b3f1dfc11ec -Author: djm@openbsd.org -Date: Wed Nov 11 01:48:01 2015 +0000 +commit e1d93705f8f48f519433d6ca9fc3d0abe92a1b77 +Author: Tim Rice +Date: Tue May 31 11:13:22 2016 -0700 - upstream commit - - remove prototypes for long-gone s/key support; ok - dtucker@ - - Upstream-ID: db5bed3c57118af986490ab23d399df807359a79 + modified: configure.ac + whitspace clean up. No code changes. -commit 07889c75926c040b8e095949c724e66af26441cb +commit 604a037d84e41e31f0aec9075df0b8740c130200 Author: Damien Miller -Date: Sat Nov 14 18:44:49 2015 +1100 +Date: Tue May 31 16:45:28 2016 +1000 - read back from libcrypto RAND when privdropping - - makes certain libcrypto implementations cache a /dev/urandom fd - in preparation of sandboxing. Based on patch by Greg Hartman. + whitespace at EOL -commit 1560596f44c01bb0cef977816410950ed17b8ecd +commit 18424200160ff5c923113e0a37ebe21ab7bcd17c Author: Darren Tucker -Date: Tue Nov 10 11:14:47 2015 +1100 - - Fix compiler warnings in the openssl header check. - - Noted by Austin English. - -commit e72a8575ffe1d8adff42c9abe9ca36938acc036b -Author: jmc@openbsd.org -Date: Sun Nov 8 23:24:03 2015 +0000 +Date: Mon May 30 19:35:28 2016 +1000 - upstream commit - - -c before -H, in SYNOPSIS and usage(); + Add missing ssh-host-config --name option - Upstream-ID: 25e8c58a69e1f37fcd54ac2cd1699370acb5e404 + Patch from vinschen@redhat.com. -commit 3a424cdd21db08c7b0ded902f97b8f02af5aa485 -Author: djm@openbsd.org -Date: Sun Nov 8 22:30:20 2015 +0000 +commit 39c0cecaa188a37a2e134795caa68e03f3ced592 +Author: Darren Tucker +Date: Fri May 20 10:01:58 2016 +1000 - upstream commit - - Add "ssh-keyscan -c ..." flag to allow fetching - certificates instead of plain keys; ok markus@ + Fix comment about sshpam_const and AIX. - Upstream-ID: 0947e2177dba92339eced9e49d3c5bf7dda69f82 + From mschwager via github. -commit 69fead5d7cdaa73bdece9fcba80f8e8e70b90346 -Author: jmc@openbsd.org -Date: Sun Nov 8 22:08:38 2015 +0000 +commit f64062b1f74ad5ee20a8a49aab2732efd0f7ce30 +Author: Damien Miller +Date: Fri May 20 09:56:53 2016 +1000 - upstream commit - - remove slogin links; ok deraadt markus djm + Deny lstat syscalls in seccomp sandbox - Upstream-ID: 39ba08548acde4c54f2d4520c202c2a863a3c730 + Avoids sandbox violations for some krb/gssapi libraries. -commit 2fecfd486bdba9f51b3a789277bb0733ca36e1c0 +commit 531c135409b8d8810795b1f3692a4ebfd5c9cae0 Author: djm@openbsd.org -Date: Sun Nov 8 21:59:11 2015 +0000 +Date: Thu May 19 07:45:32 2016 +0000 upstream commit - fix OOB read in packet code caused by missing return - statement found by Ben Hawkes; ok markus@ deraadt@ + fix type of ed25519 values - Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62 + Upstream-ID: b32d0cb372bbe918ca2de56906901eae225a59b0 -commit 5e288923a303ca672b686908320bc5368ebec6e6 -Author: mmcc@openbsd.org -Date: Fri Nov 6 00:31:41 2015 +0000 +commit 75e21688f523799c9e0cc6601d76a9c5ca79f787 +Author: markus@openbsd.org +Date: Wed May 4 14:32:26 2016 +0000 upstream commit - 1. rlogin and rsh are long gone 2. protocol version isn't - of core relevance here, and v1 is going away - - ok markus@, deraadt@ + add IdentityAgent; noticed & ok jmc@ - Upstream-ID: 8b46bc94cf1ca7c8c1a75b1c958b2bb38d7579c8 + Upstream-ID: 4ba9034b00a4cf1beae627f0728da897802df88a -commit 8b29008bbe97f33381d9b4b93fcfa304168d0286 -Author: jmc@openbsd.org -Date: Thu Nov 5 09:48:05 2015 +0000 +commit 1a75d14daf4b60db903e6103cf50e74e0cd0a76b +Author: markus@openbsd.org +Date: Wed May 4 14:29:58 2016 +0000 upstream commit - "commandline" -> "command line", since there are so few - examples of the former in the pages, so many of the latter, and in some of - these pages we had multiple spellings; - - prompted by tj - - Upstream-ID: 78459d59bff74223f8139d9001ccd56fc4310659 - -commit 996b24cebf20077fbe5db07b3a2c20c2d9db736e -Author: Darren Tucker -Date: Thu Oct 29 20:57:34 2015 +1100 - - (re)wrap SYS_sendsyslog in ifdef. + allow setting IdentityAgent to SSH_AUTH_SOCK; ok djm@ - Replace ifdef that went missing in commit - c61b42f2678f21f05653ac2d3d241b48ab5d59ac. Fixes build on older - OpenBSDs. + Upstream-ID: 20c508480d8db3eef18942c0fc39b1fcf25652ac -commit b67e2e76fcf1ae7c802eb27ca927e16c91a513ff -Author: djm@openbsd.org -Date: Thu Oct 29 08:05:17 2015 +0000 +commit 0516454151ae722fc8256c3c56115c6baf24c5b0 +Author: markus@openbsd.org +Date: Wed May 4 14:22:33 2016 +0000 upstream commit - regress test for "PubkeyAcceptedKeyTypes +..." inside a - Match block + move SSH_MSG_NONE, so we don't have to include ssh1.h; + ok deraadt@ - Upstream-Regress-ID: 246c37ed64a2e5704d4c158ccdca1ff700e10647 + Upstream-ID: c2f97502efc761a41b18c17ddf460e138ca7994e -commit abd9dbc3c0d8c8c7561347cfa22166156e78c077 -Author: dtucker@openbsd.org -Date: Mon Oct 26 02:50:58 2015 +0000 +commit 332ff3d770631e7513fea38cf0d3689f673f0e3f +Author: Damien Miller +Date: Tue May 10 09:51:06 2016 +1000 - upstream commit + initialise salen in binresvport_sa - Fix typo certopt->certopts in shell variable. This would - cause the test to hang at a host key prompt if you have an A or CNAME for - "proxy" in your local domain. + avoids failures with UsePrivilegedPort=yes - Upstream-Regress-ID: 6ea03bcd39443a83c89e2c5606392ceb9585836a + patch from Juan Gallego -commit ed08510d38aef930a061ae30d10f2a9cf233bafa -Author: djm@openbsd.org -Date: Thu Oct 29 08:05:01 2015 +0000 +commit c5c1d5d2f04ce00d2ddd6647e61b32f28be39804 +Author: markus@openbsd.org +Date: Wed May 4 14:04:40 2016 +0000 upstream commit - Fix "PubkeyAcceptedKeyTypes +..." inside a Match block; - ok dtucker@ + missing const in prototypes (ssh1) - Upstream-ID: 853662c4036730b966aab77684390c47b9738c69 + Upstream-ID: 789c6ad4928b5fa557369b88c3a6a34926082c05 -commit a4aef3ed29071719b2af82fdf1ac3c2514f82bc5 -Author: djm@openbsd.org -Date: Tue Oct 27 08:54:52 2015 +0000 +commit 9faae50e2e82ba42eb0cb2726bf6830fe7948f28 +Author: dtucker@openbsd.org +Date: Wed May 4 14:00:09 2016 +0000 upstream commit - fix execv arguments in a way less likely to cause grief - for -portable; ok dtucker@ + Fix inverted logic for updating StreamLocalBindMask which + would cause the server to set an invalid mask. ok djm@ - Upstream-ID: 5902bf0ea0371f39f1300698dc3b8e4105fc0fc5 + Upstream-ID: 8a4404c8307a5ef9e07ee2169fc6d8106b527587 -commit 63d188175accea83305e89fafa011136ff3d96ad -Author: djm@openbsd.org -Date: Tue Oct 27 01:44:45 2015 +0000 +commit b02ad1ce9105bfa7394ac7590c0729dd52e26a81 +Author: markus@openbsd.org +Date: Wed May 4 12:21:53 2016 +0000 upstream commit - log certificate serial in verbose() messages to match the - main auth success/fail message; ok dtucker@ + IdentityAgent for specifying specific agent sockets; ok + djm@ - Upstream-ID: dfc48b417c320b97c36ff351d303c142f2186288 + Upstream-ID: 3e6a15eb89ea0fd406f108826b7dc7dec4fbfac1 -commit 2aaba0cfd560ecfe92aa50c00750e6143842cf1f +commit 910e59bba09ac309d78ce61e356da35292212935 Author: djm@openbsd.org -Date: Tue Oct 27 00:49:53 2015 +0000 +Date: Wed May 4 12:16:39 2016 +0000 upstream commit - avoid de-const warning & shrink; ok dtucker@ + fix junk characters after quotes - Upstream-ID: 69a85ef94832378952a22c172009cbf52aaa11db + Upstream-ID: cc4d0cd32cb6b55a2ef98975d2f7ae857d0dc578 -commit 03239c18312b9bab7d1c3b03062c61e8bbc1ca6e -Author: dtucker@openbsd.org -Date: Sun Oct 25 23:42:00 2015 +0000 +commit 9283884e647b8be50ccd2997537af0065672107d +Author: jmc@openbsd.org +Date: Tue May 3 18:38:12 2016 +0000 upstream commit - Expand tildes in filenames passed to -i before checking - whether or not the identity file exists. This means that if the shell - doesn't do the expansion (eg because the option and filename were given as a - single argument) then we'll still add the key. bz#2481, ok markus@ + correct article; - Upstream-ID: db1757178a14ac519e9a3e1a2dbd21113cb3bfc6 + Upstream-ID: 1fbd5b7ab16d2d9834ec79c3cedd4738fa42a168 -commit 97e184e508dd33c37860c732c0eca3fc57698b40 -Author: dtucker@openbsd.org -Date: Sun Oct 25 23:14:03 2015 +0000 +commit cfefbcea1057c2623e76c579174a4107a0b6e6cd +Author: djm@openbsd.org +Date: Tue May 3 15:57:39 2016 +0000 upstream commit - Do not prepend "exec" to the shell command run by "Match - exec" in a config file. It's an unnecessary optimization from repurposed - ProxyCommand code and prevents some things working with some shells. - bz#2471, pointed out by res at qoxp.net. ok markus@ - - Upstream-ID: a1ead25ae336bfa15fb58d8c6b5589f85b4c33a3 - -commit 8db134e7f457bcb069ec72bc4ee722e2af557c69 -Author: Darren Tucker -Date: Thu Oct 29 10:48:23 2015 +1100 - - Prevent name collisions with system glob (bz#2463) + fix overriding of StreamLocalBindMask and + StreamLocalBindUnlink in Match blocks; found the hard way Rogan Dawes - Move glob.h from includes.h to the only caller (sftp) and override the - names for the symbols. This prevents name collisions with the system glob - in the case where something other than ssh uses it (eg kerberos). With - jjelen at redhat.com, ok djm@ + Upstream-ID: 940bc69ec0249ab428d24ccd0722ce35cb932ee2 -commit 86c10dbbef6a5800d2431a66cf7f41a954bb62b5 -Author: dtucker@openbsd.org -Date: Fri Oct 23 02:22:01 2015 +0000 +commit 771c2f51ffc0c9a2877b7892fada0c77bd1f6549 +Author: djm@openbsd.org +Date: Tue May 3 15:25:06 2016 +0000 upstream commit - Update expected group sizes to match recent code changes. + don't forget to include StreamLocalBindUnlink in the + config dump output - Upstream-Regress-ID: 0004f0ea93428969fe75bcfff0d521c553977794 + Upstream-ID: 14a6d970b3b45c8e94272e3c661e9a0b2a0ee7cb -commit 9ada37d36003a77902e90a3214981e417457cf13 +commit cdcd941994dc430f50d0a4e6a712d32b66e6199e Author: djm@openbsd.org -Date: Sat Oct 24 22:56:19 2015 +0000 +Date: Tue May 3 14:54:08 2016 +0000 upstream commit - fix keyscan output for multiple hosts/addrs on one line - when host hashing or a non standard port is in use; bz#2479 ok dtucker@ + make nethack^wrandomart fingerprint flag more readily + searchable pointed out by Matt Johnston - Upstream-ID: 5321dabfaeceba343da3c8a8b5754c6f4a0a307b + Upstream-ID: cb40d0235dc153c478c1aad3bc60b195422a54fb -commit 44fc7cd7dcef6c52c6b7e9ff830dfa32879bd319 +commit 05855bf2ce7d5cd0a6db18bc0b4214ed5ef7516d Author: djm@openbsd.org -Date: Sat Oct 24 22:52:22 2015 +0000 +Date: Tue May 3 13:10:24 2016 +0000 upstream commit - skip "Could not chdir to home directory" message when - chrooted - - patch from Christian Hesse in bz#2485 ok dtucker@ + clarify ordering of subkeys; pointed out by ietf-ssh AT + stbuehler.de - Upstream-ID: 86783c1953da426dff5b03b03ce46e699d9e5431 + Upstream-ID: 05ebe9f949449a555ebce8e0aad7c8c9acaf8463 -commit a820a8618ec44735dabc688fab96fba38ad66bb2 -Author: sthen@openbsd.org -Date: Sat Oct 24 08:34:09 2015 +0000 +commit cca3b4395807bfb7aaeb83d2838f5c062ce30566 +Author: dtucker@openbsd.org +Date: Tue May 3 12:15:49 2016 +0000 upstream commit - Handle the split of tun(4) "link0" into tap(4) in ssh - tun-forwarding. Adapted from portable (using separate devices for this is the - normal case in most OS). ok djm@ + Use a subshell for constructing key types to work around + different sed behaviours for -portable. - Upstream-ID: 90facf4c59ce73d6741db1bc926e578ef465cd39 + Upstream-Regress-ID: 0f6eb673162df229eda9a134a0f10da16151552d -commit 66d2e229baa9fe57b868c373b05f7ff3bb20055b -Author: gsoares@openbsd.org -Date: Wed Oct 21 11:33:03 2015 +0000 +commit fa58208c6502dcce3e0daac0ca991ee657daf1f5 +Author: djm@openbsd.org +Date: Tue May 3 10:27:59 2016 +0000 upstream commit - fix memory leak in error path ok djm@ + correct some typos and remove a long-stale XXX note. - Upstream-ID: dd2f402b0a0029b755df029fc7f0679e1365ce35 - -commit 7d6c0362039ceacdc1366b5df29ad5d2693c13e5 -Author: mmcc@openbsd.org -Date: Tue Oct 20 23:24:25 2015 +0000 - - upstream commit + add specification for ed25519 certificates - Compare pointers to NULL rather than 0. + mention no host certificate options/extensions are currently defined - ok djm@ + pointed out by Simon Tatham - Upstream-ID: 21616cfea27eda65a06e772cc887530b9a1a27f8 + Upstream-ID: 7b535ab7dba3340b7d8210ede6791fdaefdf839a -commit f98a09cacff7baad8748c9aa217afd155a4d493f -Author: mmcc@openbsd.org -Date: Tue Oct 20 03:36:35 2015 +0000 +commit b466f956c32cbaff4200bfcd5db6739fe4bc7d04 +Author: djm@openbsd.org +Date: Tue May 3 10:24:27 2016 +0000 upstream commit - Replace a function-local allocation with stack memory. - - ok djm@ + add ed25519 keys that are supported but missing from this + documents; from Peter Moody - Upstream-ID: c09fbbab637053a2ab9f33ca142b4e20a4c5a17e + Upstream-ID: 8caac2d8e8cfd2fca6dc304877346e0a064b014b -commit ac908c1eeacccfa85659594d92428659320fd57e -Author: Damien Miller -Date: Thu Oct 22 09:35:24 2015 +1100 +commit 7f3d76319a69dab2efe3a520a8fef5b97e923636 +Author: dtucker@openbsd.org +Date: Tue May 3 09:03:49 2016 +0000 - turn off PrintLastLog when --disable-lastlog + upstream commit + + Implement IUTF8 as per draft-sgtatham-secsh-iutf8-00. Patch + from Simon Tatham, ok markus@ - bz#2278 from Brent Paulson + Upstream-ID: 58268ebdf37d9d467f78216c681705a5e10c58e8 -commit b56deb847f4a0115a8bf488bf6ee8524658162fd +commit 31bc01c05d9f51bee3ebe33dc57c4fafb059fb62 Author: djm@openbsd.org -Date: Fri Oct 16 22:32:22 2015 +0000 +Date: Mon May 2 14:10:58 2016 +0000 upstream commit - increase the minimum modulus that we will send or accept in - diffie-hellman-group-exchange to 2048 bits; ok markus@ + unbreak config parsing on reexec from previous commit - Upstream-ID: 06dce7a24c17b999a0f5fadfe95de1ed6a1a9b6a + Upstream-ID: bc69932638a291770955bd05ca55a32660a613ab -commit 5ee0063f024bf5b3f3ffb275b8cd20055d62b4b9 +commit 67f1459efd2e85bf03d032539283fa8107218936 Author: djm@openbsd.org -Date: Fri Oct 16 18:40:49 2015 +0000 +Date: Mon May 2 09:52:00 2016 +0000 upstream commit - better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in - hostname canonicalisation - treat them as already canonical and remove the - trailing '.' before matching ssh_config; ok markus@ + unit and regress tests for SHA256/512; ok markus - Upstream-ID: f7619652e074ac3febe8363f19622aa4853b679a + Upstream-Regress-ID: a0cd1a92dc824067076a5fcef83c18df9b0bf2c6 -commit e92c499a75477ecfe94dd7b4aed89f20b1fac5a7 -Author: mmcc@openbsd.org -Date: Fri Oct 16 17:07:24 2015 +0000 +commit 0e8eeec8e75f6d0eaf33317376f773160018a9c7 +Author: djm@openbsd.org +Date: Mon May 2 10:26:04 2016 +0000 upstream commit - 0 -> NULL when comparing with a char*. + add support for additional fixed DH groups from + draft-ietf-curdle-ssh-kex-sha2-03 + + diffie-hellman-group14-sha256 (2K group) + diffie-hellman-group16-sha512 (4K group) + diffie-hellman-group18-sha512 (8K group) - ok dtucker@, djm@. + based on patch from Mark D. Baushke and Darren Tucker + ok markus@ - Upstream-ID: a928e9c21c0a9020727d99738ff64027c1272300 + Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f -commit b1d38a3cc6fe349feb8d16a5f520ef12d1de7cb2 +commit 57464e3934ba53ad8590ee3ccd840f693407fc1e Author: djm@openbsd.org -Date: Thu Oct 15 23:51:40 2015 +0000 +Date: Mon May 2 09:36:42 2016 +0000 upstream commit - fix some signed/unsigned integer type mismatches in - format strings; reported by Nicholas Lemonias + support SHA256 and SHA512 RSA signatures in certificates; + ok markus@ - Upstream-ID: 78cd55420a0eef68c4095bdfddd1af84afe5f95c + Upstream-ID: b45be2f2ce8cacd794dc5730edaabc90e5eb434a -commit 1a2663a15d356bb188196b6414b4c50dc12fd42b +commit 1a31d02b2411c4718de58ce796dbb7b5e14db93e Author: djm@openbsd.org -Date: Thu Oct 15 23:08:23 2015 +0000 +Date: Mon May 2 08:49:03 2016 +0000 upstream commit - argument to sshkey_from_private() and sshkey_demote() - can't be NULL - - Upstream-ID: 0111245b1641d387977a9b38da15916820a5fd1f - -commit 0f754e29dd3760fc0b172c1220f18b753fb0957e -Author: Damien Miller -Date: Fri Oct 16 10:53:14 2015 +1100 - - need va_copy before va_start + fix signed/unsigned errors reported by clang-3.7; add + sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with + better safety checking; feedback and ok markus@ - reported by Nicholas Lemonias - -commit eb6c50d82aa1f0d3fc95f5630ea69761e918bfcd -Author: Damien Miller -Date: Thu Oct 15 15:48:28 2015 -0700 - - fix compilation on systems without SYMLOOP_MAX - -commit fafe1d84a210fb3dae7744f268059cc583db8c12 -Author: Damien Miller -Date: Wed Oct 14 09:22:15 2015 -0700 - - s/SANDBOX_TAME/SANDBOX_PLEDGE/g + Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820 -commit 8f22911027ff6c17d7226d232ccd20727f389310 -Author: Damien Miller -Date: Wed Oct 14 08:28:19 2015 +1100 +commit d2d6bf864e52af8491a60dd507f85b74361f5da3 +Author: djm@openbsd.org +Date: Fri Apr 29 08:07:53 2016 +0000 upstream commit - revision 1.20 - date: 2015/10/13 20:55:37; author: millert; state: Exp; lines: +2 -2; commitid: X39sl5ay1czgFIgp; - In rev 1.15 the sizeof argument was fixed in a strlcat() call but - the truncation check immediately following it was not updated to - match. Not an issue in practice since the buffers are the same - size. OK deraadt@ - -commit 23fa695bb735f54f04d46123662609edb6c76767 -Author: Damien Miller -Date: Wed Oct 14 08:27:51 2015 +1100 - - upstream commit + close ControlPersist background process stderr when not + in debug mode or when logging to a file or syslog. bz#1988 ok dtucker - revision 1.19 - date: 2015/01/16 16:48:51; author: deraadt; state: Exp; lines: +3 -3; commitid: 0DYulI8hhujBHMcR; - Move to the universe. - review by millert, binary checking process with doug, concept with guenther + Upstream-ID: 4fb726f0fdcb155ad419913cea10dc4afd409d24 -commit c71be375a69af00c2d0a0c24d8752bec12d8fd1b -Author: Damien Miller -Date: Wed Oct 14 08:27:08 2015 +1100 +commit 9ee692fa1146e887e008a2b9a3d3ea81770c9fc8 +Author: djm@openbsd.org +Date: Thu Apr 28 14:30:21 2016 +0000 upstream commit - revision 1.18 - date: 2014/10/19 03:56:28; author: doug; state: Exp; lines: +9 -9; commitid: U6QxmtbXrGoc02S5; - Revert last commit due to changed semantics found by make release. + fix comment + + Upstream-ID: 313a385bd7b69a82f8e28ecbaf5789c774457b15 -commit c39ad23b06e9aecc3ff788e92f787a08472905b1 -Author: Damien Miller -Date: Wed Oct 14 08:26:24 2015 +1100 +commit ee1e0a16ff2ba41a4d203c7670b54644b6c57fa6 +Author: jmc@openbsd.org +Date: Wed Apr 27 13:53:48 2016 +0000 upstream commit - revision 1.17 - date: 2014/10/18 20:43:52; author: doug; state: Exp; lines: +10 -10; commitid: I74hI1tVZtsspKEt; - Better POSIX compliance in realpath(3). - - millert@ made changes to realpath.c based on FreeBSD's version. I merged - Todd's changes into dl_realpath.c. + cidr permitted for {allow,deny}users; from lars nooden ok djm - ok millert@, guenther@ + Upstream-ID: 13e7327fe85f6c63f3f7f069e0fdc8c351515d11 -commit e929a43f957dbd1254aca2aaf85c8c00cbfc25f4 -Author: Damien Miller -Date: Wed Oct 14 08:25:55 2015 +1100 +commit b6e0140a5aa883c27b98415bd8aa9f65fc04ee22 +Author: djm@openbsd.org +Date: Thu Apr 21 06:08:02 2016 +0000 upstream commit - revision 1.16 - date: 2013/04/05 12:59:54; author: kurt; state: Exp; lines: +3 -1; - - Add comments regarding copies of these files also in libexec/ld.so - okay guenther@ - -commit 5225db68e58a1048cb17f0e36e0d33bc4a8fc410 -Author: Damien Miller -Date: Wed Oct 14 08:25:32 2015 +1100 - - upstream commit + make argument == NULL tests more consistent - revision 1.15 - date: 2012/09/13 15:39:05; author: deraadt; state: Exp; lines: +2 -2; - specify the bounds of the dst to strlcat (both values were static and - equal, but it is more correct) - from Michal Mazurek + Upstream-ID: dc4816678704aa5cbda3a702e0fa2033ff04581d -commit 7365fe5b4859de2305e40ea132da3823830fa710 -Author: Damien Miller -Date: Wed Oct 14 08:25:09 2015 +1100 +commit 6aaabc2b610e44bae473457ad9556ffb43d90ee3 +Author: jmc@openbsd.org +Date: Sun Apr 17 14:34:46 2016 +0000 upstream commit - revision 1.14 - date: 2011/07/24 21:03:00; author: miod; state: Exp; lines: +35 -13; - Recent Single Unix will malloc memory if the second argument of realpath() - is NULL, and third-party software is starting to rely upon this. - Adapted from FreeBSD via Jona Joachim (jaj ; hcl-club , .lu), with minor - tweaks from nicm@ and yours truly. + tweak previous; + + Upstream-ID: 46c1bab91c164078edbccd5f7d06b9058edd814f -commit e679c09cd1951f963793aa3d9748d1c3fdcf808f +commit 0f839e5969efa3bda615991be8a9d9311554c573 Author: djm@openbsd.org -Date: Tue Oct 13 16:15:21 2015 +0000 +Date: Fri Apr 15 02:57:10 2016 +0000 upstream commit - apply PubkeyAcceptedKeyTypes filtering earlier, so all - skipped keys are noted before pubkey authentication starts. ok dtucker@ + missing bit of Include regress - Upstream-ID: ba4f52f54268a421a2a5f98bb375403f4cb044b8 + Upstream-Regress-ID: 1063595f7f40f8489a1b7a27230b9e8acccea34f -commit 179c353f564ec7ada64b87730b25fb41107babd7 +commit 12e4ac46aed681da55c2bba3cd11dfcab23591be Author: djm@openbsd.org -Date: Tue Oct 13 00:21:27 2015 +0000 +Date: Fri Apr 15 02:55:53 2016 +0000 upstream commit - free the correct IV length, don't assume it's always the - cipher blocksize; ok dtucker@ + remove redundant CLEANFILES section - Upstream-ID: c260d9e5ec73628d9ff4b067fbb060eff5a7d298 + Upstream-Regress-ID: 29ef1b267fa56daa60a1463396635e7d53afb587 -commit 2539dce2a049a8f6bb0d44cac51f07ad48e691d3 -Author: deraadt@openbsd.org -Date: Fri Oct 9 01:37:08 2015 +0000 +commit b1d05aa653ae560c44baf8e8a9756e33f98ea75c +Author: djm@openbsd.org +Date: Fri Apr 15 00:48:01 2016 +0000 upstream commit - Change all tame callers to namechange to pledge(2). + sync CLEANFILES with portable, sort - Upstream-ID: 17e654fc27ceaf523c60f4ffd9ec7ae4e7efc7f2 + Upstream-Regress-ID: cb782f4f1ab3e079efbc335c6b64942f790766ed -commit 9846a2f4067383bb76b4e31a9d2303e0a9c13a73 -Author: Damien Miller -Date: Thu Oct 8 04:30:48 2015 +1100 +commit 35f22dad263cce5c61d933ae439998cb965b8748 +Author: djm@openbsd.org +Date: Fri Apr 15 00:31:10 2016 +0000 - hook tame(2) sandbox up to build + upstream commit + + regression test for ssh_config Include directive - OpenBSD only for now + Upstream-Regress-ID: 46a38c8101f635461c506d1aac2d96af80f97f1e -commit 0c46bbe68b70bdf0d6d20588e5847e71f3739fe6 +commit 6b8a1a87005818d4700ce8b42faef746e82c1f51 Author: djm@openbsd.org -Date: Wed Oct 7 15:59:12 2015 +0000 +Date: Thu Apr 14 23:57:17 2016 +0000 upstream commit - include PubkeyAcceptedKeyTypes in ssh -G config dump + unbreak test for recent ssh de-duplicated forwarding + change - Upstream-ID: 6c097ce6ffebf6fe393fb7988b5d152a5d6b36bb + Upstream-Regress-ID: 6b2b115d99acd7cff13986e6739ea214cf2a3da3 -commit bdcb73fb7641b1cf73c0065d1a0dd57b1e8b778e -Author: sobrado@openbsd.org -Date: Wed Oct 7 14:45:30 2015 +0000 +commit 076787702418985a2cc6808212dc28ce7afc01f0 +Author: djm@openbsd.org +Date: Thu Apr 14 23:21:42 2016 +0000 upstream commit - UsePrivilegeSeparation defaults to sandbox now. - - ok djm@ + add test knob and warning for StrictModes - Upstream-ID: bff136c38bcae89df82e044d2f42de21e1ad914f + Upstream-Regress-ID: 8cd10952ce7898655ee58945904f2a0a3bdf7682 -commit 2905d6f99c837bb699b6ebc61711b19acd030709 +commit dc7990be865450574c7940c9880567f5d2555b37 Author: djm@openbsd.org -Date: Wed Oct 7 00:54:06 2015 +0000 +Date: Fri Apr 15 00:30:19 2016 +0000 upstream commit - don't try to change tun device flags if they are already - what we need; makes it possible to use tun/tap networking as non- root user - if device permissions and interface flags are pre-established; based on patch - by Ossi Herrala + Include directive for ssh_config(5); feedback & ok markus@ - Upstream-ID: 89099ac4634cd477b066865acf54cb230780fd21 + Upstream-ID: ae3b76e2e343322b9f74acde6f1e1c5f027d5fff -commit 0dc74512bdb105b048883f07de538b37e5e024d4 +commit 85bdcd7c92fe7ff133bbc4e10a65c91810f88755 Author: Damien Miller -Date: Mon Oct 5 18:33:05 2015 -0700 +Date: Wed Apr 13 10:39:57 2016 +1000 - unbreak merge botch + ignore PAM environment vars when UseLogin=yes + + If PAM is configured to read user-specified environment variables + and UseLogin=yes in sshd_config, then a hostile local user may + attack /bin/login via LD_PRELOAD or similar environment variables + set via PAM. + + CVE-2015-8325, found by Shayan Sadigh, via Colin Watson -commit fdd020e86439afa7f537e2429d29d4b744c94331 +commit dce19bf6e4a2a3d0b13a81224de63fc316461ab9 Author: djm@openbsd.org -Date: Tue Oct 6 01:20:59 2015 +0000 +Date: Sat Apr 9 12:39:30 2016 +0000 upstream commit - adapt to recent sshkey_parse_private_fileblob() API - change + make private key loading functions consistently handle NULL + key pointer arguments; ok markus@ - Upstream-Regress-ID: 5c0d818da511e33e0abf6a92a31bd7163b7ad988 + Upstream-ID: 92038726ef4a338169c35dacc9c5a07fcc7fa761 -commit 21ae8ee3b630b0925f973db647a1b9aa5fcdd4c5 -Author: djm@openbsd.org -Date: Thu Sep 24 07:15:39 2015 +0000 +commit 5f41f030e2feb5295657285aa8c6602c7810bc4b +Author: Darren Tucker +Date: Fri Apr 8 21:14:13 2016 +1000 - upstream commit - - fix command-line option to match what was actually - committed + Remove NO_IPPORT_RESERVED_CONCEPT - Upstream-Regress-ID: 3e8c24a2044e8afd37e7ce17b69002ca817ac699 + Replace by defining IPPORT_RESERVED to zero on Cygwin, which should have + the same effect without causing problems syncing patches with OpenBSD. + Resync the two affected functions with OpenBSD. ok djm, sanity checked + by Corinna. -commit e14ac43b75e68f1ffbd3e1a5e44143c8ae578dcd +commit 34a01b2cf737d946ddb140618e28c3048ab7a229 Author: djm@openbsd.org -Date: Thu Sep 24 06:16:53 2015 +0000 +Date: Fri Apr 8 08:19:17 2016 +0000 upstream commit - regress test for CertificateFile; patch from Meghana Bhat - via bz#2436 + whitespace at EOL - Upstream-Regress-ID: e7a6e980cbe0f8081ba2e83de40d06c17be8bd25 + Upstream-ID: 5beffd4e001515da12851b974e2323ae4aa313b6 -commit 905b054ed24e0d5b4ef226ebf2c8bfc02ae6d4ad +commit 90ee563fa6b54c59896c6c332c5188f866c5e75f Author: djm@openbsd.org -Date: Mon Oct 5 17:11:21 2015 +0000 +Date: Fri Apr 8 06:35:54 2016 +0000 upstream commit - some more bzero->explicit_bzero, from Michael McConville + We accidentally send an empty string and a zero uint32 with + every direct-streamlocal@openssh.com channel open, in contravention of our + own spec. - Upstream-ID: 17f19545685c33327db2efdc357c1c9225ff00d0 - -commit b007159a0acdbcf65814b3ee05dbe2cf4ea46011 -Author: deraadt@openbsd.org -Date: Fri Oct 2 15:52:55 2015 +0000 - - upstream commit + Fixing this is too hard wrt existing versions that expect these + fields to be present and fatal() if they aren't, so document them + as "reserved" fields in the PROTOCOL spec as though we always + intended this and let us never speak of it again. - fix email + bz#2529, reported by Ron Frederick - Upstream-ID: 72150f2d54b94de14ebef1ea054ef974281bf834 + Upstream-ID: 34cd326a4d236ca6e39084c4ff796bd97ab833e7 -commit b19e1b4ab11884c4f62aee9f8ab53127a4732658 -Author: deraadt@openbsd.org -Date: Fri Oct 2 01:39:52 2015 +0000 +commit 0ccbd5eca0f0dd78e71a4b69c66f03a66908d558 +Author: djm@openbsd.org +Date: Wed Apr 6 06:42:17 2016 +0000 upstream commit - a sandbox using tame ok djm + don't record duplicate LocalForward and RemoteForward + entries; fixes failure with ExitOnForwardFailure+hostname canonicalisation + where the same forwards are added on the second pass through the + configuration file. bz#2562; ok dtucker@ - Upstream-ID: 4ca24e47895e72f5daaa02f3e3d3e5ca2d820fa3 + Upstream-ID: 40a51d68b6300f1cc61deecdb7d4847b8b7b0de1 -commit c61b42f2678f21f05653ac2d3d241b48ab5d59ac -Author: deraadt@openbsd.org -Date: Fri Oct 2 01:39:26 2015 +0000 +commit 574def0eb493cd6efeffd4ff2e9257abcffee0c8 +Author: krw@openbsd.org +Date: Sat Apr 2 14:37:42 2016 +0000 upstream commit - re-order system calls in order of risk, ok i'll be - honest, ordered this way they look like tame... ok djm + Another use for fcntl() and thus of the superfluous 3rd + parameter is when sanitising standard fd's before calling daemon(). - Upstream-ID: 42a1e6d251fd8be13c8262bee026059ae6328813 - -commit c5f7c0843cb6e6074a93c8ac34e49ce33a6f5546 -Author: jmc@openbsd.org -Date: Fri Sep 25 18:19:54 2015 +0000 - - upstream commit + Use a tweaked version of the ssh(1) function in all three places + found using fcntl() this way. - some certificatefile tweaks; ok djm + ok jca@ beck@ - Upstream-ID: 0e5a7852c28c05fc193419cc7e50e64c1c535af0 + Upstream-ID: f16811ffa19a1c5f4ef383c5f0fecb843c84e218 -commit 4e44a79a07d4b88b6a4e5e8c1bed5f58c841b1b8 -Author: djm@openbsd.org -Date: Thu Sep 24 06:15:11 2015 +0000 +commit b3413534aa9d71a941005df2760d1eec2c2b0854 +Author: Darren Tucker +Date: Mon Apr 4 11:09:21 2016 +1000 - upstream commit - - add ssh_config CertificateFile option to explicitly list - a certificate; patch from Meghana Bhat on bz#2436; ok markus@ - - Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8 + Tidy up openssl header test. -commit e3cbb06ade83c72b640a53728d362bbefa0008e2 -Author: sobrado@openbsd.org -Date: Tue Sep 22 08:33:23 2015 +0000 +commit 815bcac0b94bb448de5acdd6ba925b8725240b4f +Author: Darren Tucker +Date: Mon Apr 4 11:07:59 2016 +1000 - upstream commit - - fix two typos. - - Upstream-ID: 424402c0d8863a11b51749bacd7f8d932083b709 + Fix configure-time warnings for openssl test. diff --git a/INSTALL b/INSTALL index e4865bbb4d9a..7f552bf7683f 100644 --- a/INSTALL +++ b/INSTALL @@ -13,7 +13,7 @@ OpenSSL) Zlib 1.1.4 or 1.2.1.2 or greater (earlier 1.2.x versions have problems): http://www.gzip.org/zlib/ -libcrypto (LibreSSL or OpenSSL >= 0.9.8f < 1.1.0) +libcrypto (LibreSSL or OpenSSL >= 1.0.1 < 1.1.0) LibreSSL http://www.libressl.org/ ; or OpenSSL http://www.openssl.org/ @@ -91,7 +91,7 @@ http://nlnetlabs.nl/projects/ldns/ Autoconf: If you modify configure.ac or configure doesn't exist (eg if you checked -the code out of CVS yourself) then you will need autoconf-2.69 to rebuild +the code out of git yourself) then you will need autoconf-2.69 to rebuild the automatically generated files by running "autoreconf". Earlier versions may also work but this is not guaranteed. @@ -103,6 +103,13 @@ Native BSM support is known to exist in Solaris from at least 2.5.1, FreeBSD 6.1 and OS X. Alternatively, you may use the OpenBSM implementation (http://www.openbsm.org). +makedepend: + +https://www.x.org/archive/individual/util/ + +If you are making significant changes to the code you may need to rebuild +the dependency (.depend) file using "make depend", which requires the +"makedepend" tool from the X11 distribution. 2. Building / Installation -------------------------- @@ -162,13 +169,11 @@ also be enabled in sshd_config (refer to the UsePAM directive). --with-prngd-socket=/some/file allows you to enable EGD or PRNGD support and to specify a PRNGd socket. Use this if your Unix lacks -/dev/random and you don't want to use OpenSSH's builtin entropy -collection support. +/dev/random. --with-prngd-port=portnum allows you to enable EGD or PRNGD support and to specify a EGD localhost TCP port. Use this if your Unix lacks -/dev/random and you don't want to use OpenSSH's builtin entropy -collection support. +/dev/random. --with-lastlog=FILE will specify the location of the lastlog file. ./configure searches a few locations for lastlog, but may not find @@ -204,8 +209,7 @@ created. --with-xauth=PATH specifies the location of the xauth binary --with-ssl-dir=DIR allows you to specify where your Libre/OpenSSL -libraries -are installed. +libraries are installed. --with-ssl-engine enables Libre/OpenSSL's (hardware) ENGINE support diff --git a/Makefile.in b/Makefile.in index c52ce191fe95..04e1c8e5345b 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,5 +1,3 @@ -# $Id: Makefile.in,v 1.365 2014/08/30 06:23:07 djm Exp $ - # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -54,16 +52,25 @@ AR=@AR@ AWK=@AWK@ RANLIB=@RANLIB@ INSTALL=@INSTALL@ -PERL=@PERL@ SED=@SED@ ENT=@ENT@ XAUTH_PATH=@XAUTH_PATH@ LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ EXEEXT=@EXEEXT@ MANFMT=@MANFMT@ +MKDIR_P=@MKDIR_P@ TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) +XMSS_OBJS=\ + ssh-xmss.o \ + sshkey-xmss.o \ + xmss_commons.o \ + xmss_fast.o \ + xmss_hash.o \ + xmss_hash_address.o \ + xmss_wots.o + LIBOPENSSH_OBJS=\ ssh_api.o \ ssherr.o \ @@ -73,7 +80,8 @@ LIBOPENSSH_OBJS=\ sshbuf-misc.o \ sshbuf-getput-crypto.o \ krl.o \ - bitmap.o + bitmap.o \ + ${XMSS_OBJS} LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ authfd.o authfile.o bufaux.o bufbn.o bufec.o buffer.o \ @@ -88,7 +96,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ ssh-pkcs11.o smult_curve25519_ref.o \ poly1305.o chacha.o cipher-chachapoly.o \ ssh-ed25519.o digest-openssl.o digest-libc.o hmac.o \ - sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o \ + sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \ kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \ kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \ @@ -218,13 +226,6 @@ $(CONFIGFILES): $(CONFIGFILES_IN) moduli: echo -# special case target for umac128 -umac128.o: umac.c - $(CC) $(CFLAGS) $(CPPFLAGS) -o umac128.o -c $(srcdir)/umac.c \ - -DUMAC_OUTPUT_LEN=16 -Dumac_new=umac128_new \ - -Dumac_update=umac128_update -Dumac_final=umac128_final \ - -Dumac_delete=umac128_delete -Dumac_ctx=umac128_ctx - clean: regressclean rm -f *.o *.a $(TARGETS) logintest config.cache config.log rm -f *.out core survey @@ -298,9 +299,21 @@ catman-do: >$$base.0 ; \ done -distprep: catman-do +depend: depend-rebuild + rm -f .depend.bak + +depend-rebuild: + rm -f config.h + touch config.h + makedepend -w1000 -Y. -f .depend *.c 2>/dev/null + rm -f config.h + +depend-check: depend-rebuild + cmp .depend .depend.bak || (echo .depend stale && exit 1) + +distprep: catman-do depend-check $(AUTORECONF) - -rm -rf autom4te.cache + -rm -rf autom4te.cache .depend.bak install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf @@ -310,14 +323,13 @@ check-config: -$(DESTDIR)$(sbindir)/sshd -t -f $(DESTDIR)$(sysconfdir)/sshd_config install-files: - $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir) - $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir) - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir) - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1 - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5 - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 - $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) - (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)) + $(MKDIR_P) $(DESTDIR)$(bindir) + $(MKDIR_P) $(DESTDIR)$(sbindir) + $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)1 + $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5 + $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8 + $(MKDIR_P) $(DESTDIR)$(libexecdir) + $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH) $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add$(EXEEXT) $(DESTDIR)$(bindir)/ssh-add$(EXEEXT) @@ -345,9 +357,7 @@ install-files: $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 install-sysconf: - if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \ - $(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \ - fi + $(MKDIR_P) $(DESTDIR)$(sysconfdir) @if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_config ]; then \ $(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(sysconfdir)/ssh_config; \ else \ @@ -375,9 +385,6 @@ host-key: ssh-keygen$(EXEEXT) fi host-key-force: ssh-keygen$(EXEEXT) ssh$(EXEEXT) - if ./ssh -Q protocol-version | grep '^1$$' >/dev/null; then \ - ./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N ""; \ - fi ./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N "" ./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N "" ./ssh-keygen -t ed25519 -f $(DESTDIR)$(sysconfdir)/ssh_host_ed25519_key -N "" @@ -421,28 +428,16 @@ uninstall: -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 regress-prep: - [ -d `pwd`/regress ] || mkdir -p `pwd`/regress - [ -d `pwd`/regress/unittests ] || mkdir -p `pwd`/regress/unittests - [ -d `pwd`/regress/unittests/test_helper ] || \ - mkdir -p `pwd`/regress/unittests/test_helper - [ -d `pwd`/regress/unittests/sshbuf ] || \ - mkdir -p `pwd`/regress/unittests/sshbuf - [ -d `pwd`/regress/unittests/sshkey ] || \ - mkdir -p `pwd`/regress/unittests/sshkey - [ -d `pwd`/regress/unittests/bitmap ] || \ - mkdir -p `pwd`/regress/unittests/bitmap - [ -d `pwd`/regress/unittests/conversion ] || \ - mkdir -p `pwd`/regress/unittests/conversion - [ -d `pwd`/regress/unittests/hostkeys ] || \ - mkdir -p `pwd`/regress/unittests/hostkeys - [ -d `pwd`/regress/unittests/kex ] || \ - mkdir -p `pwd`/regress/unittests/kex - [ -d `pwd`/regress/unittests/match ] || \ - mkdir -p `pwd`/regress/unittests/match - [ -d `pwd`/regress/unittests/utf8 ] || \ - mkdir -p `pwd`/regress/unittests/utf8 - [ -d `pwd`/regress/misc/kexfuzz ] || \ - mkdir -p `pwd`/regress/misc/kexfuzz + $(MKDIR_P) `pwd`/regress/unittests/test_helper + $(MKDIR_P) `pwd`/regress/unittests/sshbuf + $(MKDIR_P) `pwd`/regress/unittests/sshkey + $(MKDIR_P) `pwd`/regress/unittests/bitmap + $(MKDIR_P) `pwd`/regress/unittests/conversion + $(MKDIR_P) `pwd`/regress/unittests/hostkeys + $(MKDIR_P) `pwd`/regress/unittests/kex + $(MKDIR_P) `pwd`/regress/unittests/match + $(MKDIR_P) `pwd`/regress/unittests/utf8 + $(MKDIR_P) `pwd`/regress/misc/kexfuzz [ -f `pwd`/regress/Makefile ] || \ ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile @@ -582,6 +577,8 @@ regress-binaries: regress/modpipe$(EXEEXT) \ regress/unittests/utf8/test_utf8$(EXEEXT) \ regress/misc/kexfuzz/kexfuzz$(EXEEXT) +REGRESSTMP = "$(PWD)/regress" + tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS) BUILDDIR=`pwd`; \ TEST_SSH_SCP="$${BUILDDIR}/scp"; \ @@ -605,7 +602,7 @@ tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS) .OBJDIR="$${BUILDDIR}/regress" \ .CURDIR="`pwd`" \ BUILDDIR="$${BUILDDIR}" \ - OBJ="$${BUILDDIR}/regress/" \ + OBJ="$(REGRESSTMP)" \ PATH="$${BUILDDIR}:$${PATH}" \ TEST_ENV=MALLOC_OPTIONS="@TEST_MALLOC_OPTIONS@" \ TEST_MALLOC_OPTIONS="@TEST_MALLOC_OPTIONS@" \ @@ -650,3 +647,5 @@ package: $(CONFIGFILES) $(MANPAGES) $(TARGETS) if [ "@MAKE_PACKAGE_SUPPORTED@" = yes ]; then \ sh buildpkg.sh; \ fi + +# @DEPEND@ diff --git a/PROTOCOL b/PROTOCOL index 4e9e8757566f..b1fc00691c0d 100644 --- a/PROTOCOL +++ b/PROTOCOL @@ -295,10 +295,14 @@ has completed. string[] hostkeys Upon receiving this message, a client should check which of the -supplied host keys are present in known_hosts. For keys that are -not present, it should send a "hostkeys-prove@openssh.com" message -to request the server prove ownership of the private half of the -key. +supplied host keys are present in known_hosts. + +Note that the server may send key types that the client does not +support. The client should disgregard such keys if they are received. + +If the client identifies any keys that are not present for the host, +it should send a "hostkeys-prove@openssh.com" message to request the +server prove ownership of the private half of the key. byte SSH_MSG_GLOBAL_REQUEST string "hostkeys-prove-00@openssh.com" @@ -454,4 +458,4 @@ respond with a SSH_FXP_STATUS message. This extension is advertised in the SSH_FXP_VERSION hello with version "1". -$OpenBSD: PROTOCOL,v 1.31 2017/05/26 01:40:07 djm Exp $ +$OpenBSD: PROTOCOL,v 1.32 2018/02/19 00:55:02 djm Exp $ diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys index 42aa8c2a1734..64cb18700ee1 100644 --- a/PROTOCOL.certkeys +++ b/PROTOCOL.certkeys @@ -100,9 +100,9 @@ DSA certificate ECDSA certificate - string "ecdsa-sha2-nistp256-v01@openssh.com" | - "ecdsa-sha2-nistp384-v01@openssh.com" | - "ecdsa-sha2-nistp521-v01@openssh.com" + string "ecdsa-sha2-nistp256-cert-v01@openssh.com" | + "ecdsa-sha2-nistp384-cert-v01@openssh.com" | + "ecdsa-sha2-nistp521-cert-v01@openssh.com" string nonce string curve string public_key @@ -291,4 +291,4 @@ permit-user-rc empty Flag indicating that execution of of this script will not be permitted if this option is not present. -$OpenBSD: PROTOCOL.certkeys,v 1.12 2017/05/31 04:29:44 djm Exp $ +$OpenBSD: PROTOCOL.certkeys,v 1.13 2017/11/03 02:32:19 djm Exp $ diff --git a/README b/README index 103d43e9b7b7..fb8e21743b00 100644 --- a/README +++ b/README @@ -1,11 +1,11 @@ -See https://www.openssh.com/releasenotes.html#7.6p1 for the release notes. +See https://www.openssh.com/releasenotes.html#7.7p1 for the release notes. Please read https://www.openssh.com/report.html for bug reporting instructions and note that we do not use Github for bug reporting or patch/pull-request management. - A Japanese translation of this document and of the release notes is -- available at http://www.unixuser.org/~haruyama/security/openssh/index.html +- available at https://www.unixuser.org/~haruyama/security/openssh/index.html - Thanks to HARUYAMA Seigo This is the port of OpenBSD's excellent OpenSSH[0] to Linux and other @@ -22,7 +22,7 @@ This port consists of the re-introduction of autoconf support, PAM support, EGD[1]/PRNGD[2] support and replacements for OpenBSD library functions that are (regrettably) absent from other unices. This port has been best tested on AIX, Cygwin, HP-UX, Linux, MacOS/X, -NetBSD, OpenBSD, OpenServer, Solaris, Unicos, and UnixWare. +NetBSD, OpenBSD, OpenServer, Solaris and UnixWare. This version actively tracks changes in the OpenBSD CVS repository. @@ -56,11 +56,11 @@ References - [0] https://www.openssh.com/ [1] http://www.lothar.com/tech/crypto/ -[2] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html -[3] http://www.gzip.org/zlib/ -[4] http://www.openssl.org/ -[5] http://www.openpam.org - http://www.kernel.org/pub/linux/libs/pam/ +[2] http://prngd.sourceforge.net/ +[3] https://www.zlib.net/ +[4] https://www.openssl.org/ +[5] https://www.openpam.org + https://www.kernel.org/pub/linux/libs/pam/ (PAM also is standard on Solaris and HP-UX 11) -[6] http://thrysoee.dk/editline/ (portable version) -[7] http://man.openbsd.org/style.9 +[6] https://thrysoee.dk/editline/ (portable version) +[7] https://man.openbsd.org/style.9 diff --git a/README.privsep b/README.privsep index 2120544c7973..460e90565202 100644 --- a/README.privsep +++ b/README.privsep @@ -34,8 +34,8 @@ privsep user and chroot directory: PAM-enabled OpenSSH is known to function with privsep on AIX, FreeBSD, HP-UX (including Trusted Mode), Linux, NetBSD and Solaris. -On Cygwin, Tru64 Unix, OpenServer, and Unicos only the pre-authentication -part of privsep is supported. Post-authentication privsep is disabled +On Cygwin, Tru64 Unix and OpenServer only the pre-authentication part +of privsep is supported. Post-authentication privsep is disabled automatically (so you won't see the additional process mentioned below). Note that for a normal interactive login with a shell, enabling privsep diff --git a/auth-options.c b/auth-options.c index bed00eef0fe3..b528c197ab26 100644 --- a/auth-options.c +++ b/auth-options.c @@ -1,13 +1,18 @@ -/* $OpenBSD: auth-options.c,v 1.74 2017/09/12 06:32:07 djm Exp $ */ +/* $OpenBSD: auth-options.c,v 1.78 2018/03/14 05:35:40 djm Exp $ */ /* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". + * Copyright (c) 2018 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" @@ -19,88 +24,33 @@ #include #include #include +#include +#include #include "openbsd-compat/sys-queue.h" -#include "key.h" /* XXX for typedef */ -#include "buffer.h" /* XXX for typedef */ #include "xmalloc.h" -#include "match.h" #include "ssherr.h" #include "log.h" -#include "canohost.h" -#include "packet.h" #include "sshbuf.h" #include "misc.h" -#include "channels.h" -#include "servconf.h" #include "sshkey.h" +#include "match.h" +#include "ssh2.h" #include "auth-options.h" -#include "hostfile.h" -#include "auth.h" - -/* Flags set authorized_keys flags */ -int no_port_forwarding_flag = 0; -int no_agent_forwarding_flag = 0; -int no_x11_forwarding_flag = 0; -int no_pty_flag = 0; -int no_user_rc = 0; -int key_is_cert_authority = 0; - -/* "command=" option. */ -char *forced_command = NULL; - -/* "environment=" options. */ -struct envstring *custom_environment = NULL; - -/* "tunnel=" option. */ -int forced_tun_device = -1; - -/* "principals=" option. */ -char *authorized_principals = NULL; - -extern ServerOptions options; - -/* XXX refactor to be stateless */ - -void -auth_clear_options(void) -{ - struct ssh *ssh = active_state; /* XXX */ - - no_agent_forwarding_flag = 0; - no_port_forwarding_flag = 0; - no_pty_flag = 0; - no_x11_forwarding_flag = 0; - no_user_rc = 0; - key_is_cert_authority = 0; - while (custom_environment) { - struct envstring *ce = custom_environment; - custom_environment = ce->next; - free(ce->s); - free(ce); - } - free(forced_command); - forced_command = NULL; - free(authorized_principals); - authorized_principals = NULL; - forced_tun_device = -1; - channel_clear_permitted_opens(ssh); -} /* * Match flag 'opt' in *optsp, and if allow_negate is set then also match * 'no-opt'. Returns -1 if option not matched, 1 if option matches or 0 - * if negated option matches. + * if negated option matches. * If the option or negated option matches, then *optsp is updated to - * point to the first character after the option and, if 'msg' is not NULL - * then a message based on it added via auth_debug_add(). + * point to the first character after the option. */ static int -match_flag(const char *opt, int allow_negate, char **optsp, const char *msg) +opt_flag(const char *opt, int allow_negate, const char **optsp) { size_t opt_len = strlen(opt); - char *opts = *optsp; + const char *opts = *optsp; int negate = 0; if (allow_negate && strncasecmp(opts, "no-", 3) == 0) { @@ -109,368 +59,92 @@ match_flag(const char *opt, int allow_negate, char **optsp, const char *msg) } if (strncasecmp(opts, opt, opt_len) == 0) { *optsp = opts + opt_len; - if (msg != NULL) { - auth_debug_add("%s %s.", msg, - negate ? "disabled" : "enabled"); - } return negate ? 0 : 1; } return -1; } -/* - * return 1 if access is granted, 0 if not. - * side effect: sets key option flags - * XXX remove side effects; fill structure instead. - */ -int -auth_parse_options(struct passwd *pw, char *opts, const char *file, - u_long linenum) +static char * +opt_dequote(const char **sp, const char **errstrp) { - struct ssh *ssh = active_state; /* XXX */ - const char *cp; - int i, r; - - /* reset options */ - auth_clear_options(); + const char *s = *sp; + char *ret; + size_t i; + + *errstrp = NULL; + if (*s != '"') { + *errstrp = "missing start quote"; + return NULL; + } + s++; + if ((ret = malloc(strlen((s)) + 1)) == NULL) { + *errstrp = "memory allocation failed"; + return NULL; + } + for (i = 0; *s != '\0' && *s != '"';) { + if (s[0] == '\\' && s[1] == '"') + s++; + ret[i++] = *s++; + } + if (*s == '\0') { + *errstrp = "missing end quote"; + free(ret); + return NULL; + } + ret[i] = '\0'; + s++; + *sp = s; + return ret; +} - if (!opts) +static int +opt_match(const char **opts, const char *term) +{ + if (strncasecmp((*opts), term, strlen(term)) == 0 && + (*opts)[strlen(term)] == '=') { + *opts += strlen(term) + 1; return 1; - - while (*opts && *opts != ' ' && *opts != '\t') { - if ((r = match_flag("cert-authority", 0, &opts, NULL)) != -1) { - key_is_cert_authority = r; - goto next_option; - } - if ((r = match_flag("restrict", 0, &opts, NULL)) != -1) { - auth_debug_add("Key is restricted."); - no_port_forwarding_flag = 1; - no_agent_forwarding_flag = 1; - no_x11_forwarding_flag = 1; - no_pty_flag = 1; - no_user_rc = 1; - goto next_option; - } - if ((r = match_flag("port-forwarding", 1, &opts, - "Port forwarding")) != -1) { - no_port_forwarding_flag = r != 1; - goto next_option; - } - if ((r = match_flag("agent-forwarding", 1, &opts, - "Agent forwarding")) != -1) { - no_agent_forwarding_flag = r != 1; - goto next_option; - } - if ((r = match_flag("x11-forwarding", 1, &opts, - "X11 forwarding")) != -1) { - no_x11_forwarding_flag = r != 1; - goto next_option; - } - if ((r = match_flag("pty", 1, &opts, - "PTY allocation")) != -1) { - no_pty_flag = r != 1; - goto next_option; - } - if ((r = match_flag("user-rc", 1, &opts, - "User rc execution")) != -1) { - no_user_rc = r != 1; - goto next_option; - } - cp = "command=\""; - if (strncasecmp(opts, cp, strlen(cp)) == 0) { - opts += strlen(cp); - free(forced_command); - forced_command = xmalloc(strlen(opts) + 1); - i = 0; - while (*opts) { - if (*opts == '"') - break; - if (*opts == '\\' && opts[1] == '"') { - opts += 2; - forced_command[i++] = '"'; - continue; - } - forced_command[i++] = *opts++; - } - if (!*opts) { - debug("%.100s, line %lu: missing end quote", - file, linenum); - auth_debug_add("%.100s, line %lu: missing end quote", - file, linenum); - free(forced_command); - forced_command = NULL; - goto bad_option; - } - forced_command[i] = '\0'; - auth_debug_add("Forced command."); - opts++; - goto next_option; - } - cp = "principals=\""; - if (strncasecmp(opts, cp, strlen(cp)) == 0) { - opts += strlen(cp); - free(authorized_principals); - authorized_principals = xmalloc(strlen(opts) + 1); - i = 0; - while (*opts) { - if (*opts == '"') - break; - if (*opts == '\\' && opts[1] == '"') { - opts += 2; - authorized_principals[i++] = '"'; - continue; - } - authorized_principals[i++] = *opts++; - } - if (!*opts) { - debug("%.100s, line %lu: missing end quote", - file, linenum); - auth_debug_add("%.100s, line %lu: missing end quote", - file, linenum); - free(authorized_principals); - authorized_principals = NULL; - goto bad_option; - } - authorized_principals[i] = '\0'; - auth_debug_add("principals: %.900s", - authorized_principals); - opts++; - goto next_option; - } - cp = "environment=\""; - if (strncasecmp(opts, cp, strlen(cp)) == 0) { - char *s; - struct envstring *new_envstring; - - opts += strlen(cp); - s = xmalloc(strlen(opts) + 1); - i = 0; - while (*opts) { - if (*opts == '"') - break; - if (*opts == '\\' && opts[1] == '"') { - opts += 2; - s[i++] = '"'; - continue; - } - s[i++] = *opts++; - } - if (!*opts) { - debug("%.100s, line %lu: missing end quote", - file, linenum); - auth_debug_add("%.100s, line %lu: missing end quote", - file, linenum); - free(s); - goto bad_option; - } - s[i] = '\0'; - opts++; - if (options.permit_user_env) { - auth_debug_add("Adding to environment: " - "%.900s", s); - debug("Adding to environment: %.900s", s); - new_envstring = xcalloc(1, - sizeof(*new_envstring)); - new_envstring->s = s; - new_envstring->next = custom_environment; - custom_environment = new_envstring; - s = NULL; - } - free(s); - goto next_option; - } - cp = "from=\""; - if (strncasecmp(opts, cp, strlen(cp)) == 0) { - const char *remote_ip = ssh_remote_ipaddr(ssh); - const char *remote_host = auth_get_canonical_hostname( - ssh, options.use_dns); - char *patterns = xmalloc(strlen(opts) + 1); - - opts += strlen(cp); - i = 0; - while (*opts) { - if (*opts == '"') - break; - if (*opts == '\\' && opts[1] == '"') { - opts += 2; - patterns[i++] = '"'; - continue; - } - patterns[i++] = *opts++; - } - if (!*opts) { - debug("%.100s, line %lu: missing end quote", - file, linenum); - auth_debug_add("%.100s, line %lu: missing end quote", - file, linenum); - free(patterns); - goto bad_option; - } - patterns[i] = '\0'; - opts++; - switch (match_host_and_ip(remote_host, remote_ip, - patterns)) { - case 1: - free(patterns); - /* Host name matches. */ - goto next_option; - case -1: - debug("%.100s, line %lu: invalid criteria", - file, linenum); - auth_debug_add("%.100s, line %lu: " - "invalid criteria", file, linenum); - /* FALLTHROUGH */ - case 0: - free(patterns); - logit("Authentication tried for %.100s with " - "correct key but not from a permitted " - "host (host=%.200s, ip=%.200s).", - pw->pw_name, remote_host, remote_ip); - auth_debug_add("Your host '%.200s' is not " - "permitted to use this key for login.", - remote_host); - break; - } - /* deny access */ - return 0; - } - cp = "permitopen=\""; - if (strncasecmp(opts, cp, strlen(cp)) == 0) { - char *host, *p; - int port; - char *patterns = xmalloc(strlen(opts) + 1); - - opts += strlen(cp); - i = 0; - while (*opts) { - if (*opts == '"') - break; - if (*opts == '\\' && opts[1] == '"') { - opts += 2; - patterns[i++] = '"'; - continue; - } - patterns[i++] = *opts++; - } - if (!*opts) { - debug("%.100s, line %lu: missing end quote", - file, linenum); - auth_debug_add("%.100s, line %lu: missing " - "end quote", file, linenum); - free(patterns); - goto bad_option; - } - patterns[i] = '\0'; - opts++; - p = patterns; - /* XXX - add streamlocal support */ - host = hpdelim(&p); - if (host == NULL || strlen(host) >= NI_MAXHOST) { - debug("%.100s, line %lu: Bad permitopen " - "specification <%.100s>", file, linenum, - patterns); - auth_debug_add("%.100s, line %lu: " - "Bad permitopen specification", file, - linenum); - free(patterns); - goto bad_option; - } - host = cleanhostname(host); - if (p == NULL || (port = permitopen_port(p)) < 0) { - debug("%.100s, line %lu: Bad permitopen port " - "<%.100s>", file, linenum, p ? p : ""); - auth_debug_add("%.100s, line %lu: " - "Bad permitopen port", file, linenum); - free(patterns); - goto bad_option; - } - if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) - channel_add_permitted_opens(ssh, host, port); - free(patterns); - goto next_option; - } - cp = "tunnel=\""; - if (strncasecmp(opts, cp, strlen(cp)) == 0) { - char *tun = NULL; - opts += strlen(cp); - tun = xmalloc(strlen(opts) + 1); - i = 0; - while (*opts) { - if (*opts == '"') - break; - tun[i++] = *opts++; - } - if (!*opts) { - debug("%.100s, line %lu: missing end quote", - file, linenum); - auth_debug_add("%.100s, line %lu: missing end quote", - file, linenum); - free(tun); - forced_tun_device = -1; - goto bad_option; - } - tun[i] = '\0'; - forced_tun_device = a2tun(tun, NULL); - free(tun); - if (forced_tun_device == SSH_TUNID_ERR) { - debug("%.100s, line %lu: invalid tun device", - file, linenum); - auth_debug_add("%.100s, line %lu: invalid tun device", - file, linenum); - forced_tun_device = -1; - goto bad_option; - } - auth_debug_add("Forced tun device: %d", forced_tun_device); - opts++; - goto next_option; - } -next_option: - /* - * Skip the comma, and move to the next option - * (or break out if there are no more). - */ - if (!*opts) - fatal("Bugs in auth-options.c option processing."); - if (*opts == ' ' || *opts == '\t') - break; /* End of options. */ - if (*opts != ',') - goto bad_option; - opts++; - /* Process the next option. */ } + return 0; +} - /* grant access */ - return 1; +static int +dup_strings(char ***dstp, size_t *ndstp, char **src, size_t nsrc) +{ + char **dst; + size_t i, j; -bad_option: - logit("Bad options in %.100s file, line %lu: %.50s", - file, linenum, opts); - auth_debug_add("Bad options in %.100s file, line %lu: %.50s", - file, linenum, opts); + *dstp = NULL; + *ndstp = 0; + if (nsrc == 0) + return 0; - /* deny access */ + if ((dst = calloc(nsrc, sizeof(*src))) == NULL) + return -1; + for (i = 0; i < nsrc; i++) { + if ((dst[i] = strdup(src[i])) == NULL) { + for (j = 0; j < i; j++) + free(dst[j]); + free(dst); + return -1; + } + } + /* success */ + *dstp = dst; + *ndstp = nsrc; return 0; } #define OPTIONS_CRITICAL 1 #define OPTIONS_EXTENSIONS 2 static int -parse_option_list(struct sshbuf *oblob, struct passwd *pw, - u_int which, int crit, - int *cert_no_port_forwarding_flag, - int *cert_no_agent_forwarding_flag, - int *cert_no_x11_forwarding_flag, - int *cert_no_pty_flag, - int *cert_no_user_rc, - char **cert_forced_command, - int *cert_source_address_done) +cert_option_list(struct sshauthopt *opts, struct sshbuf *oblob, + u_int which, int crit) { - struct ssh *ssh = active_state; /* XXX */ char *command, *allowed; - const char *remote_ip; char *name = NULL; struct sshbuf *c = NULL, *data = NULL; - int r, ret = -1, result, found; + int r, ret = -1, found; if ((c = sshbuf_fromb(oblob)) == NULL) { error("%s: sshbuf_fromb failed", __func__); @@ -491,21 +165,21 @@ parse_option_list(struct sshbuf *oblob, struct passwd *pw, found = 0; if ((which & OPTIONS_EXTENSIONS) != 0) { if (strcmp(name, "permit-X11-forwarding") == 0) { - *cert_no_x11_forwarding_flag = 0; + opts->permit_x11_forwarding_flag = 1; found = 1; } else if (strcmp(name, "permit-agent-forwarding") == 0) { - *cert_no_agent_forwarding_flag = 0; + opts->permit_agent_forwarding_flag = 1; found = 1; } else if (strcmp(name, "permit-port-forwarding") == 0) { - *cert_no_port_forwarding_flag = 0; + opts->permit_port_forwarding_flag = 1; found = 1; } else if (strcmp(name, "permit-pty") == 0) { - *cert_no_pty_flag = 0; + opts->permit_pty_flag = 1; found = 1; } else if (strcmp(name, "permit-user-rc") == 0) { - *cert_no_user_rc = 0; + opts->permit_user_rc = 1; found = 1; } } @@ -517,13 +191,13 @@ parse_option_list(struct sshbuf *oblob, struct passwd *pw, "section: %s", name, ssh_err(r)); goto out; } - if (*cert_forced_command != NULL) { + if (opts->force_command != NULL) { error("Certificate has multiple " "force-command options"); free(command); goto out; } - *cert_forced_command = command; + opts->force_command = command; found = 1; } if (strcmp(name, "source-address") == 0) { @@ -533,38 +207,19 @@ parse_option_list(struct sshbuf *oblob, struct passwd *pw, "section: %s", name, ssh_err(r)); goto out; } - if ((*cert_source_address_done)++) { + if (opts->required_from_host_cert != NULL) { error("Certificate has multiple " "source-address options"); free(allowed); goto out; } - remote_ip = ssh_remote_ipaddr(ssh); - result = addr_match_cidr_list(remote_ip, - allowed); - free(allowed); - switch (result) { - case 1: - /* accepted */ - break; - case 0: - /* no match */ - logit("Authentication tried for %.100s " - "with valid certificate but not " - "from a permitted host " - "(ip=%.200s).", pw->pw_name, - remote_ip); - auth_debug_add("Your address '%.200s' " - "is not permitted to use this " - "certificate for login.", - remote_ip); - goto out; - case -1: - default: + /* Check syntax */ + if (addr_match_cidr_list(NULL, allowed) == -1) { error("Certificate source-address " "contents invalid"); goto out; } + opts->required_from_host_cert = allowed; found = 1; } } @@ -590,74 +245,628 @@ parse_option_list(struct sshbuf *oblob, struct passwd *pw, ret = 0; out: - if (ret != 0 && - cert_forced_command != NULL && - *cert_forced_command != NULL) { - free(*cert_forced_command); - *cert_forced_command = NULL; - } free(name); sshbuf_free(data); sshbuf_free(c); return ret; } +struct sshauthopt * +sshauthopt_new(void) +{ + struct sshauthopt *ret; + + if ((ret = calloc(1, sizeof(*ret))) == NULL) + return NULL; + ret->force_tun_device = -1; + return ret; +} + +void +sshauthopt_free(struct sshauthopt *opts) +{ + size_t i; + + if (opts == NULL) + return; + + free(opts->cert_principals); + free(opts->force_command); + free(opts->required_from_host_cert); + free(opts->required_from_host_keys); + + for (i = 0; i < opts->nenv; i++) + free(opts->env[i]); + free(opts->env); + + for (i = 0; i < opts->npermitopen; i++) + free(opts->permitopen[i]); + free(opts->permitopen); + + explicit_bzero(opts, sizeof(*opts)); + free(opts); +} + +struct sshauthopt * +sshauthopt_new_with_keys_defaults(void) +{ + struct sshauthopt *ret = NULL; + + if ((ret = sshauthopt_new()) == NULL) + return NULL; + + /* Defaults for authorized_keys flags */ + ret->permit_port_forwarding_flag = 1; + ret->permit_agent_forwarding_flag = 1; + ret->permit_x11_forwarding_flag = 1; + ret->permit_pty_flag = 1; + ret->permit_user_rc = 1; + return ret; +} + +struct sshauthopt * +sshauthopt_parse(const char *opts, const char **errstrp) +{ + char **oarray, *opt, *cp, *tmp, *host; + int r; + struct sshauthopt *ret = NULL; + const char *errstr = "unknown error"; + uint64_t valid_before; + + if (errstrp != NULL) + *errstrp = NULL; + if ((ret = sshauthopt_new_with_keys_defaults()) == NULL) + goto alloc_fail; + + if (opts == NULL) + return ret; + + while (*opts && *opts != ' ' && *opts != '\t') { + /* flag options */ + if ((r = opt_flag("restrict", 0, &opts)) != -1) { + ret->restricted = 1; + ret->permit_port_forwarding_flag = 0; + ret->permit_agent_forwarding_flag = 0; + ret->permit_x11_forwarding_flag = 0; + ret->permit_pty_flag = 0; + ret->permit_user_rc = 0; + } else if ((r = opt_flag("cert-authority", 0, &opts)) != -1) { + ret->cert_authority = r; + } else if ((r = opt_flag("port-forwarding", 1, &opts)) != -1) { + ret->permit_port_forwarding_flag = r == 1; + } else if ((r = opt_flag("agent-forwarding", 1, &opts)) != -1) { + ret->permit_agent_forwarding_flag = r == 1; + } else if ((r = opt_flag("x11-forwarding", 1, &opts)) != -1) { + ret->permit_x11_forwarding_flag = r == 1; + } else if ((r = opt_flag("pty", 1, &opts)) != -1) { + ret->permit_pty_flag = r == 1; + } else if ((r = opt_flag("user-rc", 1, &opts)) != -1) { + ret->permit_user_rc = r == 1; + } else if (opt_match(&opts, "command")) { + if (ret->force_command != NULL) { + errstr = "multiple \"command\" clauses"; + goto fail; + } + ret->force_command = opt_dequote(&opts, &errstr); + if (ret->force_command == NULL) + goto fail; + } else if (opt_match(&opts, "principals")) { + if (ret->cert_principals != NULL) { + errstr = "multiple \"principals\" clauses"; + goto fail; + } + ret->cert_principals = opt_dequote(&opts, &errstr); + if (ret->cert_principals == NULL) + goto fail; + } else if (opt_match(&opts, "from")) { + if (ret->required_from_host_keys != NULL) { + errstr = "multiple \"from\" clauses"; + goto fail; + } + ret->required_from_host_keys = opt_dequote(&opts, + &errstr); + if (ret->required_from_host_keys == NULL) + goto fail; + } else if (opt_match(&opts, "expiry-time")) { + if ((opt = opt_dequote(&opts, &errstr)) == NULL) + goto fail; + if (parse_absolute_time(opt, &valid_before) != 0 || + valid_before == 0) { + free(opt); + errstr = "invalid expires time"; + goto fail; + } + free(opt); + if (ret->valid_before == 0 || + valid_before < ret->valid_before) + ret->valid_before = valid_before; + } else if (opt_match(&opts, "environment")) { + if (ret->nenv > INT_MAX) { + errstr = "too many environment strings"; + goto fail; + } + if ((opt = opt_dequote(&opts, &errstr)) == NULL) + goto fail; + /* env name must be alphanumeric and followed by '=' */ + if ((tmp = strchr(opt, '=')) == NULL) { + free(opt); + errstr = "invalid environment string"; + goto fail; + } + for (cp = opt; cp < tmp; cp++) { + if (!isalnum((u_char)*cp)) { + free(opt); + errstr = "invalid environment string"; + goto fail; + } + } + /* Append it. */ + oarray = ret->env; + if ((ret->env = recallocarray(ret->env, ret->nenv, + ret->nenv + 1, sizeof(*ret->env))) == NULL) { + free(opt); + ret->env = oarray; /* put it back for cleanup */ + goto alloc_fail; + } + ret->env[ret->nenv++] = opt; + } else if (opt_match(&opts, "permitopen")) { + if (ret->npermitopen > INT_MAX) { + errstr = "too many permitopens"; + goto fail; + } + if ((opt = opt_dequote(&opts, &errstr)) == NULL) + goto fail; + if ((tmp = strdup(opt)) == NULL) { + free(opt); + goto alloc_fail; + } + cp = tmp; + /* validate syntax of permitopen before recording it. */ + host = hpdelim(&cp); + if (host == NULL || strlen(host) >= NI_MAXHOST) { + free(tmp); + free(opt); + errstr = "invalid permitopen hostname"; + goto fail; + } + /* + * don't want to use permitopen_port to avoid + * dependency on channels.[ch] here. + */ + if (cp == NULL || + (strcmp(cp, "*") != 0 && a2port(cp) <= 0)) { + free(tmp); + free(opt); + errstr = "invalid permitopen port"; + goto fail; + } + /* XXX - add streamlocal support */ + free(tmp); + /* Record it */ + oarray = ret->permitopen; + if ((ret->permitopen = recallocarray(ret->permitopen, + ret->npermitopen, ret->npermitopen + 1, + sizeof(*ret->permitopen))) == NULL) { + free(opt); + ret->permitopen = oarray; + goto alloc_fail; + } + ret->permitopen[ret->npermitopen++] = opt; + } else if (opt_match(&opts, "tunnel")) { + if ((opt = opt_dequote(&opts, &errstr)) == NULL) + goto fail; + ret->force_tun_device = a2tun(opt, NULL); + free(opt); + if (ret->force_tun_device == SSH_TUNID_ERR) { + errstr = "invalid tun device"; + goto fail; + } + } + /* + * Skip the comma, and move to the next option + * (or break out if there are no more). + */ + if (*opts == '\0' || *opts == ' ' || *opts == '\t') + break; /* End of options. */ + /* Anything other than a comma is an unknown option */ + if (*opts != ',') { + errstr = "unknown key option"; + goto fail; + } + opts++; + if (*opts == '\0') { + errstr = "unexpected end-of-options"; + goto fail; + } + } + + /* success */ + if (errstrp != NULL) + *errstrp = NULL; + return ret; + +alloc_fail: + errstr = "memory allocation failed"; +fail: + sshauthopt_free(ret); + if (errstrp != NULL) + *errstrp = errstr; + return NULL; +} + +struct sshauthopt * +sshauthopt_from_cert(struct sshkey *k) +{ + struct sshauthopt *ret; + + if (k == NULL || !sshkey_type_is_cert(k->type) || k->cert == NULL || + k->cert->type != SSH2_CERT_TYPE_USER) + return NULL; + + if ((ret = sshauthopt_new()) == NULL) + return NULL; + + /* Handle options and critical extensions separately */ + if (cert_option_list(ret, k->cert->critical, + OPTIONS_CRITICAL, 1) == -1) { + sshauthopt_free(ret); + return NULL; + } + if (cert_option_list(ret, k->cert->extensions, + OPTIONS_EXTENSIONS, 0) == -1) { + sshauthopt_free(ret); + return NULL; + } + /* success */ + return ret; +} + /* - * Set options from critical certificate options. These supersede user key - * options so this must be called after auth_parse_options(). + * Merges "additional" options to "primary" and returns the result. + * NB. Some options from primary have primacy. */ -int -auth_cert_options(struct sshkey *k, struct passwd *pw, const char **reason) +struct sshauthopt * +sshauthopt_merge(const struct sshauthopt *primary, + const struct sshauthopt *additional, const char **errstrp) { - int cert_no_port_forwarding_flag = 1; - int cert_no_agent_forwarding_flag = 1; - int cert_no_x11_forwarding_flag = 1; - int cert_no_pty_flag = 1; - int cert_no_user_rc = 1; - char *cert_forced_command = NULL; - int cert_source_address_done = 0; - - *reason = "invalid certificate options"; - - /* Separate options and extensions for v01 certs */ - if (parse_option_list(k->cert->critical, pw, - OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL, - &cert_forced_command, - &cert_source_address_done) == -1) - return -1; - if (parse_option_list(k->cert->extensions, pw, - OPTIONS_EXTENSIONS, 0, - &cert_no_port_forwarding_flag, - &cert_no_agent_forwarding_flag, - &cert_no_x11_forwarding_flag, - &cert_no_pty_flag, - &cert_no_user_rc, - NULL, NULL) == -1) - return -1; + struct sshauthopt *ret; + const char *errstr = "internal error"; + const char *tmp; + + if (errstrp != NULL) + *errstrp = NULL; + + if ((ret = sshauthopt_new()) == NULL) + goto alloc_fail; + + /* cert_authority and cert_principals are cleared in result */ + + /* Prefer access lists from primary. */ + /* XXX err is both set and mismatch? */ + tmp = primary->required_from_host_cert; + if (tmp == NULL) + tmp = additional->required_from_host_cert; + if (tmp != NULL && (ret->required_from_host_cert = strdup(tmp)) == NULL) + goto alloc_fail; + tmp = primary->required_from_host_keys; + if (tmp == NULL) + tmp = additional->required_from_host_keys; + if (tmp != NULL && (ret->required_from_host_keys = strdup(tmp)) == NULL) + goto alloc_fail; + + /* force_tun_device, permitopen and environment prefer the primary. */ + ret->force_tun_device = primary->force_tun_device; + if (ret->force_tun_device == -1) + ret->force_tun_device = additional->force_tun_device; + if (primary->nenv > 0) { + if (dup_strings(&ret->env, &ret->nenv, + primary->env, primary->nenv) != 0) + goto alloc_fail; + } else if (additional->nenv) { + if (dup_strings(&ret->env, &ret->nenv, + additional->env, additional->nenv) != 0) + goto alloc_fail; + } + if (primary->npermitopen > 0) { + if (dup_strings(&ret->permitopen, &ret->npermitopen, + primary->permitopen, primary->npermitopen) != 0) + goto alloc_fail; + } else if (additional->npermitopen > 0) { + if (dup_strings(&ret->permitopen, &ret->npermitopen, + additional->permitopen, additional->npermitopen) != 0) + goto alloc_fail; + } + + /* Flags are logical-AND (i.e. must be set in both for permission) */ +#define OPTFLAG(x) ret->x = (primary->x == 1) && (additional->x == 1) + OPTFLAG(permit_port_forwarding_flag); + OPTFLAG(permit_agent_forwarding_flag); + OPTFLAG(permit_x11_forwarding_flag); + OPTFLAG(permit_pty_flag); + OPTFLAG(permit_user_rc); +#undef OPTFLAG + + /* Earliest expiry time should win */ + if (primary->valid_before != 0) + ret->valid_before = primary->valid_before; + if (additional->valid_before != 0 && + additional->valid_before < ret->valid_before) + ret->valid_before = additional->valid_before; - no_port_forwarding_flag |= cert_no_port_forwarding_flag; - no_agent_forwarding_flag |= cert_no_agent_forwarding_flag; - no_x11_forwarding_flag |= cert_no_x11_forwarding_flag; - no_pty_flag |= cert_no_pty_flag; - no_user_rc |= cert_no_user_rc; /* - * Only permit both CA and key option forced-command if they match. - * Otherwise refuse the certificate. + * When both multiple forced-command are specified, only + * proceed if they are identical, otherwise fail. */ - if (cert_forced_command != NULL && forced_command != NULL) { - if (strcmp(forced_command, cert_forced_command) == 0) { - free(forced_command); - forced_command = cert_forced_command; + if (primary->force_command != NULL && + additional->force_command != NULL) { + if (strcmp(primary->force_command, + additional->force_command) == 0) { + /* ok */ + ret->force_command = strdup(primary->force_command); + if (ret->force_command == NULL) + goto alloc_fail; } else { - *reason = "certificate and key options forced command " - "do not match"; - free(cert_forced_command); - return -1; + errstr = "forced command options do not match"; + goto fail; } - } else if (cert_forced_command != NULL) - forced_command = cert_forced_command; + } else if (primary->force_command != NULL) { + if ((ret->force_command = strdup( + primary->force_command)) == NULL) + goto alloc_fail; + } else if (additional->force_command != NULL) { + if ((ret->force_command = strdup( + additional->force_command)) == NULL) + goto alloc_fail; + } + /* success */ + if (errstrp != NULL) + *errstrp = NULL; + return ret; + + alloc_fail: + errstr = "memory allocation failed"; + fail: + if (errstrp != NULL) + *errstrp = errstr; + sshauthopt_free(ret); + return NULL; +} + +/* + * Copy options + */ +struct sshauthopt * +sshauthopt_copy(const struct sshauthopt *orig) +{ + struct sshauthopt *ret; + + if ((ret = sshauthopt_new()) == NULL) + return NULL; + +#define OPTSCALAR(x) ret->x = orig->x + OPTSCALAR(permit_port_forwarding_flag); + OPTSCALAR(permit_agent_forwarding_flag); + OPTSCALAR(permit_x11_forwarding_flag); + OPTSCALAR(permit_pty_flag); + OPTSCALAR(permit_user_rc); + OPTSCALAR(restricted); + OPTSCALAR(cert_authority); + OPTSCALAR(force_tun_device); + OPTSCALAR(valid_before); +#undef OPTSCALAR +#define OPTSTRING(x) \ + do { \ + if (orig->x != NULL && (ret->x = strdup(orig->x)) == NULL) { \ + sshauthopt_free(ret); \ + return NULL; \ + } \ + } while (0) + OPTSTRING(cert_principals); + OPTSTRING(force_command); + OPTSTRING(required_from_host_cert); + OPTSTRING(required_from_host_keys); +#undef OPTSTRING + + if (dup_strings(&ret->env, &ret->nenv, orig->env, orig->nenv) != 0 || + dup_strings(&ret->permitopen, &ret->npermitopen, + orig->permitopen, orig->npermitopen) != 0) { + sshauthopt_free(ret); + return NULL; + } + return ret; +} + +static int +serialise_array(struct sshbuf *m, char **a, size_t n) +{ + struct sshbuf *b; + size_t i; + int r; + + if (n > INT_MAX) + return SSH_ERR_INTERNAL_ERROR; + + if ((b = sshbuf_new()) == NULL) { + return SSH_ERR_ALLOC_FAIL; + } + for (i = 0; i < n; i++) { + if ((r = sshbuf_put_cstring(b, a[i])) != 0) { + sshbuf_free(b); + return r; + } + } + if ((r = sshbuf_put_u32(m, n)) != 0 || + (r = sshbuf_put_stringb(m, b)) != 0) { + sshbuf_free(b); + return r; + } /* success */ - *reason = NULL; return 0; } +static int +deserialise_array(struct sshbuf *m, char ***ap, size_t *np) +{ + char **a = NULL; + size_t i, n = 0; + struct sshbuf *b = NULL; + u_int tmp; + int r = SSH_ERR_INTERNAL_ERROR; + + if ((r = sshbuf_get_u32(m, &tmp)) != 0 || + (r = sshbuf_froms(m, &b)) != 0) + goto out; + if (tmp > INT_MAX) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + n = tmp; + if (n > 0 && (a = calloc(n, sizeof(*a))) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + for (i = 0; i < n; i++) { + if ((r = sshbuf_get_cstring(b, &a[i], NULL)) != 0) + goto out; + } + /* success */ + r = 0; + *ap = a; + a = NULL; + *np = n; + n = 0; + out: + for (i = 0; i < n; i++) + free(a[i]); + free(a); + sshbuf_free(b); + return r; +} + +static int +serialise_nullable_string(struct sshbuf *m, const char *s) +{ + int r; + + if ((r = sshbuf_put_u8(m, s == NULL)) != 0 || + (r = sshbuf_put_cstring(m, s)) != 0) + return r; + return 0; +} + +static int +deserialise_nullable_string(struct sshbuf *m, char **sp) +{ + int r; + u_char flag; + + *sp = NULL; + if ((r = sshbuf_get_u8(m, &flag)) != 0 || + (r = sshbuf_get_cstring(m, flag ? NULL : sp, NULL)) != 0) + return r; + return 0; +} + +int +sshauthopt_serialise(const struct sshauthopt *opts, struct sshbuf *m, + int untrusted) +{ + int r = SSH_ERR_INTERNAL_ERROR; + + /* Flag and simple integer options */ + if ((r = sshbuf_put_u8(m, opts->permit_port_forwarding_flag)) != 0 || + (r = sshbuf_put_u8(m, opts->permit_agent_forwarding_flag)) != 0 || + (r = sshbuf_put_u8(m, opts->permit_x11_forwarding_flag)) != 0 || + (r = sshbuf_put_u8(m, opts->permit_pty_flag)) != 0 || + (r = sshbuf_put_u8(m, opts->permit_user_rc)) != 0 || + (r = sshbuf_put_u8(m, opts->restricted)) != 0 || + (r = sshbuf_put_u8(m, opts->cert_authority)) != 0 || + (r = sshbuf_put_u64(m, opts->valid_before)) != 0) + return r; + + /* tunnel number can be negative to indicate "unset" */ + if ((r = sshbuf_put_u8(m, opts->force_tun_device == -1)) != 0 || + (r = sshbuf_put_u32(m, (opts->force_tun_device < 0) ? + 0 : (u_int)opts->force_tun_device)) != 0) + return r; + + /* String options; these may be NULL */ + if ((r = serialise_nullable_string(m, + untrusted ? "yes" : opts->cert_principals)) != 0 || + (r = serialise_nullable_string(m, + untrusted ? "true" : opts->force_command)) != 0 || + (r = serialise_nullable_string(m, + untrusted ? NULL : opts->required_from_host_cert)) != 0 || + (r = serialise_nullable_string(m, + untrusted ? NULL : opts->required_from_host_keys)) != 0) + return r; + + /* Array options */ + if ((r = serialise_array(m, opts->env, + untrusted ? 0 : opts->nenv)) != 0 || + (r = serialise_array(m, opts->permitopen, + untrusted ? 0 : opts->npermitopen)) != 0) + return r; + + /* success */ + return 0; +} + +int +sshauthopt_deserialise(struct sshbuf *m, struct sshauthopt **optsp) +{ + struct sshauthopt *opts = NULL; + int r = SSH_ERR_INTERNAL_ERROR; + u_char f; + u_int tmp; + + if ((opts = calloc(1, sizeof(*opts))) == NULL) + return SSH_ERR_ALLOC_FAIL; + +#define OPT_FLAG(x) \ + do { \ + if ((r = sshbuf_get_u8(m, &f)) != 0) \ + goto out; \ + opts->x = f; \ + } while (0) + OPT_FLAG(permit_port_forwarding_flag); + OPT_FLAG(permit_agent_forwarding_flag); + OPT_FLAG(permit_x11_forwarding_flag); + OPT_FLAG(permit_pty_flag); + OPT_FLAG(permit_user_rc); + OPT_FLAG(restricted); + OPT_FLAG(cert_authority); +#undef OPT_FLAG + + if ((r = sshbuf_get_u64(m, &opts->valid_before)) != 0) + goto out; + + /* tunnel number can be negative to indicate "unset" */ + if ((r = sshbuf_get_u8(m, &f)) != 0 || + (r = sshbuf_get_u32(m, &tmp)) != 0) + goto out; + opts->force_tun_device = f ? -1 : (int)tmp; + + /* String options may be NULL */ + if ((r = deserialise_nullable_string(m, &opts->cert_principals)) != 0 || + (r = deserialise_nullable_string(m, &opts->force_command)) != 0 || + (r = deserialise_nullable_string(m, + &opts->required_from_host_cert)) != 0 || + (r = deserialise_nullable_string(m, + &opts->required_from_host_keys)) != 0) + goto out; + + /* Array options */ + if ((r = deserialise_array(m, &opts->env, &opts->nenv)) != 0 || + (r = deserialise_array(m, + &opts->permitopen, &opts->npermitopen)) != 0) + goto out; + + /* success */ + r = 0; + *optsp = opts; + opts = NULL; + out: + sshauthopt_free(opts); + return r; +} diff --git a/auth-options.h b/auth-options.h index 547f016355a9..bf59b30be138 100644 --- a/auth-options.h +++ b/auth-options.h @@ -1,40 +1,91 @@ -/* $OpenBSD: auth-options.h,v 1.23 2017/05/31 10:54:00 markus Exp $ */ +/* $OpenBSD: auth-options.h,v 1.26 2018/03/12 00:52:01 djm Exp $ */ /* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved + * Copyright (c) 2018 Damien Miller * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef AUTH_OPTIONS_H #define AUTH_OPTIONS_H -/* Linked list of custom environment strings */ -struct envstring { - struct envstring *next; - char *s; +struct passwd; +struct sshkey; + +/* + * sshauthopt represents key options parsed from authorized_keys or + * from certificate extensions/options. + */ +struct sshauthopt { + /* Feature flags */ + int permit_port_forwarding_flag; + int permit_agent_forwarding_flag; + int permit_x11_forwarding_flag; + int permit_pty_flag; + int permit_user_rc; + + /* "restrict" keyword was invoked */ + int restricted; + + /* key/principal expiry date */ + uint64_t valid_before; + + /* Certificate-related options */ + int cert_authority; + char *cert_principals; + + int force_tun_device; + char *force_command; + + /* Custom environment */ + size_t nenv; + char **env; + + /* Permitted port forwardings */ + size_t npermitopen; + char **permitopen; + + /* + * Permitted host/addresses (comma-separated) + * Caller must check source address matches both lists (if present). + */ + char *required_from_host_cert; + char *required_from_host_keys; }; -/* Flags that may be set in authorized_keys options. */ -extern int no_port_forwarding_flag; -extern int no_agent_forwarding_flag; -extern int no_x11_forwarding_flag; -extern int no_pty_flag; -extern int no_user_rc; -extern char *forced_command; -extern struct envstring *custom_environment; -extern int forced_tun_device; -extern int key_is_cert_authority; -extern char *authorized_principals; - -int auth_parse_options(struct passwd *, char *, const char *, u_long); -void auth_clear_options(void); -int auth_cert_options(struct sshkey *, struct passwd *, const char **); +struct sshauthopt *sshauthopt_new(void); +struct sshauthopt *sshauthopt_new_with_keys_defaults(void); +void sshauthopt_free(struct sshauthopt *opts); +struct sshauthopt *sshauthopt_copy(const struct sshauthopt *orig); +int sshauthopt_serialise(const struct sshauthopt *opts, struct sshbuf *m, int); +int sshauthopt_deserialise(struct sshbuf *m, struct sshauthopt **opts); + +/* + * Parse authorized_keys options. Returns an options structure on success + * or NULL on failure. Will set errstr on failure. + */ +struct sshauthopt *sshauthopt_parse(const char *s, const char **errstr); + +/* + * Parse certification options to a struct sshauthopt. + * Returns options on success or NULL on failure. + */ +struct sshauthopt *sshauthopt_from_cert(struct sshkey *k); + +/* + * Merge key options. + */ +struct sshauthopt *sshauthopt_merge(const struct sshauthopt *primary, + const struct sshauthopt *additional, const char **errstrp); #endif diff --git a/auth-pam.c b/auth-pam.c index de29c04c9c81..00ba87775511 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -287,18 +287,27 @@ sshpam_chauthtok_ruid(pam_handle_t *pamh, int flags) void sshpam_password_change_required(int reqd) { + extern struct sshauthopt *auth_opts; + static int saved_port, saved_agent, saved_x11; + debug3("%s %d", __func__, reqd); if (sshpam_authctxt == NULL) fatal("%s: PAM authctxt not initialized", __func__); sshpam_authctxt->force_pwchange = reqd; if (reqd) { - no_port_forwarding_flag |= 2; - no_agent_forwarding_flag |= 2; - no_x11_forwarding_flag |= 2; + saved_port = auth_opts->permit_port_forwarding_flag; + saved_agent = auth_opts->permit_agent_forwarding_flag; + saved_x11 = auth_opts->permit_x11_forwarding_flag; + auth_opts->permit_port_forwarding_flag = 0; + auth_opts->permit_agent_forwarding_flag = 0; + auth_opts->permit_x11_forwarding_flag = 0; } else { - no_port_forwarding_flag &= ~2; - no_agent_forwarding_flag &= ~2; - no_x11_forwarding_flag &= ~2; + if (saved_port) + auth_opts->permit_port_forwarding_flag = saved_port; + if (saved_agent) + auth_opts->permit_agent_forwarding_flag = saved_agent; + if (saved_x11) + auth_opts->permit_x11_forwarding_flag = saved_x11; } } @@ -1077,7 +1086,7 @@ do_pam_chauthtok(void) } void -do_pam_session(void) +do_pam_session(struct ssh *ssh) { debug3("PAM: opening session"); @@ -1093,7 +1102,7 @@ do_pam_session(void) sshpam_session_open = 1; else { sshpam_session_open = 0; - disable_forwarding(); + auth_restrict_session(ssh); error("PAM: pam_open_session(): %s", pam_strerror(sshpam_handle, sshpam_err)); } diff --git a/auth-pam.h b/auth-pam.h index c47b442e48a5..4198607454fb 100644 --- a/auth-pam.h +++ b/auth-pam.h @@ -25,10 +25,12 @@ #include "includes.h" #ifdef USE_PAM +struct ssh; + void start_pam(Authctxt *); void finish_pam(void); u_int do_pam_account(void); -void do_pam_session(void); +void do_pam_session(struct ssh *); void do_pam_setcred(int ); void do_pam_chauthtok(void); int do_pam_putenv(char *, char *); diff --git a/auth-passwd.c b/auth-passwd.c index 996c2cf71b00..6097fdd243ea 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-passwd.c,v 1.45 2016/07/21 01:39:35 dtucker Exp $ */ +/* $OpenBSD: auth-passwd.c,v 1.46 2018/03/03 03:15:51 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -68,22 +68,15 @@ extern login_cap_t *lc; #define MAX_PASSWORD_LEN 1024 -void -disable_forwarding(void) -{ - no_port_forwarding_flag = 1; - no_agent_forwarding_flag = 1; - no_x11_forwarding_flag = 1; -} - /* * Tries to authenticate the user using password. Returns true if * authentication succeeds. */ int -auth_password(Authctxt *authctxt, const char *password) +auth_password(struct ssh *ssh, const char *password) { - struct passwd * pw = authctxt->pw; + Authctxt *authctxt = ssh->authctxt; + struct passwd *pw = authctxt->pw; int result, ok = authctxt->valid; #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) static int expire_checked = 0; @@ -128,9 +121,9 @@ auth_password(Authctxt *authctxt, const char *password) authctxt->force_pwchange = 1; } #endif - result = sys_auth_passwd(authctxt, password); + result = sys_auth_passwd(ssh, password); if (authctxt->force_pwchange) - disable_forwarding(); + auth_restrict_session(ssh); return (result && ok); } @@ -170,19 +163,19 @@ warn_expiry(Authctxt *authctxt, auth_session_t *as) } int -sys_auth_passwd(Authctxt *authctxt, const char *password) +sys_auth_passwd(struct ssh *ssh, const char *password) { - struct passwd *pw = authctxt->pw; + Authctxt *authctxt = ssh->authctxt; auth_session_t *as; static int expire_checked = 0; - as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh", + as = auth_usercheck(authctxt->pw->pw_name, authctxt->style, "auth-ssh", (char *)password); if (as == NULL) return (0); if (auth_getstate(as) & AUTH_PWEXPIRED) { auth_close(as); - disable_forwarding(); + auth_restrict_session(ssh); authctxt->force_pwchange = 1; return (1); } else { @@ -195,8 +188,9 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) } #elif !defined(CUSTOM_SYS_AUTH_PASSWD) int -sys_auth_passwd(Authctxt *authctxt, const char *password) +sys_auth_passwd(struct ssh *ssh, const char *password) { + Authctxt *authctxt = ssh->authctxt; struct passwd *pw = authctxt->pw; char *encrypted_password, *salt = NULL; diff --git a/auth-sia.c b/auth-sia.c index a9e1c258ca61..7c97f03e51e6 100644 --- a/auth-sia.c +++ b/auth-sia.c @@ -36,6 +36,7 @@ #include #include "ssh.h" +#include "ssh_api.h" #include "key.h" #include "hostfile.h" #include "auth.h" @@ -50,11 +51,12 @@ extern int saved_argc; extern char **saved_argv; int -sys_auth_passwd(Authctxt *authctxt, const char *pass) +sys_auth_passwd(struct ssh *ssh, const char *pass) { int ret; SIAENTITY *ent = NULL; const char *host; + Authctxt *authctxt = ssh->authctxt; host = get_canonical_hostname(options.use_dns); diff --git a/auth.c b/auth.c index a449061741af..63366768a019 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.124 2017/09/12 06:32:07 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.127 2018/03/12 00:52:01 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -28,6 +28,7 @@ #include #include #include +#include #include @@ -73,12 +74,14 @@ #include "authfile.h" #include "ssherr.h" #include "compat.h" +#include "channels.h" /* import */ extern ServerOptions options; extern int use_privsep; extern Buffer loginmsg; extern struct passwd *privsep_pw; +extern struct sshauthopt *auth_opts; /* Debugging messages */ Buffer auth_debug; @@ -385,10 +388,8 @@ auth_maxtries_exceeded(Authctxt *authctxt) * Check whether root logins are disallowed. */ int -auth_root_allowed(const char *method) +auth_root_allowed(struct ssh *ssh, const char *method) { - struct ssh *ssh = active_state; /* XXX */ - switch (options.permit_root_login) { case PERMIT_YES: return 1; @@ -399,7 +400,7 @@ auth_root_allowed(const char *method) return 1; break; case PERMIT_FORCED_ONLY: - if (forced_command) { + if (auth_opts->force_command != NULL) { logit("Root login accepted for forced command."); return 1; } @@ -840,3 +841,343 @@ auth_get_canonical_hostname(struct ssh *ssh, int use_dns) return dnsname; } } + +/* + * Runs command in a subprocess wuth a minimal environment. + * Returns pid on success, 0 on failure. + * The child stdout and stderr maybe captured, left attached or sent to + * /dev/null depending on the contents of flags. + * "tag" is prepended to log messages. + * NB. "command" is only used for logging; the actual command executed is + * av[0]. + */ +pid_t +subprocess(const char *tag, struct passwd *pw, const char *command, + int ac, char **av, FILE **child, u_int flags) +{ + FILE *f = NULL; + struct stat st; + int fd, devnull, p[2], i; + pid_t pid; + char *cp, errmsg[512]; + u_int envsize; + char **child_env; + + if (child != NULL) + *child = NULL; + + debug3("%s: %s command \"%s\" running as %s (flags 0x%x)", __func__, + tag, command, pw->pw_name, flags); + + /* Check consistency */ + if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0 && + (flags & SSH_SUBPROCESS_STDOUT_CAPTURE) != 0) { + error("%s: inconsistent flags", __func__); + return 0; + } + if (((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) == 0) != (child == NULL)) { + error("%s: inconsistent flags/output", __func__); + return 0; + } + + /* + * If executing an explicit binary, then verify the it exists + * and appears safe-ish to execute + */ + if (*av[0] != '/') { + error("%s path is not absolute", tag); + return 0; + } + temporarily_use_uid(pw); + if (stat(av[0], &st) < 0) { + error("Could not stat %s \"%s\": %s", tag, + av[0], strerror(errno)); + restore_uid(); + return 0; + } + if (safe_path(av[0], &st, NULL, 0, errmsg, sizeof(errmsg)) != 0) { + error("Unsafe %s \"%s\": %s", tag, av[0], errmsg); + restore_uid(); + return 0; + } + /* Prepare to keep the child's stdout if requested */ + if (pipe(p) != 0) { + error("%s: pipe: %s", tag, strerror(errno)); + restore_uid(); + return 0; + } + restore_uid(); + + switch ((pid = fork())) { + case -1: /* error */ + error("%s: fork: %s", tag, strerror(errno)); + close(p[0]); + close(p[1]); + return 0; + case 0: /* child */ + /* Prepare a minimal environment for the child. */ + envsize = 5; + child_env = xcalloc(sizeof(*child_env), envsize); + child_set_env(&child_env, &envsize, "PATH", _PATH_STDPATH); + child_set_env(&child_env, &envsize, "USER", pw->pw_name); + child_set_env(&child_env, &envsize, "LOGNAME", pw->pw_name); + child_set_env(&child_env, &envsize, "HOME", pw->pw_dir); + if ((cp = getenv("LANG")) != NULL) + child_set_env(&child_env, &envsize, "LANG", cp); + + for (i = 0; i < NSIG; i++) + signal(i, SIG_DFL); + + if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) { + error("%s: open %s: %s", tag, _PATH_DEVNULL, + strerror(errno)); + _exit(1); + } + if (dup2(devnull, STDIN_FILENO) == -1) { + error("%s: dup2: %s", tag, strerror(errno)); + _exit(1); + } + + /* Set up stdout as requested; leave stderr in place for now. */ + fd = -1; + if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) != 0) + fd = p[1]; + else if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0) + fd = devnull; + if (fd != -1 && dup2(fd, STDOUT_FILENO) == -1) { + error("%s: dup2: %s", tag, strerror(errno)); + _exit(1); + } + closefrom(STDERR_FILENO + 1); + + /* Don't use permanently_set_uid() here to avoid fatal() */ + if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) { + error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid, + strerror(errno)); + _exit(1); + } + if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) { + error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid, + strerror(errno)); + _exit(1); + } + /* stdin is pointed to /dev/null at this point */ + if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0 && + dup2(STDIN_FILENO, STDERR_FILENO) == -1) { + error("%s: dup2: %s", tag, strerror(errno)); + _exit(1); + } + + execve(av[0], av, child_env); + error("%s exec \"%s\": %s", tag, command, strerror(errno)); + _exit(127); + default: /* parent */ + break; + } + + close(p[1]); + if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) == 0) + close(p[0]); + else if ((f = fdopen(p[0], "r")) == NULL) { + error("%s: fdopen: %s", tag, strerror(errno)); + close(p[0]); + /* Don't leave zombie child */ + kill(pid, SIGTERM); + while (waitpid(pid, NULL, 0) == -1 && errno == EINTR) + ; + return 0; + } + /* Success */ + debug3("%s: %s pid %ld", __func__, tag, (long)pid); + if (child != NULL) + *child = f; + return pid; +} + +/* These functions link key/cert options to the auth framework */ + +/* Log sshauthopt options locally and (optionally) for remote transmission */ +void +auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote) +{ + int do_env = options.permit_user_env && opts->nenv > 0; + int do_permitopen = opts->npermitopen > 0 && + (options.allow_tcp_forwarding & FORWARD_LOCAL) != 0; + size_t i; + char msg[1024], buf[64]; + + snprintf(buf, sizeof(buf), "%d", opts->force_tun_device); + /* Try to keep this alphabetically sorted */ + snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s", + opts->permit_agent_forwarding_flag ? " agent-forwarding" : "", + opts->force_command == NULL ? "" : " command", + do_env ? " environment" : "", + opts->valid_before == 0 ? "" : "expires", + do_permitopen ? " permitopen" : "", + opts->permit_port_forwarding_flag ? " port-forwarding" : "", + opts->cert_principals == NULL ? "" : " principals", + opts->permit_pty_flag ? " pty" : "", + opts->force_tun_device == -1 ? "" : " tun=", + opts->force_tun_device == -1 ? "" : buf, + opts->permit_user_rc ? " user-rc" : "", + opts->permit_x11_forwarding_flag ? " x11-forwarding" : ""); + + debug("%s: %s", loc, msg); + if (do_remote) + auth_debug_add("%s: %s", loc, msg); + + if (options.permit_user_env) { + for (i = 0; i < opts->nenv; i++) { + debug("%s: environment: %s", loc, opts->env[i]); + if (do_remote) { + auth_debug_add("%s: environment: %s", + loc, opts->env[i]); + } + } + } + + /* Go into a little more details for the local logs. */ + if (opts->valid_before != 0) { + format_absolute_time(opts->valid_before, buf, sizeof(buf)); + debug("%s: expires at %s", loc, buf); + } + if (opts->cert_principals != NULL) { + debug("%s: authorized principals: \"%s\"", + loc, opts->cert_principals); + } + if (opts->force_command != NULL) + debug("%s: forced command: \"%s\"", loc, opts->force_command); + if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) { + for (i = 0; i < opts->npermitopen; i++) { + debug("%s: permitted open: %s", + loc, opts->permitopen[i]); + } + } +} + +/* Activate a new set of key/cert options; merging with what is there. */ +int +auth_activate_options(struct ssh *ssh, struct sshauthopt *opts) +{ + struct sshauthopt *old = auth_opts; + const char *emsg = NULL; + + debug("%s: setting new authentication options", __func__); + if ((auth_opts = sshauthopt_merge(old, opts, &emsg)) == NULL) { + error("Inconsistent authentication options: %s", emsg); + return -1; + } + return 0; +} + +/* Disable forwarding, etc for the session */ +void +auth_restrict_session(struct ssh *ssh) +{ + struct sshauthopt *restricted; + + debug("%s: restricting session", __func__); + + /* A blank sshauthopt defaults to permitting nothing */ + restricted = sshauthopt_new(); + restricted->restricted = 1; + + if (auth_activate_options(ssh, restricted) != 0) + fatal("%s: failed to restrict session", __func__); + sshauthopt_free(restricted); +} + +int +auth_authorise_keyopts(struct ssh *ssh, struct passwd *pw, + struct sshauthopt *opts, int allow_cert_authority, const char *loc) +{ + const char *remote_ip = ssh_remote_ipaddr(ssh); + const char *remote_host = auth_get_canonical_hostname(ssh, + options.use_dns); + time_t now = time(NULL); + char buf[64]; + + /* + * Check keys/principals file expiry time. + * NB. validity interval in certificate is handled elsewhere. + */ + if (opts->valid_before && now > 0 && + opts->valid_before < (uint64_t)now) { + format_absolute_time(opts->valid_before, buf, sizeof(buf)); + debug("%s: entry expired at %s", loc, buf); + auth_debug_add("%s: entry expired at %s", loc, buf); + return -1; + } + /* Consistency checks */ + if (opts->cert_principals != NULL && !opts->cert_authority) { + debug("%s: principals on non-CA key", loc); + auth_debug_add("%s: principals on non-CA key", loc); + /* deny access */ + return -1; + } + /* cert-authority flag isn't valid in authorized_principals files */ + if (!allow_cert_authority && opts->cert_authority) { + debug("%s: cert-authority flag invalid here", loc); + auth_debug_add("%s: cert-authority flag invalid here", loc); + /* deny access */ + return -1; + } + + /* Perform from= checks */ + if (opts->required_from_host_keys != NULL) { + switch (match_host_and_ip(remote_host, remote_ip, + opts->required_from_host_keys )) { + case 1: + /* Host name matches. */ + break; + case -1: + default: + debug("%s: invalid from criteria", loc); + auth_debug_add("%s: invalid from criteria", loc); + /* FALLTHROUGH */ + case 0: + logit("%s: Authentication tried for %.100s with " + "correct key but not from a permitted " + "host (host=%.200s, ip=%.200s, required=%.200s).", + loc, pw->pw_name, remote_host, remote_ip, + opts->required_from_host_keys); + auth_debug_add("%s: Your host '%.200s' is not " + "permitted to use this key for login.", + loc, remote_host); + /* deny access */ + return -1; + } + } + /* Check source-address restriction from certificate */ + if (opts->required_from_host_cert != NULL) { + switch (addr_match_cidr_list(remote_ip, + opts->required_from_host_cert)) { + case 1: + /* accepted */ + break; + case -1: + default: + /* invalid */ + error("%s: Certificate source-address invalid", + loc); + /* FALLTHROUGH */ + case 0: + logit("%s: Authentication tried for %.100s with valid " + "certificate but not from a permitted source " + "address (%.200s).", loc, pw->pw_name, remote_ip); + auth_debug_add("%s: Your address '%.200s' is not " + "permitted to use this certificate for login.", + loc, remote_ip); + return -1; + } + } + /* + * + * XXX this is spammy. We should report remotely only for keys + * that are successful in actual auth attempts, and not PK_OK + * tests. + */ + auth_log_authopts(loc, opts, 1); + + return 0; +} diff --git a/auth.h b/auth.h index 29835ae92750..23ce67cafe41 100644 --- a/auth.h +++ b/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.93 2017/08/18 05:36:45 djm Exp $ */ +/* $OpenBSD: auth.h,v 1.95 2018/03/03 03:15:51 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -42,9 +42,11 @@ #include #endif +struct passwd; struct ssh; -struct sshkey; struct sshbuf; +struct sshkey; +struct sshauthopt; typedef struct Authctxt Authctxt; typedef struct Authmethod Authmethod; @@ -128,11 +130,12 @@ struct KbdintDevice int auth_rhosts2(struct passwd *, const char *, const char *, const char *); -int auth_password(Authctxt *, const char *); +int auth_password(struct ssh *, const char *); int hostbased_key_allowed(struct passwd *, const char *, char *, struct sshkey *); -int user_key_allowed(struct passwd *, struct sshkey *, int); +int user_key_allowed(struct ssh *, struct passwd *, struct sshkey *, int, + struct sshauthopt **); int auth2_key_already_used(Authctxt *, const struct sshkey *); /* @@ -163,14 +166,12 @@ int auth_shadow_pwexpired(Authctxt *); #include "audit.h" void remove_kbdint_device(const char *); -void disable_forwarding(void); - void do_authentication2(Authctxt *); void auth_log(Authctxt *, int, int, const char *, const char *); void auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn)); void userauth_finish(struct ssh *, int, const char *, const char *); -int auth_root_allowed(const char *); +int auth_root_allowed(struct ssh *, const char *); void userauth_send_banner(const char *); @@ -214,14 +215,29 @@ int get_hostkey_index(struct sshkey *, int, struct ssh *); int sshd_hostkey_sign(struct sshkey *, struct sshkey *, u_char **, size_t *, const u_char *, size_t, const char *, u_int); +/* Key / cert options linkage to auth layer */ +const struct sshauthopt *auth_options(struct ssh *); +int auth_activate_options(struct ssh *, struct sshauthopt *); +void auth_restrict_session(struct ssh *); +int auth_authorise_keyopts(struct ssh *, struct passwd *pw, + struct sshauthopt *, int, const char *); +void auth_log_authopts(const char *, const struct sshauthopt *, int); + /* debug messages during authentication */ -void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); +void auth_debug_add(const char *fmt,...) + __attribute__((format(printf, 1, 2))); void auth_debug_send(void); void auth_debug_reset(void); struct passwd *fakepw(void); -int sys_auth_passwd(Authctxt *, const char *); +#define SSH_SUBPROCESS_STDOUT_DISCARD (1) /* Discard stdout */ +#define SSH_SUBPROCESS_STDOUT_CAPTURE (1<<1) /* Redirect stdout */ +#define SSH_SUBPROCESS_STDERR_DISCARD (1<<2) /* Discard stderr */ +pid_t subprocess(const char *, struct passwd *, + const char *, int, char **, FILE **, u_int flags); + +int sys_auth_passwd(struct ssh *, const char *); #define SKEY_PROMPT "\nS/Key Password: " diff --git a/auth2-hostbased.c b/auth2-hostbased.c index 92758b38c19d..8996f7e05211 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.31 2017/06/24 06:34:38 djm Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.33 2018/01/23 05:27:21 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -62,7 +62,7 @@ userauth_hostbased(struct ssh *ssh) Authctxt *authctxt = ssh->authctxt; struct sshbuf *b; struct sshkey *key = NULL; - char *pkalg, *cuser, *chost, *service; + char *pkalg, *cuser, *chost; u_char *pkblob, *sig; size_t alen, blen, slen; int r, pktype, authenticated = 0; @@ -118,15 +118,13 @@ userauth_hostbased(struct ssh *ssh) goto done; } - service = ssh->compat & SSH_BUG_HBSERVICE ? "ssh-userauth" : - authctxt->service; if ((b = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); /* reconstruct packet */ if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || (r = sshbuf_put_cstring(b, authctxt->user)) != 0 || - (r = sshbuf_put_cstring(b, service)) != 0 || + (r = sshbuf_put_cstring(b, authctxt->service)) != 0 || (r = sshbuf_put_cstring(b, "hostbased")) != 0 || (r = sshbuf_put_string(b, pkalg, alen)) != 0 || (r = sshbuf_put_string(b, pkblob, blen)) != 0 || @@ -144,7 +142,7 @@ userauth_hostbased(struct ssh *ssh) authenticated = 0; if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) && PRIVSEP(sshkey_verify(key, sig, slen, - sshbuf_ptr(b), sshbuf_len(b), ssh->compat)) == 0) + sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat)) == 0) authenticated = 1; auth2_record_key(authctxt, authenticated, key); diff --git a/auth2-none.c b/auth2-none.c index 35d25fa6349f..8d4e9bb8c815 100644 --- a/auth2-none.c +++ b/auth2-none.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-none.c,v 1.20 2017/05/30 14:29:59 markus Exp $ */ +/* $OpenBSD: auth2-none.c,v 1.21 2018/03/03 03:15:51 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -68,7 +68,7 @@ userauth_none(struct ssh *ssh) if ((r = sshpkt_get_end(ssh)) != 0) fatal("%s: %s", __func__, ssh_err(r)); if (options.permit_empty_passwd && options.password_authentication) - return (PRIVSEP(auth_password(ssh->authctxt, ""))); + return (PRIVSEP(auth_password(ssh, ""))); return (0); } diff --git a/auth2-passwd.c b/auth2-passwd.c index 5f7ba32440b0..445016aec477 100644 --- a/auth2-passwd.c +++ b/auth2-passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-passwd.c,v 1.14 2017/05/30 14:29:59 markus Exp $ */ +/* $OpenBSD: auth2-passwd.c,v 1.15 2018/03/03 03:15:51 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -63,7 +63,7 @@ userauth_passwd(struct ssh *ssh) if (change) logit("password change not supported"); - else if (PRIVSEP(auth_password(ssh->authctxt, password)) == 1) + else if (PRIVSEP(auth_password(ssh, password)) == 1) authenticated = 1; explicit_bzero(password, len); free(password); diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 169839b01ed7..8024b1d6a976 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.71 2017/09/07 23:48:09 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.77 2018/03/03 03:15:51 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -73,42 +73,39 @@ extern ServerOptions options; extern u_char *session_id2; extern u_int session_id2_len; +static char * +format_key(const struct sshkey *key) +{ + char *ret, *fp = sshkey_fingerprint(key, + options.fingerprint_hash, SSH_FP_DEFAULT); + + xasprintf(&ret, "%s %s", sshkey_type(key), fp); + free(fp); + return ret; +} + static int userauth_pubkey(struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; + struct passwd *pw = authctxt->pw; struct sshbuf *b; struct sshkey *key = NULL; - char *pkalg, *userstyle = NULL, *fp = NULL; + char *pkalg, *userstyle = NULL, *key_s = NULL, *ca_s = NULL; u_char *pkblob, *sig, have_sig; size_t blen, slen; int r, pktype; int authenticated = 0; + struct sshauthopt *authopts = NULL; if (!authctxt->valid) { debug2("%s: disabled because of invalid user", __func__); return 0; } - if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0) - fatal("%s: sshpkt_get_u8 failed: %s", __func__, ssh_err(r)); - if (ssh->compat & SSH_BUG_PKAUTH) { - debug2("%s: SSH_BUG_PKAUTH", __func__); - if ((b = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); - /* no explicit pkalg given */ - /* so we have to extract the pkalg from the pkblob */ - /* XXX use sshbuf_from() */ - if ((r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 || - (r = sshbuf_put(b, pkblob, blen)) != 0 || - (r = sshbuf_get_cstring(b, &pkalg, NULL)) != 0) - fatal("%s: failed: %s", __func__, ssh_err(r)); - sshbuf_free(b); - } else { - if ((r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 || - (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0) - fatal("%s: sshpkt_get_cstring failed: %s", - __func__, ssh_err(r)); - } + if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 || + (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 || + (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0) + fatal("%s: parse request failed: %s", __func__, ssh_err(r)); pktype = sshkey_type_from_name(pkalg); if (pktype == KEY_UNSPEC) { /* this is perfectly legal */ @@ -135,7 +132,6 @@ userauth_pubkey(struct ssh *ssh) "signature scheme"); goto done; } - fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT); if (auth2_key_already_used(authctxt, key)) { logit("refusing previously-used %s key", sshkey_type(key)); goto done; @@ -147,9 +143,15 @@ userauth_pubkey(struct ssh *ssh) goto done; } + key_s = format_key(key); + if (sshkey_is_cert(key)) + ca_s = format_key(key->cert->signature_key); + if (have_sig) { - debug3("%s: have signature for %s %s", - __func__, sshkey_type(key), fp); + debug3("%s: have %s signature for %s%s%s", + __func__, pkalg, key_s, + ca_s == NULL ? "" : " CA ", + ca_s == NULL ? "" : ca_s); if ((r = sshpkt_get_string(ssh, &sig, &slen)) != 0 || (r = sshpkt_get_end(ssh)) != 0) fatal("%s: %s", __func__, ssh_err(r)); @@ -172,22 +174,11 @@ userauth_pubkey(struct ssh *ssh) authctxt->style ? authctxt->style : ""); if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || (r = sshbuf_put_cstring(b, userstyle)) != 0 || - (r = sshbuf_put_cstring(b, ssh->compat & SSH_BUG_PKSERVICE ? - "ssh-userauth" : authctxt->service)) != 0) - fatal("%s: build packet failed: %s", - __func__, ssh_err(r)); - if (ssh->compat & SSH_BUG_PKAUTH) { - if ((r = sshbuf_put_u8(b, have_sig)) != 0) - fatal("%s: build packet failed: %s", - __func__, ssh_err(r)); - } else { - if ((r = sshbuf_put_cstring(b, "publickey")) != 0 || - (r = sshbuf_put_u8(b, have_sig)) != 0 || - (r = sshbuf_put_cstring(b, pkalg) != 0)) - fatal("%s: build packet failed: %s", - __func__, ssh_err(r)); - } - if ((r = sshbuf_put_string(b, pkblob, blen)) != 0) + (r = sshbuf_put_cstring(b, authctxt->service)) != 0 || + (r = sshbuf_put_cstring(b, "publickey")) != 0 || + (r = sshbuf_put_u8(b, have_sig)) != 0 || + (r = sshbuf_put_cstring(b, pkalg) != 0) || + (r = sshbuf_put_string(b, pkblob, blen)) != 0) fatal("%s: build packet failed: %s", __func__, ssh_err(r)); #ifdef DEBUG_PK @@ -196,17 +187,20 @@ userauth_pubkey(struct ssh *ssh) /* test for correct signature */ authenticated = 0; - if (PRIVSEP(user_key_allowed(authctxt->pw, key, 1)) && + if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) && PRIVSEP(sshkey_verify(key, sig, slen, sshbuf_ptr(b), - sshbuf_len(b), ssh->compat)) == 0) { + sshbuf_len(b), NULL, ssh->compat)) == 0) { authenticated = 1; } sshbuf_free(b); free(sig); auth2_record_key(authctxt, authenticated, key); } else { - debug("%s: test whether pkalg/pkblob are acceptable for %s %s", - __func__, sshkey_type(key), fp); + debug("%s: test pkalg %s pkblob %s%s%s", + __func__, pkalg, key_s, + ca_s == NULL ? "" : " CA ", + ca_s == NULL ? "" : ca_s); + if ((r = sshpkt_get_end(ssh)) != 0) fatal("%s: %s", __func__, ssh_err(r)); @@ -218,7 +212,7 @@ userauth_pubkey(struct ssh *ssh) * if a user is not allowed to login. is this an * issue? -markus */ - if (PRIVSEP(user_key_allowed(authctxt->pw, key, 0))) { + if (PRIVSEP(user_key_allowed(ssh, pw, key, 0, NULL))) { if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_PK_OK)) != 0 || (r = sshpkt_put_cstring(ssh, pkalg)) != 0 || @@ -229,15 +223,20 @@ userauth_pubkey(struct ssh *ssh) authctxt->postponed = 1; } } - if (authenticated != 1) - auth_clear_options(); done: + if (authenticated == 1 && auth_activate_options(ssh, authopts) != 0) { + debug("%s: key options inconsistent with existing", __func__); + authenticated = 0; + } debug2("%s: authenticated %d pkalg %s", __func__, authenticated, pkalg); + + sshauthopt_free(authopts); sshkey_free(key); free(userstyle); free(pkalg); free(pkblob); - free(fp); + free(key_s); + free(ca_s); return authenticated; } @@ -261,18 +260,77 @@ match_principals_option(const char *principal_list, struct sshkey_cert *cert) return 0; } +/* + * Process a single authorized_principals format line. Returns 0 and sets + * authoptsp is principal is authorised, -1 otherwise. "loc" is used as a + * log preamble for file/line information. + */ +static int +check_principals_line(struct ssh *ssh, char *cp, const struct sshkey_cert *cert, + const char *loc, struct sshauthopt **authoptsp) +{ + u_int i, found = 0; + char *ep, *line_opts; + const char *reason = NULL; + struct sshauthopt *opts = NULL; + + if (authoptsp != NULL) + *authoptsp = NULL; + + /* Trim trailing whitespace. */ + ep = cp + strlen(cp) - 1; + while (ep > cp && (*ep == '\n' || *ep == ' ' || *ep == '\t')) + *ep-- = '\0'; + + /* + * If the line has internal whitespace then assume it has + * key options. + */ + line_opts = NULL; + if ((ep = strrchr(cp, ' ')) != NULL || + (ep = strrchr(cp, '\t')) != NULL) { + for (; *ep == ' ' || *ep == '\t'; ep++) + ; + line_opts = cp; + cp = ep; + } + if ((opts = sshauthopt_parse(line_opts, &reason)) == NULL) { + debug("%s: bad principals options: %s", loc, reason); + auth_debug_add("%s: bad principals options: %s", loc, reason); + return -1; + } + /* Check principals in cert against those on line */ + for (i = 0; i < cert->nprincipals; i++) { + if (strcmp(cp, cert->principals[i]) != 0) + continue; + debug3("%s: matched principal \"%.100s\"", + loc, cert->principals[i]); + found = 1; + } + if (found && authoptsp != NULL) { + *authoptsp = opts; + opts = NULL; + } + sshauthopt_free(opts); + return found ? 0 : -1; +} + static int -process_principals(FILE *f, const char *file, struct passwd *pw, - const struct sshkey_cert *cert) +process_principals(struct ssh *ssh, FILE *f, const char *file, + const struct sshkey_cert *cert, struct sshauthopt **authoptsp) { - char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts; + char loc[256], line[SSH_MAX_PUBKEY_BYTES], *cp, *ep; u_long linenum = 0; - u_int i, found_principal = 0; + u_int found_principal = 0; + + if (authoptsp != NULL) + *authoptsp = NULL; while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { /* Always consume entire input */ if (found_principal) continue; + /* Skip leading whitespace. */ for (cp = line; *cp == ' ' || *cp == '\t'; cp++) ; @@ -281,50 +339,33 @@ process_principals(FILE *f, const char *file, struct passwd *pw, *ep = '\0'; if (!*cp || *cp == '\n') continue; - /* Trim trailing whitespace. */ - ep = cp + strlen(cp) - 1; - while (ep > cp && (*ep == '\n' || *ep == ' ' || *ep == '\t')) - *ep-- = '\0'; - /* - * If the line has internal whitespace then assume it has - * key options. - */ - line_opts = NULL; - if ((ep = strrchr(cp, ' ')) != NULL || - (ep = strrchr(cp, '\t')) != NULL) { - for (; *ep == ' ' || *ep == '\t'; ep++) - ; - line_opts = cp; - cp = ep; - } - for (i = 0; i < cert->nprincipals; i++) { - if (strcmp(cp, cert->principals[i]) == 0) { - debug3("%s:%lu: matched principal \"%.100s\"", - file, linenum, cert->principals[i]); - if (auth_parse_options(pw, line_opts, - file, linenum) != 1) - continue; - found_principal = 1; - continue; - } - } + + snprintf(loc, sizeof(loc), "%.200s:%lu", file, linenum); + if (check_principals_line(ssh, cp, cert, loc, authoptsp) == 0) + found_principal = 1; } return found_principal; } +/* XXX remove pw args here and elsewhere once ssh->authctxt is guaranteed */ + static int -match_principals_file(char *file, struct passwd *pw, struct sshkey_cert *cert) +match_principals_file(struct ssh *ssh, struct passwd *pw, char *file, + struct sshkey_cert *cert, struct sshauthopt **authoptsp) { FILE *f; int success; + if (authoptsp != NULL) + *authoptsp = NULL; + temporarily_use_uid(pw); debug("trying authorized principals file %s", file); if ((f = auth_openprincipals(file, pw, options.strict_modes)) == NULL) { restore_uid(); return 0; } - success = process_principals(f, file, pw, cert); + success = process_principals(ssh, f, file, cert, authoptsp); fclose(f); restore_uid(); return success; @@ -335,12 +376,13 @@ match_principals_file(char *file, struct passwd *pw, struct sshkey_cert *cert) * returns 1 if the principal is allowed or 0 otherwise. */ static int -match_principals_command(struct passwd *user_pw, const struct sshkey *key) +match_principals_command(struct ssh *ssh, struct passwd *user_pw, + const struct sshkey *key, struct sshauthopt **authoptsp) { + struct passwd *runas_pw = NULL; const struct sshkey_cert *cert = key->cert; FILE *f = NULL; int r, ok, found_principal = 0; - struct passwd *pw; int i, ac = 0, uid_swapped = 0; pid_t pid; char *tmp, *username = NULL, *command = NULL, **av = NULL; @@ -348,6 +390,8 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key) char serial_s[16]; void (*osigchld)(int); + if (authoptsp != NULL) + *authoptsp = NULL; if (options.authorized_principals_command == NULL) return 0; if (options.authorized_principals_command_user == NULL) { @@ -365,8 +409,8 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key) /* Prepare and verify the user for the command */ username = percent_expand(options.authorized_principals_command_user, "u", user_pw->pw_name, (char *)NULL); - pw = getpwnam(username); - if (pw == NULL) { + runas_pw = getpwnam(username); + if (runas_pw == NULL) { error("AuthorizedPrincipalsCommandUser \"%s\" not found: %s", username, strerror(errno)); goto out; @@ -424,15 +468,15 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key) /* Prepare a printable command for logs, etc. */ command = argv_assemble(ac, av); - if ((pid = subprocess("AuthorizedPrincipalsCommand", pw, command, + if ((pid = subprocess("AuthorizedPrincipalsCommand", runas_pw, command, ac, av, &f, SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD)) == 0) goto out; uid_swapped = 1; - temporarily_use_uid(pw); + temporarily_use_uid(runas_pw); - ok = process_principals(f, "(command)", pw, cert); + ok = process_principals(ssh, f, "(command)", cert, authoptsp); fclose(f); f = NULL; @@ -459,132 +503,225 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key) free(keytext); return found_principal; } + +static void +skip_space(char **cpp) +{ + char *cp; + + for (cp = *cpp; *cp == ' ' || *cp == '\t'; cp++) + ; + *cpp = cp; +} + +/* + * Advanced *cpp past the end of key options, defined as the first unquoted + * whitespace character. Returns 0 on success or -1 on failure (e.g. + * unterminated quotes). + */ +static int +advance_past_options(char **cpp) +{ + char *cp = *cpp; + int quoted = 0; + + for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { + if (*cp == '\\' && cp[1] == '"') + cp++; /* Skip both */ + else if (*cp == '"') + quoted = !quoted; + } + *cpp = cp; + /* return failure for unterminated quotes */ + return (*cp == '\0' && quoted) ? -1 : 0; +} + +/* + * Check a single line of an authorized_keys-format file. Returns 0 if key + * matches, -1 otherwise. Will return key/cert options via *authoptsp + * on success. "loc" is used as file/line location in log messages. + */ +static int +check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key, + char *cp, const char *loc, struct sshauthopt **authoptsp) +{ + int want_keytype = sshkey_is_cert(key) ? KEY_UNSPEC : key->type; + struct sshkey *found = NULL; + struct sshauthopt *keyopts = NULL, *certopts = NULL, *finalopts = NULL; + char *key_options = NULL, *fp = NULL; + const char *reason = NULL; + int ret = -1; + + if (authoptsp != NULL) + *authoptsp = NULL; + + if ((found = sshkey_new(want_keytype)) == NULL) { + debug3("%s: keytype %d failed", __func__, want_keytype); + goto out; + } + + /* XXX djm: peek at key type in line and skip if unwanted */ + + if (sshkey_read(found, &cp) != 0) { + /* no key? check for options */ + debug2("%s: check options: '%s'", loc, cp); + key_options = cp; + if (advance_past_options(&cp) != 0) { + reason = "invalid key option string"; + goto fail_reason; + } + skip_space(&cp); + if (sshkey_read(found, &cp) != 0) { + /* still no key? advance to next line*/ + debug2("%s: advance: '%s'", loc, cp); + goto out; + } + } + /* Parse key options now; we need to know if this is a CA key */ + if ((keyopts = sshauthopt_parse(key_options, &reason)) == NULL) { + debug("%s: bad key options: %s", loc, reason); + auth_debug_add("%s: bad key options: %s", loc, reason); + goto out; + } + /* Ignore keys that don't match or incorrectly marked as CAs */ + if (sshkey_is_cert(key)) { + /* Certificate; check signature key against CA */ + if (!sshkey_equal(found, key->cert->signature_key) || + !keyopts->cert_authority) + goto out; + } else { + /* Plain key: check it against key found in file */ + if (!sshkey_equal(found, key) || keyopts->cert_authority) + goto out; + } + + /* We have a candidate key, perform authorisation checks */ + if ((fp = sshkey_fingerprint(found, + options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) + fatal("%s: fingerprint failed", __func__); + + debug("%s: matching %s found: %s %s", loc, + sshkey_is_cert(key) ? "CA" : "key", sshkey_type(found), fp); + + if (auth_authorise_keyopts(ssh, pw, keyopts, + sshkey_is_cert(key), loc) != 0) { + reason = "Refused by key options"; + goto fail_reason; + } + /* That's all we need for plain keys. */ + if (!sshkey_is_cert(key)) { + verbose("Accepted key %s %s found at %s", + sshkey_type(found), fp, loc); + finalopts = keyopts; + keyopts = NULL; + goto success; + } + + /* + * Additional authorisation for certificates. + */ + + /* Parse and check options present in certificate */ + if ((certopts = sshauthopt_from_cert(key)) == NULL) { + reason = "Invalid certificate options"; + goto fail_reason; + } + if (auth_authorise_keyopts(ssh, pw, certopts, 0, loc) != 0) { + reason = "Refused by certificate options"; + goto fail_reason; + } + if ((finalopts = sshauthopt_merge(keyopts, certopts, &reason)) == NULL) + goto fail_reason; + + /* + * If the user has specified a list of principals as + * a key option, then prefer that list to matching + * their username in the certificate principals list. + */ + if (keyopts->cert_principals != NULL && + !match_principals_option(keyopts->cert_principals, key->cert)) { + reason = "Certificate does not contain an authorized principal"; + goto fail_reason; + } + if (sshkey_cert_check_authority(key, 0, 0, + keyopts->cert_principals == NULL ? pw->pw_name : NULL, &reason) != 0) + goto fail_reason; + + verbose("Accepted certificate ID \"%s\" (serial %llu) " + "signed by CA %s %s found at %s", + key->cert->key_id, + (unsigned long long)key->cert->serial, + sshkey_type(found), fp, loc); + + success: + if (finalopts == NULL) + fatal("%s: internal error: missing options", __func__); + if (authoptsp != NULL) { + *authoptsp = finalopts; + finalopts = NULL; + } + /* success */ + ret = 0; + goto out; + + fail_reason: + error("%s", reason); + auth_debug_add("%s", reason); + out: + free(fp); + sshauthopt_free(keyopts); + sshauthopt_free(certopts); + sshauthopt_free(finalopts); + sshkey_free(found); + return ret; +} + /* * Checks whether key is allowed in authorized_keys-format file, * returns 1 if the key is allowed or 0 otherwise. */ static int -check_authkeys_file(FILE *f, char *file, struct sshkey *key, struct passwd *pw) +check_authkeys_file(struct ssh *ssh, struct passwd *pw, FILE *f, + char *file, struct sshkey *key, struct sshauthopt **authoptsp) { - char line[SSH_MAX_PUBKEY_BYTES]; + char *cp, line[SSH_MAX_PUBKEY_BYTES], loc[256]; int found_key = 0; u_long linenum = 0; - struct sshkey *found = NULL; - while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { - char *cp, *key_options = NULL, *fp = NULL; - const char *reason = NULL; + if (authoptsp != NULL) + *authoptsp = NULL; + while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { /* Always consume entire file */ if (found_key) continue; - if (found != NULL) - sshkey_free(found); - found = sshkey_new(sshkey_is_cert(key) ? KEY_UNSPEC : key->type); - if (found == NULL) - goto done; - auth_clear_options(); /* Skip leading whitespace, empty and comment lines. */ - for (cp = line; *cp == ' ' || *cp == '\t'; cp++) - ; + cp = line; + skip_space(&cp); if (!*cp || *cp == '\n' || *cp == '#') continue; - - if (sshkey_read(found, &cp) != 0) { - /* no key? check if there are options for this key */ - int quoted = 0; - debug2("user_key_allowed: check options: '%s'", cp); - key_options = cp; - for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { - if (*cp == '\\' && cp[1] == '"') - cp++; /* Skip both */ - else if (*cp == '"') - quoted = !quoted; - } - /* Skip remaining whitespace. */ - for (; *cp == ' ' || *cp == '\t'; cp++) - ; - if (sshkey_read(found, &cp) != 0) { - debug2("user_key_allowed: advance: '%s'", cp); - /* still no key? advance to next line*/ - continue; - } - } - if (sshkey_is_cert(key)) { - if (!sshkey_equal(found, key->cert->signature_key)) - continue; - if (auth_parse_options(pw, key_options, file, - linenum) != 1) - continue; - if (!key_is_cert_authority) - continue; - if ((fp = sshkey_fingerprint(found, - options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) - continue; - debug("matching CA found: file %s, line %lu, %s %s", - file, linenum, sshkey_type(found), fp); - /* - * If the user has specified a list of principals as - * a key option, then prefer that list to matching - * their username in the certificate principals list. - */ - if (authorized_principals != NULL && - !match_principals_option(authorized_principals, - key->cert)) { - reason = "Certificate does not contain an " - "authorized principal"; - fail_reason: - free(fp); - error("%s", reason); - auth_debug_add("%s", reason); - continue; - } - if (sshkey_cert_check_authority(key, 0, 0, - authorized_principals == NULL ? pw->pw_name : NULL, - &reason) != 0) - goto fail_reason; - if (auth_cert_options(key, pw, &reason) != 0) - goto fail_reason; - verbose("Accepted certificate ID \"%s\" (serial %llu) " - "signed by %s CA %s via %s", key->cert->key_id, - (unsigned long long)key->cert->serial, - sshkey_type(found), fp, file); - free(fp); - found_key = 1; - break; - } else if (sshkey_equal(found, key)) { - if (auth_parse_options(pw, key_options, file, - linenum) != 1) - continue; - if (key_is_cert_authority) - continue; - if ((fp = sshkey_fingerprint(found, - options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) - continue; - debug("matching key found: file %s, line %lu %s %s", - file, linenum, sshkey_type(found), fp); - free(fp); + snprintf(loc, sizeof(loc), "%.200s:%lu", file, linenum); + if (check_authkey_line(ssh, pw, key, cp, loc, authoptsp) == 0) found_key = 1; - continue; - } } - done: - if (found != NULL) - sshkey_free(found); - if (!found_key) - debug2("key not found"); return found_key; } /* Authenticate a certificate key against TrustedUserCAKeys */ static int -user_cert_trusted_ca(struct passwd *pw, struct sshkey *key) +user_cert_trusted_ca(struct ssh *ssh, struct passwd *pw, struct sshkey *key, + struct sshauthopt **authoptsp) { char *ca_fp, *principals_file = NULL; const char *reason; + struct sshauthopt *principals_opts = NULL, *cert_opts = NULL; + struct sshauthopt *final_opts = NULL; int r, ret = 0, found_principal = 0, use_authorized_principals; + if (authoptsp != NULL) + *authoptsp = NULL; + if (!sshkey_is_cert(key) || options.trusted_user_ca_keys == NULL) return 0; @@ -605,36 +742,69 @@ user_cert_trusted_ca(struct passwd *pw, struct sshkey *key) * against the username. */ if ((principals_file = authorized_principals_file(pw)) != NULL) { - if (match_principals_file(principals_file, pw, key->cert)) + if (match_principals_file(ssh, pw, principals_file, + key->cert, &principals_opts)) found_principal = 1; } /* Try querying command if specified */ - if (!found_principal && match_principals_command(pw, key)) + if (!found_principal && match_principals_command(ssh, pw, key, + &principals_opts)) found_principal = 1; /* If principals file or command is specified, then require a match */ use_authorized_principals = principals_file != NULL || options.authorized_principals_command != NULL; if (!found_principal && use_authorized_principals) { reason = "Certificate does not contain an authorized principal"; - fail_reason: - error("%s", reason); - auth_debug_add("%s", reason); - goto out; + goto fail_reason; } + if (use_authorized_principals && principals_opts == NULL) + fatal("%s: internal error: missing principals_opts", __func__); if (sshkey_cert_check_authority(key, 0, 1, use_authorized_principals ? NULL : pw->pw_name, &reason) != 0) goto fail_reason; - if (auth_cert_options(key, pw, &reason) != 0) + + /* Check authority from options in key and from principals file/cmd */ + if ((cert_opts = sshauthopt_from_cert(key)) == NULL) { + reason = "Invalid certificate options"; + goto fail_reason; + } + if (auth_authorise_keyopts(ssh, pw, cert_opts, 0, "cert") != 0) { + reason = "Refused by certificate options"; goto fail_reason; + } + if (principals_opts == NULL) { + final_opts = cert_opts; + cert_opts = NULL; + } else { + if (auth_authorise_keyopts(ssh, pw, principals_opts, 0, + "principals") != 0) { + reason = "Refused by certificate principals options"; + goto fail_reason; + } + if ((final_opts = sshauthopt_merge(principals_opts, + cert_opts, &reason)) == NULL) { + fail_reason: + error("%s", reason); + auth_debug_add("%s", reason); + goto out; + } + } + /* Success */ verbose("Accepted certificate ID \"%s\" (serial %llu) signed by " "%s CA %s via %s", key->cert->key_id, (unsigned long long)key->cert->serial, sshkey_type(key->cert->signature_key), ca_fp, options.trusted_user_ca_keys); + if (authoptsp != NULL) { + *authoptsp = final_opts; + final_opts = NULL; + } ret = 1; - out: + sshauthopt_free(principals_opts); + sshauthopt_free(cert_opts); + sshauthopt_free(final_opts); free(principals_file); free(ca_fp); return ret; @@ -645,17 +815,22 @@ user_cert_trusted_ca(struct passwd *pw, struct sshkey *key) * returns 1 if the key is allowed or 0 otherwise. */ static int -user_key_allowed2(struct passwd *pw, struct sshkey *key, char *file) +user_key_allowed2(struct ssh *ssh, struct passwd *pw, struct sshkey *key, + char *file, struct sshauthopt **authoptsp) { FILE *f; int found_key = 0; + if (authoptsp != NULL) + *authoptsp = NULL; + /* Temporarily use the user's uid. */ temporarily_use_uid(pw); debug("trying public key file %s", file); if ((f = auth_openkeyfile(file, pw, options.strict_modes)) != NULL) { - found_key = check_authkeys_file(f, file, key, pw); + found_key = check_authkeys_file(ssh, pw, f, file, + key, authoptsp); fclose(f); } @@ -668,17 +843,20 @@ user_key_allowed2(struct passwd *pw, struct sshkey *key, char *file) * returns 1 if the key is allowed or 0 otherwise. */ static int -user_key_command_allowed2(struct passwd *user_pw, struct sshkey *key) +user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw, + struct sshkey *key, struct sshauthopt **authoptsp) { + struct passwd *runas_pw = NULL; FILE *f = NULL; int r, ok, found_key = 0; - struct passwd *pw; int i, uid_swapped = 0, ac = 0; pid_t pid; char *username = NULL, *key_fp = NULL, *keytext = NULL; char *tmp, *command = NULL, **av = NULL; void (*osigchld)(int); + if (authoptsp != NULL) + *authoptsp = NULL; if (options.authorized_keys_command == NULL) return 0; if (options.authorized_keys_command_user == NULL) { @@ -695,8 +873,8 @@ user_key_command_allowed2(struct passwd *user_pw, struct sshkey *key) /* Prepare and verify the user for the command */ username = percent_expand(options.authorized_keys_command_user, "u", user_pw->pw_name, (char *)NULL); - pw = getpwnam(username); - if (pw == NULL) { + runas_pw = getpwnam(username); + if (runas_pw == NULL) { error("AuthorizedKeysCommandUser \"%s\" not found: %s", username, strerror(errno)); goto out; @@ -754,15 +932,16 @@ user_key_command_allowed2(struct passwd *user_pw, struct sshkey *key) xasprintf(&command, "%s %s", av[0], av[1]); } - if ((pid = subprocess("AuthorizedKeysCommand", pw, command, + if ((pid = subprocess("AuthorizedKeysCommand", runas_pw, command, ac, av, &f, SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD)) == 0) goto out; uid_swapped = 1; - temporarily_use_uid(pw); + temporarily_use_uid(runas_pw); - ok = check_authkeys_file(f, options.authorized_keys_command, key, pw); + ok = check_authkeys_file(ssh, user_pw, f, + options.authorized_keys_command, key, authoptsp); fclose(f); f = NULL; @@ -792,10 +971,14 @@ user_key_command_allowed2(struct passwd *user_pw, struct sshkey *key) * Check whether key authenticates and authorises the user. */ int -user_key_allowed(struct passwd *pw, struct sshkey *key, int auth_attempt) +user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key, + int auth_attempt, struct sshauthopt **authoptsp) { u_int success, i; char *file; + struct sshauthopt *opts = NULL; + if (authoptsp != NULL) + *authoptsp = NULL; if (auth_key_is_revoked(key)) return 0; @@ -803,25 +986,31 @@ user_key_allowed(struct passwd *pw, struct sshkey *key, int auth_attempt) auth_key_is_revoked(key->cert->signature_key)) return 0; - success = user_cert_trusted_ca(pw, key); - if (success) - return success; + if ((success = user_cert_trusted_ca(ssh, pw, key, &opts)) != 0) + goto out; + sshauthopt_free(opts); + opts = NULL; - success = user_key_command_allowed2(pw, key); - if (success > 0) - return success; + if ((success = user_key_command_allowed2(ssh, pw, key, &opts)) != 0) + goto out; + sshauthopt_free(opts); + opts = NULL; for (i = 0; !success && i < options.num_authkeys_files; i++) { - if (strcasecmp(options.authorized_keys_files[i], "none") == 0) continue; file = expand_authorized_keys( options.authorized_keys_files[i], pw); - - success = user_key_allowed2(pw, key, file); + success = user_key_allowed2(ssh, pw, key, file, &opts); free(file); } + out: + if (success && authoptsp != NULL) { + *authoptsp = opts; + opts = NULL; + } + sshauthopt_free(opts); return success; } diff --git a/auth2.c b/auth2.c index 862e09960b29..e0034229a0c1 100644 --- a/auth2.c +++ b/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.143 2017/06/24 06:34:38 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.145 2018/03/03 03:15:51 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -138,9 +138,6 @@ auth2_read_banner(void) void userauth_send_banner(const char *msg) { - if (datafellows & SSH_BUG_BANNER) - return; - packet_start(SSH2_MSG_USERAUTH_BANNER); packet_put_cstring(msg); packet_put_cstring(""); /* language, unused */ @@ -153,7 +150,7 @@ userauth_banner(void) { char *banner = NULL; - if (options.banner == NULL || (datafellows & SSH_BUG_BANNER) != 0) + if (options.banner == NULL) return; if ((banner = PRIVSEP(auth2_read_banner())) == NULL) @@ -313,7 +310,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, /* Special handling for root */ if (authenticated && authctxt->pw->pw_uid == 0 && - !auth_root_allowed(method)) { + !auth_root_allowed(ssh, method)) { authenticated = 0; #ifdef SSH_AUDIT_EVENTS PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED)); @@ -352,13 +349,6 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, } #endif -#ifdef _UNICOS - if (authenticated && cray_access_denied(authctxt->user)) { - authenticated = 0; - fatal("Access denied for user %s.", authctxt->user); - } -#endif /* _UNICOS */ - if (authenticated == 1) { /* turn off userauth */ ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore); @@ -369,7 +359,6 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, authctxt->success = 1; ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user); } else { - /* Allow initial try of "none" auth without failure penalty */ if (!partial && !authctxt->server_caused_failure && (authctxt->attempt > 1 || strcmp(method, "none") != 0)) diff --git a/authfd.c b/authfd.c index a460fa350c8a..1eff7ba94e01 100644 --- a/authfd.c +++ b/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.105 2017/07/01 13:50:45 djm Exp $ */ +/* $OpenBSD: authfd.c,v 1.108 2018/02/23 15:58:37 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -129,7 +129,7 @@ ssh_request_reply(int sock, struct sshbuf *request, struct sshbuf *reply) /* Get the length of the message, and format it in the buffer. */ len = sshbuf_len(request); - put_u32(buf, len); + POKE_U32(buf, len); /* Send the length and then the packet to the agent. */ if (atomicio(vwrite, sock, buf, 4) != 4 || @@ -144,7 +144,7 @@ ssh_request_reply(int sock, struct sshbuf *request, struct sshbuf *reply) return SSH_ERR_AGENT_COMMUNICATION; /* Extract the length, and check it for sanity. */ - len = get_u32(buf); + len = PEEK_U32(buf); if (len > MAX_AGENT_REPLY_LEN) return SSH_ERR_INVALID_FORMAT; @@ -353,8 +353,6 @@ ssh_agent_sign(int sock, const struct sshkey *key, if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE) return SSH_ERR_INVALID_ARGUMENT; - if (compat & SSH_BUG_SIGBLOB) - flags |= SSH_AGENT_OLD_SIGNATURE; if ((msg = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) @@ -393,19 +391,7 @@ ssh_agent_sign(int sock, const struct sshkey *key, static int -ssh_encode_identity_ssh2(struct sshbuf *b, struct sshkey *key, - const char *comment) -{ - int r; - - if ((r = sshkey_private_serialize(key, b)) != 0 || - (r = sshbuf_put_cstring(b, comment)) != 0) - return r; - return 0; -} - -static int -encode_constraints(struct sshbuf *m, u_int life, u_int confirm) +encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign) { int r; @@ -418,6 +404,11 @@ encode_constraints(struct sshbuf *m, u_int life, u_int confirm) if ((r = sshbuf_put_u8(m, SSH_AGENT_CONSTRAIN_CONFIRM)) != 0) goto out; } + if (maxsign != 0) { + if ((r = sshbuf_put_u8(m, SSH_AGENT_CONSTRAIN_MAXSIGN)) != 0 || + (r = sshbuf_put_u32(m, maxsign)) != 0) + goto out; + } r = 0; out: return r; @@ -428,11 +419,11 @@ encode_constraints(struct sshbuf *m, u_int life, u_int confirm) * This call is intended only for use by ssh-add(1) and like applications. */ int -ssh_add_identity_constrained(int sock, struct sshkey *key, const char *comment, - u_int life, u_int confirm) +ssh_add_identity_constrained(int sock, const struct sshkey *key, + const char *comment, u_int life, u_int confirm, u_int maxsign) { struct sshbuf *msg; - int r, constrained = (life || confirm); + int r, constrained = (life || confirm || maxsign); u_char type; if ((msg = sshbuf_new()) == NULL) @@ -449,11 +440,15 @@ ssh_add_identity_constrained(int sock, struct sshkey *key, const char *comment, #endif case KEY_ED25519: case KEY_ED25519_CERT: + case KEY_XMSS: + case KEY_XMSS_CERT: type = constrained ? SSH2_AGENTC_ADD_ID_CONSTRAINED : SSH2_AGENTC_ADD_IDENTITY; if ((r = sshbuf_put_u8(msg, type)) != 0 || - (r = ssh_encode_identity_ssh2(msg, key, comment)) != 0) + (r = sshkey_private_serialize_maxsign(key, msg, maxsign, + NULL)) != 0 || + (r = sshbuf_put_cstring(msg, comment)) != 0) goto out; break; default: @@ -461,7 +456,7 @@ ssh_add_identity_constrained(int sock, struct sshkey *key, const char *comment, goto out; } if (constrained && - (r = encode_constraints(msg, life, confirm)) != 0) + (r = encode_constraints(msg, life, confirm, maxsign)) != 0) goto out; if ((r = ssh_request_reply(sock, msg, msg)) != 0) goto out; @@ -539,7 +534,7 @@ ssh_update_card(int sock, int add, const char *reader_id, const char *pin, (r = sshbuf_put_cstring(msg, pin)) != 0) goto out; if (constrained && - (r = encode_constraints(msg, life, confirm)) != 0) + (r = encode_constraints(msg, life, confirm, 0)) != 0) goto out; if ((r = ssh_request_reply(sock, msg, msg)) != 0) goto out; diff --git a/authfd.h b/authfd.h index 43abf85dadfe..ab954ffc0a35 100644 --- a/authfd.h +++ b/authfd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.h,v 1.41 2017/06/28 01:09:22 djm Exp $ */ +/* $OpenBSD: authfd.h,v 1.43 2018/02/23 15:58:37 markus Exp $ */ /* * Author: Tatu Ylonen @@ -29,8 +29,8 @@ void ssh_close_authentication_socket(int sock); int ssh_lock_agent(int sock, int lock, const char *password); int ssh_fetch_identitylist(int sock, struct ssh_identitylist **idlp); void ssh_free_identitylist(struct ssh_identitylist *idl); -int ssh_add_identity_constrained(int sock, struct sshkey *key, - const char *comment, u_int life, u_int confirm); +int ssh_add_identity_constrained(int sock, const struct sshkey *key, + const char *comment, u_int life, u_int confirm, u_int maxsign); int ssh_remove_identity(int sock, struct sshkey *key); int ssh_update_card(int sock, int add, const char *reader_id, const char *pin, u_int life, u_int confirm); @@ -77,6 +77,7 @@ int ssh_agent_sign(int sock, const struct sshkey *key, #define SSH_AGENT_CONSTRAIN_LIFETIME 1 #define SSH_AGENT_CONSTRAIN_CONFIRM 2 +#define SSH_AGENT_CONSTRAIN_MAXSIGN 3 /* extended failure messages */ #define SSH2_AGENT_FAILURE 30 diff --git a/authfile.c b/authfile.c index d09b700d21d9..57dcd808c6bc 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.127 2017/07/01 13:50:45 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.128 2018/02/23 15:58:37 markus Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -191,6 +191,8 @@ sshkey_load_private_type(int type, const char *filename, const char *passphrase, *perm_ok = 1; r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp); + if (r == 0 && keyp && *keyp) + r = sshkey_set_filename(*keyp, filename); out: close(fd); return r; @@ -249,6 +251,9 @@ sshkey_load_private(const char *filename, const char *passphrase, (r = sshkey_parse_private_fileblob(buffer, passphrase, keyp, commentp)) != 0) goto out; + if (keyp && *keyp && + (r = sshkey_set_filename(*keyp, filename)) != 0) + goto out; r = 0; out: close(fd); @@ -397,6 +402,7 @@ sshkey_load_private_cert(int type, const char *filename, const char *passphrase, case KEY_ECDSA: #endif /* WITH_OPENSSL */ case KEY_ED25519: + case KEY_XMSS: case KEY_UNSPEC: break; default: diff --git a/bitmap.c b/bitmap.c index 5089b04070e7..5ecfe68b89bd 100644 --- a/bitmap.c +++ b/bitmap.c @@ -1,3 +1,4 @@ +/* $OpenBSD: bitmap.c,v 1.9 2017/10/20 01:56:39 djm Exp $ */ /* * Copyright (c) 2015 Damien Miller * diff --git a/bitmap.h b/bitmap.h index c1bb1741a4fe..336e90b06cce 100644 --- a/bitmap.h +++ b/bitmap.h @@ -1,3 +1,4 @@ +/* $OpenBSD: bitmap.h,v 1.2 2017/10/20 01:56:39 djm Exp $ */ /* * Copyright (c) 2015 Damien Miller * diff --git a/blocks.c b/blocks.c deleted file mode 100644 index ad93fe509980..000000000000 --- a/blocks.c +++ /dev/null @@ -1,248 +0,0 @@ -/* $OpenBSD: blocks.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ - -/* - * Public Domain, Author: Daniel J. Bernstein - * Copied from nacl-20110221/crypto_hashblocks/sha512/ref/blocks.c - */ - -#include "includes.h" - -#include "crypto_api.h" - -typedef unsigned long long uint64; - -static uint64 load_bigendian(const unsigned char *x) -{ - return - (uint64) (x[7]) \ - | (((uint64) (x[6])) << 8) \ - | (((uint64) (x[5])) << 16) \ - | (((uint64) (x[4])) << 24) \ - | (((uint64) (x[3])) << 32) \ - | (((uint64) (x[2])) << 40) \ - | (((uint64) (x[1])) << 48) \ - | (((uint64) (x[0])) << 56) - ; -} - -static void store_bigendian(unsigned char *x,uint64 u) -{ - x[7] = u; u >>= 8; - x[6] = u; u >>= 8; - x[5] = u; u >>= 8; - x[4] = u; u >>= 8; - x[3] = u; u >>= 8; - x[2] = u; u >>= 8; - x[1] = u; u >>= 8; - x[0] = u; -} - -#define SHR(x,c) ((x) >> (c)) -#define ROTR(x,c) (((x) >> (c)) | ((x) << (64 - (c)))) - -#define Ch(x,y,z) ((x & y) ^ (~x & z)) -#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z)) -#define Sigma0(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39)) -#define Sigma1(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41)) -#define sigma0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x,7)) -#define sigma1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x,6)) - -#define M(w0,w14,w9,w1) w0 = sigma1(w14) + w9 + sigma0(w1) + w0; - -#define EXPAND \ - M(w0 ,w14,w9 ,w1 ) \ - M(w1 ,w15,w10,w2 ) \ - M(w2 ,w0 ,w11,w3 ) \ - M(w3 ,w1 ,w12,w4 ) \ - M(w4 ,w2 ,w13,w5 ) \ - M(w5 ,w3 ,w14,w6 ) \ - M(w6 ,w4 ,w15,w7 ) \ - M(w7 ,w5 ,w0 ,w8 ) \ - M(w8 ,w6 ,w1 ,w9 ) \ - M(w9 ,w7 ,w2 ,w10) \ - M(w10,w8 ,w3 ,w11) \ - M(w11,w9 ,w4 ,w12) \ - M(w12,w10,w5 ,w13) \ - M(w13,w11,w6 ,w14) \ - M(w14,w12,w7 ,w15) \ - M(w15,w13,w8 ,w0 ) - -#define F(w,k) \ - T1 = h + Sigma1(e) + Ch(e,f,g) + k + w; \ - T2 = Sigma0(a) + Maj(a,b,c); \ - h = g; \ - g = f; \ - f = e; \ - e = d + T1; \ - d = c; \ - c = b; \ - b = a; \ - a = T1 + T2; - -int crypto_hashblocks_sha512(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen) -{ - uint64 state[8]; - uint64 a; - uint64 b; - uint64 c; - uint64 d; - uint64 e; - uint64 f; - uint64 g; - uint64 h; - uint64 T1; - uint64 T2; - - a = load_bigendian(statebytes + 0); state[0] = a; - b = load_bigendian(statebytes + 8); state[1] = b; - c = load_bigendian(statebytes + 16); state[2] = c; - d = load_bigendian(statebytes + 24); state[3] = d; - e = load_bigendian(statebytes + 32); state[4] = e; - f = load_bigendian(statebytes + 40); state[5] = f; - g = load_bigendian(statebytes + 48); state[6] = g; - h = load_bigendian(statebytes + 56); state[7] = h; - - while (inlen >= 128) { - uint64 w0 = load_bigendian(in + 0); - uint64 w1 = load_bigendian(in + 8); - uint64 w2 = load_bigendian(in + 16); - uint64 w3 = load_bigendian(in + 24); - uint64 w4 = load_bigendian(in + 32); - uint64 w5 = load_bigendian(in + 40); - uint64 w6 = load_bigendian(in + 48); - uint64 w7 = load_bigendian(in + 56); - uint64 w8 = load_bigendian(in + 64); - uint64 w9 = load_bigendian(in + 72); - uint64 w10 = load_bigendian(in + 80); - uint64 w11 = load_bigendian(in + 88); - uint64 w12 = load_bigendian(in + 96); - uint64 w13 = load_bigendian(in + 104); - uint64 w14 = load_bigendian(in + 112); - uint64 w15 = load_bigendian(in + 120); - - F(w0 ,0x428a2f98d728ae22ULL) - F(w1 ,0x7137449123ef65cdULL) - F(w2 ,0xb5c0fbcfec4d3b2fULL) - F(w3 ,0xe9b5dba58189dbbcULL) - F(w4 ,0x3956c25bf348b538ULL) - F(w5 ,0x59f111f1b605d019ULL) - F(w6 ,0x923f82a4af194f9bULL) - F(w7 ,0xab1c5ed5da6d8118ULL) - F(w8 ,0xd807aa98a3030242ULL) - F(w9 ,0x12835b0145706fbeULL) - F(w10,0x243185be4ee4b28cULL) - F(w11,0x550c7dc3d5ffb4e2ULL) - F(w12,0x72be5d74f27b896fULL) - F(w13,0x80deb1fe3b1696b1ULL) - F(w14,0x9bdc06a725c71235ULL) - F(w15,0xc19bf174cf692694ULL) - - EXPAND - - F(w0 ,0xe49b69c19ef14ad2ULL) - F(w1 ,0xefbe4786384f25e3ULL) - F(w2 ,0x0fc19dc68b8cd5b5ULL) - F(w3 ,0x240ca1cc77ac9c65ULL) - F(w4 ,0x2de92c6f592b0275ULL) - F(w5 ,0x4a7484aa6ea6e483ULL) - F(w6 ,0x5cb0a9dcbd41fbd4ULL) - F(w7 ,0x76f988da831153b5ULL) - F(w8 ,0x983e5152ee66dfabULL) - F(w9 ,0xa831c66d2db43210ULL) - F(w10,0xb00327c898fb213fULL) - F(w11,0xbf597fc7beef0ee4ULL) - F(w12,0xc6e00bf33da88fc2ULL) - F(w13,0xd5a79147930aa725ULL) - F(w14,0x06ca6351e003826fULL) - F(w15,0x142929670a0e6e70ULL) - - EXPAND - - F(w0 ,0x27b70a8546d22ffcULL) - F(w1 ,0x2e1b21385c26c926ULL) - F(w2 ,0x4d2c6dfc5ac42aedULL) - F(w3 ,0x53380d139d95b3dfULL) - F(w4 ,0x650a73548baf63deULL) - F(w5 ,0x766a0abb3c77b2a8ULL) - F(w6 ,0x81c2c92e47edaee6ULL) - F(w7 ,0x92722c851482353bULL) - F(w8 ,0xa2bfe8a14cf10364ULL) - F(w9 ,0xa81a664bbc423001ULL) - F(w10,0xc24b8b70d0f89791ULL) - F(w11,0xc76c51a30654be30ULL) - F(w12,0xd192e819d6ef5218ULL) - F(w13,0xd69906245565a910ULL) - F(w14,0xf40e35855771202aULL) - F(w15,0x106aa07032bbd1b8ULL) - - EXPAND - - F(w0 ,0x19a4c116b8d2d0c8ULL) - F(w1 ,0x1e376c085141ab53ULL) - F(w2 ,0x2748774cdf8eeb99ULL) - F(w3 ,0x34b0bcb5e19b48a8ULL) - F(w4 ,0x391c0cb3c5c95a63ULL) - F(w5 ,0x4ed8aa4ae3418acbULL) - F(w6 ,0x5b9cca4f7763e373ULL) - F(w7 ,0x682e6ff3d6b2b8a3ULL) - F(w8 ,0x748f82ee5defb2fcULL) - F(w9 ,0x78a5636f43172f60ULL) - F(w10,0x84c87814a1f0ab72ULL) - F(w11,0x8cc702081a6439ecULL) - F(w12,0x90befffa23631e28ULL) - F(w13,0xa4506cebde82bde9ULL) - F(w14,0xbef9a3f7b2c67915ULL) - F(w15,0xc67178f2e372532bULL) - - EXPAND - - F(w0 ,0xca273eceea26619cULL) - F(w1 ,0xd186b8c721c0c207ULL) - F(w2 ,0xeada7dd6cde0eb1eULL) - F(w3 ,0xf57d4f7fee6ed178ULL) - F(w4 ,0x06f067aa72176fbaULL) - F(w5 ,0x0a637dc5a2c898a6ULL) - F(w6 ,0x113f9804bef90daeULL) - F(w7 ,0x1b710b35131c471bULL) - F(w8 ,0x28db77f523047d84ULL) - F(w9 ,0x32caab7b40c72493ULL) - F(w10,0x3c9ebe0a15c9bebcULL) - F(w11,0x431d67c49c100d4cULL) - F(w12,0x4cc5d4becb3e42b6ULL) - F(w13,0x597f299cfc657e2aULL) - F(w14,0x5fcb6fab3ad6faecULL) - F(w15,0x6c44198c4a475817ULL) - - a += state[0]; - b += state[1]; - c += state[2]; - d += state[3]; - e += state[4]; - f += state[5]; - g += state[6]; - h += state[7]; - - state[0] = a; - state[1] = b; - state[2] = c; - state[3] = d; - state[4] = e; - state[5] = f; - state[6] = g; - state[7] = h; - - in += 128; - inlen -= 128; - } - - store_bigendian(statebytes + 0,state[0]); - store_bigendian(statebytes + 8,state[1]); - store_bigendian(statebytes + 16,state[2]); - store_bigendian(statebytes + 24,state[3]); - store_bigendian(statebytes + 32,state[4]); - store_bigendian(statebytes + 40,state[5]); - store_bigendian(statebytes + 48,state[6]); - store_bigendian(statebytes + 56,state[7]); - - return inlen; -} diff --git a/channels.c b/channels.c index 83442be06432..bdee1f3860a0 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.375 2017/09/24 13:45:34 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.379 2018/02/05 05:36:49 tb Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -436,10 +436,15 @@ channel_close_fd(struct ssh *ssh, int *fdp) static void channel_close_fds(struct ssh *ssh, Channel *c) { + int sock = c->sock, rfd = c->rfd, wfd = c->wfd, efd = c->efd; + channel_close_fd(ssh, &c->sock); - channel_close_fd(ssh, &c->rfd); - channel_close_fd(ssh, &c->wfd); - channel_close_fd(ssh, &c->efd); + if (rfd != sock) + channel_close_fd(ssh, &c->rfd); + if (wfd != sock && wfd != rfd) + channel_close_fd(ssh, &c->wfd); + if (efd != sock && efd != rfd && efd != wfd) + channel_close_fd(ssh, &c->efd); } static void @@ -1582,13 +1587,8 @@ channel_post_x11_listener(struct ssh *ssh, Channel *c, SSH_CHANNEL_OPENING, newsock, newsock, -1, c->local_window_max, c->local_maxpacket, 0, buf, 1); open_preamble(ssh, __func__, nc, "x11"); - if ((r = sshpkt_put_cstring(ssh, remote_ipaddr)) != 0) { - fatal("%s: channel %i: reply %s", __func__, - c->self, ssh_err(r)); - } - if ((datafellows & SSH_BUG_X11FWD) != 0) - debug2("channel %d: ssh2 x11 bug compat mode", nc->self); - else if ((r = sshpkt_put_u32(ssh, remote_port)) != 0) { + if ((r = sshpkt_put_cstring(ssh, remote_ipaddr)) != 0 || + (r = sshpkt_put_u32(ssh, remote_port)) != 0) { fatal("%s: channel %i: reply %s", __func__, c->self, ssh_err(r)); } @@ -1668,19 +1668,6 @@ port_open_helper(struct ssh *ssh, Channel *c, char *rtype) free(local_ipaddr); } -static void -channel_set_reuseaddr(int fd) -{ - int on = 1; - - /* - * Set socket options. - * Allow local port reuse in TIME_WAIT. - */ - if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1) - error("setsockopt SO_REUSEADDR fd %d: %s", fd, strerror(errno)); -} - void channel_set_x11_refuse_time(struct ssh *ssh, u_int refuse_time) { @@ -1837,15 +1824,13 @@ channel_post_connecting(struct ssh *ssh, Channel *c, if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN_FAILURE)) != 0 || (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || - (r = sshpkt_put_u32(ssh, SSH2_OPEN_CONNECT_FAILED)) - != 0) - fatal("%s: channel %i: failure: %s", __func__, - c->self, ssh_err(r)); - if ((datafellows & SSH_BUG_OPENFAILURE) == 0 && - ((r = sshpkt_put_cstring(ssh, strerror(err))) != 0 || - (r = sshpkt_put_cstring(ssh, "")) != 0)) + (r = sshpkt_put_u32(ssh, + SSH2_OPEN_CONNECT_FAILED)) != 0 || + (r = sshpkt_put_cstring(ssh, strerror(err))) != 0 || + (r = sshpkt_put_cstring(ssh, "")) != 0) { fatal("%s: channel %i: failure: %s", __func__, c->self, ssh_err(r)); + } if ((r = sshpkt_send(ssh)) != 0) fatal("%s: channel %i: %s", __func__, c->self, ssh_err(r)); @@ -3123,13 +3108,11 @@ channel_input_open_failure(int type, u_int32_t seq, struct ssh *ssh) error("%s: reason: %s", __func__, ssh_err(r)); packet_disconnect("Invalid open failure message"); } - if ((datafellows & SSH_BUG_OPENFAILURE) == 0) { - /* skip language */ - if ((r = sshpkt_get_cstring(ssh, &msg, NULL)) != 0 || - (r = sshpkt_get_string_direct(ssh, NULL, NULL)) != 0) { - error("%s: message/lang: %s", __func__, ssh_err(r)); - packet_disconnect("Invalid open failure message"); - } + /* skip language */ + if ((r = sshpkt_get_cstring(ssh, &msg, NULL)) != 0 || + (r = sshpkt_get_string_direct(ssh, NULL, NULL)) != 0) { + error("%s: message/lang: %s", __func__, ssh_err(r)); + packet_disconnect("Invalid open failure message"); } ssh_packet_check_eom(ssh); logit("channel %d: open failed: %s%s%s", c->self, @@ -3364,11 +3347,12 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type, sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); if (sock < 0) { /* this is no error since kernel may not support ipv6 */ - verbose("socket: %.100s", strerror(errno)); + verbose("socket [%s]:%s: %.100s", ntop, strport, + strerror(errno)); continue; } - channel_set_reuseaddr(sock); + set_reuseaddr(sock); if (ai->ai_family == AF_INET6) sock_set_v6only(sock); @@ -3382,9 +3366,11 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type, * already bound */ if (!ai->ai_next) - error("bind: %.100s", strerror(errno)); + error("bind [%s]:%s: %.100s", + ntop, strport, strerror(errno)); else - verbose("bind: %.100s", strerror(errno)); + verbose("bind [%s]:%s: %.100s", + ntop, strport, strerror(errno)); close(sock); continue; @@ -3392,6 +3378,8 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type, /* Start listening for connections on the socket. */ if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { error("listen: %.100s", strerror(errno)); + error("listen [%s]:%s: %.100s", ntop, strport, + strerror(errno)); close(sock); continue; } @@ -3672,15 +3660,9 @@ static const char * channel_rfwd_bind_host(const char *listen_host) { if (listen_host == NULL) { - if (datafellows & SSH_BUG_RFWD_ADDR) - return "127.0.0.1"; - else - return "localhost"; + return "localhost"; } else if (*listen_host == '\0' || strcmp(listen_host, "*") == 0) { - if (datafellows & SSH_BUG_RFWD_ADDR) - return "0.0.0.0"; - else - return ""; + return ""; } else return listen_host; } @@ -4439,7 +4421,7 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset, if (ai->ai_family == AF_INET6) sock_set_v6only(sock); if (x11_use_localhost) - channel_set_reuseaddr(sock); + set_reuseaddr(sock); if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { debug2("%s: bind port %d: %.100s", __func__, port, strerror(errno)); diff --git a/cipher.c b/cipher.c index c3cd5dcf4405..5787636161df 100644 --- a/cipher.c +++ b/cipher.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.c,v 1.107 2017/05/07 23:12:57 djm Exp $ */ +/* $OpenBSD: cipher.c,v 1.111 2018/02/23 15:58:37 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -310,8 +310,7 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher, } else { if (cc != NULL) { #ifdef WITH_OPENSSL - if (cc->evp != NULL) - EVP_CIPHER_CTX_free(cc->evp); + EVP_CIPHER_CTX_free(cc->evp); #endif /* WITH_OPENSSL */ explicit_bzero(cc, sizeof(*cc)); free(cc); @@ -402,7 +401,7 @@ cipher_get_length(struct sshcipher_ctx *cc, u_int *plenp, u_int seqnr, cp, len); if (len < 4) return SSH_ERR_MESSAGE_INCOMPLETE; - *plenp = get_u32(cp); + *plenp = PEEK_U32(cp); return 0; } @@ -416,10 +415,8 @@ cipher_free(struct sshcipher_ctx *cc) else if ((cc->cipher->flags & CFLAG_AESCTR) != 0) explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx)); #ifdef WITH_OPENSSL - if (cc->evp != NULL) { - EVP_CIPHER_CTX_free(cc->evp); - cc->evp = NULL; - } + EVP_CIPHER_CTX_free(cc->evp); + cc->evp = NULL; #endif explicit_bzero(cc, sizeof(*cc)); free(cc); @@ -449,9 +446,9 @@ cipher_get_keyiv_len(const struct sshcipher_ctx *cc) int cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) { - const struct sshcipher *c = cc->cipher; #ifdef WITH_OPENSSL - int evplen; + const struct sshcipher *c = cc->cipher; + int evplen; #endif if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { @@ -494,9 +491,9 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) int cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) { - const struct sshcipher *c = cc->cipher; #ifdef WITH_OPENSSL - int evplen = 0; + const struct sshcipher *c = cc->cipher; + int evplen = 0; #endif if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) diff --git a/clientloop.c b/clientloop.c index 791d336e359e..7bcf22e38692 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.305 2017/09/19 04:24:22 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.311 2018/02/11 21:16:56 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -210,7 +210,6 @@ static void window_change_handler(int sig) { received_window_change_signal = 1; - signal(SIGWINCH, window_change_handler); } /* @@ -225,19 +224,6 @@ signal_handler(int sig) quit_pending = 1; } -/* - * Returns current time in seconds from Jan 1, 1970 with the maximum - * available resolution. - */ - -static double -get_current_time(void) -{ - struct timeval tv; - gettimeofday(&tv, NULL); - return (double) tv.tv_sec + (double) tv.tv_usec / 1000000.0; -} - /* * Sets control_persist_exit_time to the absolute time when the * backgrounded control master should exit due to expiry of the @@ -1256,7 +1242,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, fatal("%s pledge(): %s", __func__, strerror(errno)); } - start_time = get_current_time(); + start_time = monotime_double(); /* Initialize variables. */ last_was_cr = 1; @@ -1445,7 +1431,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, buffer_free(&stderr_buffer); /* Report bytes transferred, and transfer rates. */ - total_time = get_current_time() - start_time; + total_time = monotime_double() - start_time; packet_get_bytes(&ibytes, &obytes); verbose("Transferred: sent %llu, received %llu bytes, in %.1f seconds", (unsigned long long)obytes, (unsigned long long)ibytes, total_time); @@ -1554,12 +1540,7 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan) return NULL; } originator = packet_get_string(NULL); - if (datafellows & SSH_BUG_X11FWD) { - debug2("buggy server: x11 request w/o originator_port"); - originator_port = 0; - } else { - originator_port = packet_get_int(); - } + originator_port = packet_get_int(); packet_check_eom(); /* XXX check permission */ debug("client_request_x11: request from %s %d", originator, @@ -1601,12 +1582,13 @@ client_request_agent(struct ssh *ssh, const char *request_type, int rchan) return c; } -int +char * client_request_tun_fwd(struct ssh *ssh, int tun_mode, int local_tun, int remote_tun) { Channel *c; int fd; + char *ifname = NULL; if (tun_mode == SSH_TUNMODE_NO) return 0; @@ -1614,10 +1596,11 @@ client_request_tun_fwd(struct ssh *ssh, int tun_mode, debug("Requesting tun unit %d in mode %d", local_tun, tun_mode); /* Open local tunnel device */ - if ((fd = tun_open(local_tun, tun_mode)) == -1) { + if ((fd = tun_open(local_tun, tun_mode, &ifname)) == -1) { error("Tunnel device open failed."); - return -1; + return NULL; } + debug("Tunnel forwarding using interface %s", ifname); c = channel_new(ssh, "tun", SSH_CHANNEL_OPENING, fd, fd, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); @@ -1638,7 +1621,7 @@ client_request_tun_fwd(struct ssh *ssh, int tun_mode, packet_put_int(remote_tun); packet_send(); - return 0; + return ifname; } /* XXXX move to generic input handler */ @@ -1689,10 +1672,8 @@ client_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); packet_put_int(rchan); packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED); - if (!(datafellows & SSH_BUG_OPENFAILURE)) { - packet_put_cstring("open failed"); - packet_put_cstring(""); - } + packet_put_cstring("open failed"); + packet_put_cstring(""); packet_send(); } free(ctype); @@ -1904,7 +1885,7 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type, struct hostkeys_update_ctx *ctx = (struct hostkeys_update_ctx *)_ctx; size_t i, ndone; struct sshbuf *signdata; - int r; + int r, kexsigtype, use_kexsigtype; const u_char *sig; size_t siglen; @@ -1916,6 +1897,9 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type, hostkeys_update_ctx_free(ctx); return; } + kexsigtype = sshkey_type_plain( + sshkey_type_from_name(ssh->kex->hostkey_alg)); + if ((signdata = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); /* Don't want to accidentally accept an unbound signature */ @@ -1944,8 +1928,15 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type, __func__, ssh_err(r)); goto out; } + /* + * For RSA keys, prefer to use the signature type negotiated + * during KEX to the default (SHA1). + */ + use_kexsigtype = kexsigtype == KEY_RSA && + sshkey_type_plain(ctx->keys[i]->type) == KEY_RSA; if ((r = sshkey_verify(ctx->keys[i], sig, siglen, - sshbuf_ptr(signdata), sshbuf_len(signdata), 0)) != 0) { + sshbuf_ptr(signdata), sshbuf_len(signdata), + use_kexsigtype ? ssh->kex->hostkey_alg : NULL, 0)) != 0) { error("%s: server gave bad signature for %s key %zu", __func__, sshkey_type(ctx->keys[i]), i); goto out; diff --git a/clientloop.h b/clientloop.h index a1975ccc8a16..8d1f0bff695d 100644 --- a/clientloop.h +++ b/clientloop.h @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.h,v 1.34 2017/09/12 06:32:07 djm Exp $ */ +/* $OpenBSD: clientloop.h,v 1.35 2017/10/23 05:08:00 djm Exp $ */ /* * Author: Tatu Ylonen @@ -46,7 +46,7 @@ int client_x11_get_proto(struct ssh *, const char *, const char *, void client_global_request_reply_fwd(int, u_int32_t, void *); void client_session2_setup(struct ssh *, int, int, int, const char *, struct termios *, int, Buffer *, char **); -int client_request_tun_fwd(struct ssh *, int, int, int); +char *client_request_tun_fwd(struct ssh *, int, int, int); void client_stop_mux(void); /* Escape filter for protocol 2 sessions */ diff --git a/compat.c b/compat.c index d82135e2b5e0..861e9e21fe0d 100644 --- a/compat.c +++ b/compat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.104 2017/07/25 09:22:25 dtucker Exp $ */ +/* $OpenBSD: compat.c,v 1.106 2018/02/16 04:43:11 dtucker Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -50,83 +50,20 @@ compat_datafellows(const char *version) char *pat; int bugs; } check[] = { - { "OpenSSH-2.0*," - "OpenSSH-2.1*," - "OpenSSH_2.1*," - "OpenSSH_2.2*", SSH_OLD_SESSIONID|SSH_BUG_BANNER| - SSH_OLD_DHGEX|SSH_BUG_NOREKEY| - SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, - { "OpenSSH_2.3.0*", SSH_BUG_BANNER|SSH_BUG_BIGENDIANAES| - SSH_OLD_DHGEX|SSH_BUG_NOREKEY| - SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, - { "OpenSSH_2.3.*", SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| - SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| - SSH_OLD_FORWARD_ADDR}, - { "OpenSSH_2.5.0p1*," - "OpenSSH_2.5.1p1*", - SSH_BUG_BIGENDIANAES|SSH_OLD_DHGEX| - SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| - SSH_OLD_FORWARD_ADDR}, - { "OpenSSH_2.5.0*," - "OpenSSH_2.5.1*," - "OpenSSH_2.5.2*", SSH_OLD_DHGEX|SSH_BUG_NOREKEY| - SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, - { "OpenSSH_2.5.3*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| - SSH_OLD_FORWARD_ADDR}, { "OpenSSH_2.*," "OpenSSH_3.0*," "OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, { "OpenSSH_3.*", SSH_OLD_FORWARD_ADDR }, { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, - { "OpenSSH_4*", 0 }, + { "OpenSSH_2*," + "OpenSSH_3*," + "OpenSSH_4*", 0 }, { "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT}, { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH}, { "OpenSSH_6.5*," "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD}, { "OpenSSH*", SSH_NEW_OPENSSH }, { "*MindTerm*", 0 }, - { "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| - SSH_OLD_SESSIONID|SSH_BUG_DEBUG| - SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE| - SSH_BUG_FIRSTKEX }, - { "2.1 *", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| - SSH_OLD_SESSIONID|SSH_BUG_DEBUG| - SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE| - SSH_BUG_FIRSTKEX }, - { "2.0.13*," - "2.0.14*," - "2.0.15*," - "2.0.16*," - "2.0.17*," - "2.0.18*," - "2.0.19*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| - SSH_OLD_SESSIONID|SSH_BUG_DEBUG| - SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| - SSH_BUG_PKOK|SSH_BUG_RSASIGMD5| - SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE| - SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX }, - { "2.0.11*," - "2.0.12*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| - SSH_OLD_SESSIONID|SSH_BUG_DEBUG| - SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| - SSH_BUG_PKAUTH|SSH_BUG_PKOK| - SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| - SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX }, - { "2.0.*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| - SSH_OLD_SESSIONID|SSH_BUG_DEBUG| - SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| - SSH_BUG_PKAUTH|SSH_BUG_PKOK| - SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE| - SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN| - SSH_BUG_FIRSTKEX }, - { "2.2.0*," - "2.3.0*", SSH_BUG_HMAC|SSH_BUG_DEBUG| - SSH_BUG_RSASIGMD5|SSH_BUG_FIRSTKEX }, - { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5| - SSH_BUG_FIRSTKEX }, - { "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */ - { "2.*", SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX| - SSH_BUG_RFWD_ADDR }, { "3.0.*", SSH_BUG_DEBUG }, { "3.0 SecureCRT*", SSH_OLD_SESSIONID }, { "1.7 SecureFX*", SSH_OLD_SESSIONID }, @@ -189,6 +126,8 @@ compat_datafellows(const char *version) "WinSCP_release_5.7.3," "WinSCP_release_5.7.4", SSH_OLD_DHGEX }, + { "ConfD-*", + SSH_BUG_UTF8TTYMODE }, { NULL, 0 } }; diff --git a/compat.h b/compat.h index 2e7830f1bc8c..4fee3495a5ae 100644 --- a/compat.h +++ b/compat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.h,v 1.49 2017/04/30 23:13:25 djm Exp $ */ +/* $OpenBSD: compat.h,v 1.51 2018/02/16 04:43:11 dtucker Exp $ */ /* * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. @@ -32,31 +32,31 @@ #define SSH_PROTO_1_PREFERRED 0x02 #define SSH_PROTO_2 0x04 -#define SSH_BUG_SIGBLOB 0x00000001 -#define SSH_BUG_PKSERVICE 0x00000002 -#define SSH_BUG_HMAC 0x00000004 -#define SSH_BUG_X11FWD 0x00000008 +#define SSH_BUG_UTF8TTYMODE 0x00000001 +/* #define unused 0x00000002 */ +/* #define unused 0x00000004 */ +/* #define unused 0x00000008 */ #define SSH_OLD_SESSIONID 0x00000010 -#define SSH_BUG_PKAUTH 0x00000020 +/* #define unused 0x00000020 */ #define SSH_BUG_DEBUG 0x00000040 -#define SSH_BUG_BANNER 0x00000080 +/* #define unused 0x00000080 */ #define SSH_BUG_IGNOREMSG 0x00000100 -#define SSH_BUG_PKOK 0x00000200 +/* #define unused 0x00000200 */ #define SSH_BUG_PASSWORDPAD 0x00000400 #define SSH_BUG_SCANNER 0x00000800 #define SSH_BUG_BIGENDIANAES 0x00001000 #define SSH_BUG_RSASIGMD5 0x00002000 #define SSH_OLD_DHGEX 0x00004000 #define SSH_BUG_NOREKEY 0x00008000 -#define SSH_BUG_HBSERVICE 0x00010000 -#define SSH_BUG_OPENFAILURE 0x00020000 -#define SSH_BUG_DERIVEKEY 0x00040000 -#define SSH_BUG_DUMMYCHAN 0x00100000 +/* #define unused 0x00010000 */ +/* #define unused 0x00020000 */ +/* #define unused 0x00040000 */ +/* #define unused 0x00100000 */ #define SSH_BUG_EXTEOF 0x00200000 #define SSH_BUG_PROBE 0x00400000 -#define SSH_BUG_FIRSTKEX 0x00800000 +/* #define unused 0x00800000 */ #define SSH_OLD_FORWARD_ADDR 0x01000000 -#define SSH_BUG_RFWD_ADDR 0x02000000 +/* #define unused 0x02000000 */ #define SSH_NEW_OPENSSH 0x04000000 #define SSH_BUG_DYNAMIC_RPORT 0x08000000 #define SSH_BUG_CURVE25519PAD 0x10000000 diff --git a/config.h.in b/config.h.in index 63fc548b5843..57208740787e 100644 --- a/config.h.in +++ b/config.h.in @@ -34,9 +34,6 @@ /* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */ #undef BROKEN_INET_NTOA -/* ia_uinfo routines not supported by OS yet */ -#undef BROKEN_LIBIAF - /* Define if your struct dirent expects you to allocate extra space for d_name */ #undef BROKEN_ONE_BYTE_DIRENT_D_NAME @@ -75,6 +72,12 @@ /* Define if your snprintf is busted */ #undef BROKEN_SNPRINTF +/* strndup broken, see APAR IY61211 */ +#undef BROKEN_STRNDUP + +/* strnlen broken, see APAR IY62551 */ +#undef BROKEN_STRNLEN + /* strnvis detected broken */ #undef BROKEN_STRNVIS @@ -132,6 +135,9 @@ /* Enable for PKCS#11 support */ #undef ENABLE_PKCS11 +/* define if fflush(NULL) does not work */ +#undef FFLUSH_NULL_BUG + /* File names may not contain backslash characters */ #undef FILESYSTEM_NO_BACKSLASH @@ -141,7 +147,7 @@ /* fsid_t has member __val */ #undef FSID_HAS___VAL -/* Define to 1 if the `getpgrp' function requires zero arguments. */ +/* getpgrp takes one arg */ #undef GETPGRP_VOID /* Conflicting defs for getspnam */ @@ -252,7 +258,10 @@ /* Define to 1 if you have the header file. */ #undef HAVE_BSTRING_H -/* calloc(x, 0) returns NULL */ +/* Define to 1 if you have the `bzero' function. */ +#undef HAVE_BZERO + +/* calloc(0, x) returns NULL */ #undef HAVE_CALLOC /* Define to 1 if you have the `cap_rights_limit' function. */ @@ -299,6 +308,10 @@ don't. */ #undef HAVE_DECL_AUTHENTICATE +/* Define to 1 if you have the declaration of `bzero', and to 0 if you don't. + */ +#undef HAVE_DECL_BZERO + /* Define to 1 if you have the declaration of `GLOB_NOMATCH', and to 0 if you don't. */ #undef HAVE_DECL_GLOB_NOMATCH @@ -347,6 +360,10 @@ don't. */ #undef HAVE_DECL_PASSWDEXPIRED +/* Define to 1 if you have the declaration of `readv', and to 0 if you don't. + */ +#undef HAVE_DECL_READV + /* Define to 1 if you have the declaration of `setauthdb', and to 0 if you don't. */ #undef HAVE_DECL_SETAUTHDB @@ -466,6 +483,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_FLOATINGPOINT_H +/* Define to 1 if you have the `flock' function. */ +#undef HAVE_FLOCK + /* Define to 1 if you have the `fmt_scaled' function. */ #undef HAVE_FMT_SCALED @@ -553,12 +573,12 @@ /* Define if getrrsetbyname() exists */ #undef HAVE_GETRRSETBYNAME -/* Define to 1 if you have the `getrusage' function. */ -#undef HAVE_GETRUSAGE - /* Define to 1 if you have the `getseuserbyname' function. */ #undef HAVE_GETSEUSERBYNAME +/* Define to 1 if you have the `getsid' function. */ +#undef HAVE_GETSID + /* Define to 1 if you have the `gettimeofday' function. */ #undef HAVE_GETTIMEOFDAY @@ -640,6 +660,9 @@ /* Define if you have ut_id in utmpx.h */ #undef HAVE_ID_IN_UTMPX +/* Define to 1 if you have the header file. */ +#undef HAVE_IFADDRS_H + /* Define to 1 if you have the `inet_aton' function. */ #undef HAVE_INET_ATON @@ -821,6 +844,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_NET_IF_TUN_H +/* Define to 1 if you have the header file. */ +#undef HAVE_NET_ROUTE_H + /* Define if you are on NeXT */ #undef HAVE_NEXT @@ -903,6 +929,9 @@ /* Define to 1 if you have the `pututxline' function. */ #undef HAVE_PUTUTXLINE +/* Define to 1 if you have the `raise' function. */ +#undef HAVE_RAISE + /* Define to 1 if you have the `readpassphrase' function. */ #undef HAVE_READPASSPHRASE @@ -1120,6 +1149,9 @@ /* Define to 1 if you have the `strmode' function. */ #undef HAVE_STRMODE +/* Define to 1 if you have the `strndup' function. */ +#undef HAVE_STRNDUP + /* Define to 1 if you have the `strnlen' function. */ #undef HAVE_STRNLEN @@ -1174,6 +1206,9 @@ /* define if you have struct sockaddr_storage data type */ #undef HAVE_STRUCT_SOCKADDR_STORAGE +/* Define to 1 if `f_flags' is a member of `struct statfs'. */ +#undef HAVE_STRUCT_STATFS_F_FLAGS + /* Define to 1 if `st_blksize' is a member of `struct stat'. */ #undef HAVE_STRUCT_STAT_ST_BLKSIZE @@ -1219,6 +1254,12 @@ /* Define if your system defines sys_errlist[] */ #undef HAVE_SYS_ERRLIST +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_FILE_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_LABEL_H + /* Define to 1 if you have the header file. */ #undef HAVE_SYS_MMAN_H @@ -1264,6 +1305,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_SYS_STRTIO_H +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_SYSCTL_H + /* Force use of sys/syslog.h on Ultrix */ #undef HAVE_SYS_SYSLOG_H @@ -1282,6 +1326,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_SYS_UN_H +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_VFS_H + /* Define to 1 if you have the `tcgetpgrp' function. */ #undef HAVE_TCGETPGRP @@ -1496,12 +1543,12 @@ /* Need setpgrp to acquire controlling tty */ #undef NEED_SETPGRP +/* compiler does not accept __attribute__ on protoype args */ +#undef NO_ATTRIBUTE_ON_PROTOTYPE_ARGS + /* compiler does not accept __attribute__ on return types */ #undef NO_ATTRIBUTE_ON_RETURN_TYPE -/* Define if you don't want to use lastlog in session.c */ -#undef NO_SSH_LASTLOG - /* Define to disable UID restoration test */ #undef NO_UID_RESTORATION_TEST @@ -1681,6 +1728,9 @@ /* syslog_r function is safe to use in in a signal handler */ #undef SYSLOG_R_SAFE_IN_SIGHAND +/* Support routing domains using Linux VRF */ +#undef SYS_RDOMAIN_LINUX + /* Support passwords > 8 chars */ #undef UNIXWARE_LONG_PASSWORDS diff --git a/configure b/configure index b2c2c3b91745..5f5536fa4e32 100755 --- a/configure +++ b/configure @@ -624,6 +624,7 @@ ac_includes_default="\ #endif" ac_subst_vars='LTLIBOBJS +DEPEND UNSUPPORTED_ALGORITHMS TEST_MALLOC_OPTIONS TEST_SSH_UTF8 @@ -663,11 +664,11 @@ SH TEST_MINUS_S_SH ENT SED -PERL KILL CAT ac_ct_AR AR +MKDIR_P INSTALL_DATA INSTALL_SCRIPT INSTALL_PROGRAM @@ -1473,7 +1474,7 @@ Optional Packages: --with-superuser-path= Specify different path for super-user --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses --with-bsd-auth Enable BSD auth support - --with-pid-dir=PATH Specify location of ssh.pid file + --with-pid-dir=PATH Specify location of sshd.pid file --with-lastlog=FILE|DIR specify lastlog location common locations Some influential environment variables: @@ -4564,6 +4565,48 @@ $as_echo "$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5 +$as_echo_n "checking for a thread-safe mkdir -p... " >&6; } +if test -z "$MKDIR_P"; then + if ${ac_cv_path_mkdir+:} false; then : + $as_echo_n "(cached) " >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in mkdir gmkdir; do + for ac_exec_ext in '' $ac_executable_extensions; do + as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue + case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( + 'mkdir (GNU coreutils) '* | \ + 'mkdir (coreutils) '* | \ + 'mkdir (fileutils) '4.1*) + ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext + break 3;; + esac + done + done + done +IFS=$as_save_IFS + +fi + + test -d ./--version && rmdir ./--version + if test "${ac_cv_path_mkdir+set}" = set; then + MKDIR_P="$ac_cv_path_mkdir -p" + else + # As a last resort, use the slow shell script. Don't cache a + # value for MKDIR_P within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + MKDIR_P="$ac_install_sh -d" + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 +$as_echo "$MKDIR_P" >&6; } + if test -n "$ac_tool_prefix"; then for ac_prog in ar do @@ -4744,51 +4787,6 @@ $as_echo "no" >&6; } fi -for ac_prog in perl5 perl -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_PERL+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $PERL in - [\\/]* | ?:[\\/]*) - ac_cv_path_PERL="$PERL" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_PERL="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -PERL=$ac_cv_path_PERL -if test -n "$PERL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5 -$as_echo "$PERL" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$PERL" && break -done - # Extract the first word of "sed", so it can be a program name with args. set dummy sed; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 @@ -4829,7 +4827,6 @@ $as_echo "no" >&6; } fi - # Extract the first word of "ent", so it can be a program name with args. set dummy ent; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 @@ -6222,6 +6219,172 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext } if test "x$use_toolchain_hardening" = "x1"; then + { + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -mfunction-return=thunk" >&5 +$as_echo_n "checking if $CC supports compile flag -mfunction-return=thunk... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -mfunction-return=thunk" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-mfunction-return=thunk" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +if `grep -i "unrecognized option" conftest.err >/dev/null` +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +} # gcc + { + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -mindirect-branch=thunk" >&5 +$as_echo_n "checking if $CC supports compile flag -mindirect-branch=thunk... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -mindirect-branch=thunk" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-mindirect-branch=thunk" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +if `grep -i "unrecognized option" conftest.err >/dev/null` +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +} # gcc + { + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -mretpoline" >&5 +$as_echo_n "checking if $CC supports compile flag -mretpoline... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -mretpoline" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-mretpoline" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +if `grep -i "unrecognized option" conftest.err >/dev/null` +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +} # clang + { + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,retpolineplt" >&5 +$as_echo_n "checking if $LD supports link flag -Wl,-z,retpolineplt... " >&6; } + saved_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $WERROR -Wl,-z,retpolineplt" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-Wl,-z,retpolineplt" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + long long p = n * o; + printf("%d %d %d %f %f %lld %lld %lld\n", i, j, k, l, m, n, o, p); + exit(0); +} + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + LDFLAGS="$saved_LDFLAGS $_define_flag" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + LDFLAGS="$saved_LDFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +} { { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -D_FORTIFY_SOURCE=2" >&5 $as_echo_n "checking if $CC supports compile flag -D_FORTIFY_SOURCE=2... " >&6; } @@ -6588,6 +6751,34 @@ $as_echo "no" >&6; } $as_echo "#define NO_ATTRIBUTE_ON_RETURN_TYPE 1" >>confdefs.h +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler allows __attribute__ prototype args" >&5 +$as_echo_n "checking if compiler allows __attribute__ prototype args... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2))); +int +main () +{ + exit(0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define NO_ATTRIBUTE_ON_PROTOTYPE_ARGS 1" >>confdefs.h + + fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext @@ -6717,6 +6908,7 @@ for ac_header in \ glob.h \ ia.h \ iaf.h \ + ifaddrs.h \ inttypes.h \ langinfo.h \ limits.h \ @@ -6740,12 +6932,13 @@ for ac_header in \ stdint.h \ string.h \ strings.h \ - sys/audit.h \ sys/bitypes.h \ sys/bsdtty.h \ sys/cdefs.h \ sys/dir.h \ + sys/file.h \ sys/mman.h \ + sys/label.h \ sys/ndir.h \ sys/poll.h \ sys/prctl.h \ @@ -6760,6 +6953,7 @@ for ac_header in \ sys/sysmacros.h \ sys/time.h \ sys/timers.h \ + sys/vfs.h \ time.h \ tmpdir.h \ ttyent.h \ @@ -6786,6 +6980,32 @@ fi done +# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] +# to be included first. +for ac_header in sys/audit.h +do : + ac_fn_c_check_header_compile "$LINENO" "sys/audit.h" "ac_cv_header_sys_audit_h" " +#ifdef HAVE_SYS_TIME_H +# include +#endif +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_SYS_LABEL_H +# include +#endif + +" +if test "x$ac_cv_header_sys_audit_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SYS_AUDIT_H 1 +_ACEOF + +fi + +done + + # sys/capsicum.h requires sys/types.h for ac_header in sys/capsicum.h do : @@ -6805,6 +7025,29 @@ fi done +# net/route.h requires sys/socket.h and sys/types.h. +# sys/sysctl.h also requires sys/param.h +for ac_header in net/route.h sys/sysctl.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" " +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#include +#include + +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + # lastlog.h requires sys/time.h to be included first on Solaris for ac_header in lastlog.h do : @@ -7180,10 +7423,16 @@ $as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h $as_echo "#define SSHPAM_CHAUTHTOK_NEEDS_RUID 1" >>confdefs.h -$as_echo "#define PTY_ZEROREAD 1" >>confdefs.h +$as_echo "#define PTY_ZEROREAD 1" >>confdefs.h + + +$as_echo "#define PLATFORM_SYS_DIR_UID 2" >>confdefs.h + + +$as_echo "#define BROKEN_STRNDUP 1" >>confdefs.h -$as_echo "#define PLATFORM_SYS_DIR_UID 2" >>confdefs.h +$as_echo "#define BROKEN_STRNLEN 1" >>confdefs.h ;; *-*-android*) @@ -7695,6 +7944,19 @@ $as_echo "#define SSH_TUN_COMPAT_AF 1" >>confdefs.h $as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h fi + ac_fn_c_check_header_compile "$LINENO" "linux/if.h" "ac_cv_header_linux_if_h" " +#ifdef HAVE_SYS_TYPES_H +# include +#endif + +" +if test "x$ac_cv_header_linux_if_h" = xyes; then : + +$as_echo "#define SYS_RDOMAIN_LINUX 1" >>confdefs.h + +fi + + for ac_header in linux/seccomp.h linux/filter.h linux/audit.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` @@ -7709,6 +7971,75 @@ fi done + # Obtain MIPS ABI + case "$host" in + mips*) + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#if _MIPS_SIM != _ABIO32 +#error +#endif + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + mips_abi="o32" +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#if _MIPS_SIM != _ABIN32 +#error +#endif + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + mips_abi="n32" +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#if _MIPS_SIM != _ABI64 +#error +#endif + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + mips_abi="n64" +else + as_fn_error $? "unknown MIPS ABI" "$LINENO" 5 + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for seccomp architecture" >&5 $as_echo_n "checking for seccomp architecture... " >&6; } seccomp_audit_arch= @@ -7744,10 +8075,24 @@ $as_echo_n "checking for seccomp architecture... " >&6; } seccomp_audit_arch=AUDIT_ARCH_MIPSEL ;; mips64-*) - seccomp_audit_arch=AUDIT_ARCH_MIPS64 + case "$mips_abi" in + "n32") + seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 + ;; + "n64") + seccomp_audit_arch=AUDIT_ARCH_MIPS64 + ;; + esac ;; mips64el-*) - seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 + case "$mips_abi" in + "n32") + seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 + ;; + "n64") + seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 + ;; + esac ;; esac if test "x$seccomp_audit_arch" != "x" ; then @@ -8102,6 +8447,9 @@ done conf_lastlog_location=/var/adm/lastlog $as_echo "#define USE_PIPES 1" >>confdefs.h + +$as_echo "#define DISABLE_UTMPX 1" >>confdefs.h + ;; *-ncr-sysv*) LIBS="$LIBS -lc89" @@ -8260,12 +8608,10 @@ $as_echo "#define UNIXWARE_LONG_PASSWORDS 1" >>confdefs.h $as_echo "#define BROKEN_TCGETATTR_ICANON 1" >>confdefs.h TEST_SHELL=$SHELL # let configure find us a capable shell + check_for_libcrypt_later=1 case "$host" in *-*-sysv5SCO_SV*) # SCO OpenServer 6.x maildir=/var/spool/mail - -$as_echo "#define BROKEN_LIBIAF 1" >>confdefs.h - $as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getluid in -lprot" >&5 @@ -8318,17 +8664,12 @@ _ACEOF fi done - $as_echo "#define HAVE_SECUREWARE 1" >>confdefs.h - - $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h - fi ;; *) $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h - check_for_libcrypt_later=1 ;; esac ;; @@ -8383,58 +8724,6 @@ done TEST_SHELL=$SHELL # let configure find us a capable shell SKIP_DISABLE_LASTLOG_DEFINE=yes ;; -*-*-unicosmk*) - -$as_echo "#define NO_SSH_LASTLOG 1" >>confdefs.h - - $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h - - $as_echo "#define USE_PIPES 1" >>confdefs.h - - $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h - - LDFLAGS="$LDFLAGS" - LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" - MANTYPE=cat - ;; -*-*-unicosmp*) - $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h - - $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h - - $as_echo "#define USE_PIPES 1" >>confdefs.h - - $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h - - LDFLAGS="$LDFLAGS" - LIBS="$LIBS -lgen -lacid -ldb" - MANTYPE=cat - ;; -*-*-unicos*) - $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h - - $as_echo "#define USE_PIPES 1" >>confdefs.h - - $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h - - $as_echo "#define NO_SSH_LASTLOG 1" >>confdefs.h - - LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" - LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" - MANTYPE=cat - ;; *-dec-osf*) { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Digital Unix SIA" >&5 $as_echo_n "checking for Digital Unix SIA... " >&6; } @@ -9874,7 +10163,43 @@ fi # autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; -if test "x$ac_cv_func_malloc_0_nonnull" != "xyes"; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if calloc(0, N) returns non-null" >&5 +$as_echo_n "checking if calloc(0, N) returns non-null... " >&6; } +if test "$cross_compiling" = yes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming same as malloc" >&5 +$as_echo "$as_me: WARNING: cross compiling: assuming same as malloc" >&2;} + func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull" + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include +int +main () +{ + void *p = calloc(0, 1); exit(p == NULL); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + func_calloc_0_nonnull=yes +else + func_calloc_0_nonnull=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $func_calloc_0_nonnull" >&5 +$as_echo "$func_calloc_0_nonnull" >&6; } + +if test "x$func_calloc_0_nonnull" == "xyes"; then + +$as_echo "#define HAVE_CALLOC 1" >>confdefs.h + +else $as_echo "#define HAVE_CALLOC 0" >>confdefs.h @@ -10256,7 +10581,7 @@ else LDNSCONFIG="$ac_cv_path_LDNSCONFIG" fi - if test "x$PKGCONFIG" = "xno"; then + if test "x$LDNSCONFIG" = "xno"; then CPPFLAGS="$CPPFLAGS -I${withval}/include" LDFLAGS="$LDFLAGS -L${withval}/lib" LIBS="-lldns $LIBS" @@ -10833,6 +11158,7 @@ for ac_func in \ bcrypt_pbkdf \ bindresvport_sa \ blf_enc \ + bzero \ cap_rights_limit \ clock \ closefrom \ @@ -10843,6 +11169,7 @@ for ac_func in \ explicit_bzero \ fchmod \ fchown \ + flock \ freeaddrinfo \ freezero \ fstatfs \ @@ -10857,9 +11184,9 @@ for ac_func in \ getpeereid \ getpeerucred \ getpgid \ - getpgrp \ _getpty \ getrlimit \ + getsid \ getttyent \ glob \ group_from_gid \ @@ -10881,6 +11208,7 @@ for ac_func in \ poll \ prctl \ pstat \ + raise \ readpassphrase \ reallocarray \ recvmsg \ @@ -10915,6 +11243,7 @@ for ac_func in \ strlcat \ strlcpy \ strmode \ + strndup \ strnlen \ strnvis \ strptime \ @@ -10949,6 +11278,18 @@ fi done +ac_fn_c_check_decl "$LINENO" "bzero" "ac_cv_have_decl_bzero" "$ac_includes_default" +if test "x$ac_cv_have_decl_bzero" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_BZERO $ac_have_decl +_ACEOF + + for ac_func in mblen mbtowc nl_langinfo wcwidth do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` @@ -11090,9 +11431,15 @@ $as_echo "$ac_cv_search_dlopen" >&6; } ac_res=$ac_cv_search_dlopen if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + ac_fn_c_check_decl "$LINENO" "RTLD_NOW" "ac_cv_have_decl_RTLD_NOW" "#include + +" +if test "x$ac_cv_have_decl_RTLD_NOW" = xyes; then : $as_echo "#define ENABLE_PKCS11 /**/" >>confdefs.h +fi + fi @@ -11258,21 +11605,6 @@ $as_echo "#define HAVE_CLOCK_GETTIME 1" >>confdefs.h fi -ac_fn_c_check_decl "$LINENO" "getrusage" "ac_cv_have_decl_getrusage" "$ac_includes_default" -if test "x$ac_cv_have_decl_getrusage" = xyes; then : - for ac_func in getrusage -do : - ac_fn_c_check_func "$LINENO" "getrusage" "ac_cv_func_getrusage" -if test "x$ac_cv_func_getrusage" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GETRUSAGE 1 -_ACEOF - -fi -done - -fi - ac_fn_c_check_decl "$LINENO" "strsep" "ac_cv_have_decl_strsep" " #ifdef HAVE_STRING_H # include @@ -11365,6 +11697,21 @@ cat >>confdefs.h <<_ACEOF _ACEOF +ac_fn_c_check_decl "$LINENO" "readv" "ac_cv_have_decl_readv" " +#include +#include +#include + +" +if test "x$ac_cv_have_decl_readv" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_READV $ac_have_decl +_ACEOF ac_fn_c_check_decl "$LINENO" "writev" "ac_cv_have_decl_writev" " #include #include @@ -11655,6 +12002,39 @@ fi done +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working fflush(NULL)" >&5 +$as_echo_n "checking for working fflush(NULL)... " >&6; } +if test "$cross_compiling" = yes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming working" >&5 +$as_echo "$as_me: WARNING: cross compiling: assuming working" >&2;} + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +fflush(NULL); exit(0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define FFLUSH_NULL_BUG 1" >>confdefs.h + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + for ac_func in gettimeofday time do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` @@ -12396,38 +12776,45 @@ fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether getpgrp requires zero arguments" >&5 -$as_echo_n "checking whether getpgrp requires zero arguments... " >&6; } -if ${ac_cv_func_getpgrp_void+:} false; then : - $as_echo_n "(cached) " >&6 -else - # Use it with a single arg. -cat confdefs.h - <<_ACEOF >conftest.$ac_ext +for ac_func in getpgrp +do : + ac_fn_c_check_func "$LINENO" "getpgrp" "ac_cv_func_getpgrp" +if test "x$ac_cv_func_getpgrp" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_GETPGRP 1 +_ACEOF + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if getpgrp accepts zero args" >&5 +$as_echo_n "checking if getpgrp accepts zero args... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int main () { -getpgrp (0); + getpgrp(); ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_func_getpgrp_void=no + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define GETPGRP_VOID 1" >>confdefs.h + else - ac_cv_func_getpgrp_void=yes -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getpgrp_void" >&5 -$as_echo "$ac_cv_func_getpgrp_void" >&6; } -if test $ac_cv_func_getpgrp_void = yes; then +$as_echo "#define GETPGRP_VOID 0" >>confdefs.h -$as_echo "#define GETPGRP_VOID 1" >>confdefs.h fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +done # Search for OpenSSL @@ -15193,6 +15580,33 @@ _ACEOF fi +ac_fn_c_check_member "$LINENO" "struct statfs" "f_flags" "ac_cv_member_struct_statfs_f_flags" " +#include +#ifdef HAVE_SYS_BITYPES_H +#include +#endif +#ifdef HAVE_SYS_STATFS_H +#include +#endif +#ifdef HAVE_SYS_STATVFS_H +#include +#endif +#ifdef HAVE_SYS_VFS_H +#include +#endif + +" +if test "x$ac_cv_member_struct_statfs_f_flags" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_STATFS_F_FLAGS 1 +_ACEOF + + +fi + + + ac_fn_c_check_type "$LINENO" "in_addr_t" "ac_cv_type_in_addr_t" "#include #include " @@ -19272,6 +19686,8 @@ TEST_MALLOC_OPTIONS=$TEST_MALLOC_OPTIONS UNSUPPORTED_ALGORITHMS=$unsupported_algorithms +DEPEND=$(cat $srcdir/.depend) + CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" @@ -19859,6 +20275,7 @@ gives unlimited permission to copy, distribute and modify it." ac_pwd='$ac_pwd' srcdir='$srcdir' INSTALL='$INSTALL' +MKDIR_P='$MKDIR_P' AWK='$AWK' test -n "\$AWK" || AWK=awk _ACEOF @@ -20426,6 +20843,11 @@ ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; esac + ac_MKDIR_P=$MKDIR_P + case $MKDIR_P in + [\\/$]* | ?:[\\/]* ) ;; + */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;; + esac _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 @@ -20480,6 +20902,7 @@ s&@builddir@&$ac_builddir&;t t s&@abs_builddir@&$ac_abs_builddir&;t t s&@abs_top_builddir@&$ac_abs_top_builddir&;t t s&@INSTALL@&$ac_INSTALL&;t t +s&@MKDIR_P@&$ac_MKDIR_P&;t t $ac_datarootdir_hack " eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ @@ -20607,7 +21030,6 @@ echo " PAM support: $PAM_MSG" echo " OSF SIA support: $SIA_MSG" echo " KerberosV support: $KRB5_MSG" echo " SELinux support: $SELINUX_MSG" -echo " Smartcard support: $SCARD_MSG" echo " S/KEY support: $SKEY_MSG" echo " MD5 password support: $MD5_MSG" echo " libedit support: $LIBEDIT_MSG" diff --git a/configure.ac b/configure.ac index 889f506377c0..663062bef142 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,3 @@ -# $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -30,12 +29,11 @@ AC_PROG_CPP AC_PROG_RANLIB AC_PROG_INSTALL AC_PROG_EGREP +AC_PROG_MKDIR_P AC_CHECK_TOOLS([AR], [ar]) AC_PATH_PROG([CAT], [cat]) AC_PATH_PROG([KILL], [kill]) -AC_PATH_PROGS([PERL], [perl5 perl]) AC_PATH_PROG([SED], [sed]) -AC_SUBST([PERL]) AC_PATH_PROG([ENT], [ent]) AC_SUBST([ENT]) AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) @@ -164,6 +162,10 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) if test "x$use_toolchain_hardening" = "x1"; then + OSSH_CHECK_CFLAG_COMPILE([-mfunction-return=thunk]) # gcc + OSSH_CHECK_CFLAG_COMPILE([-mindirect-branch=thunk]) # gcc + OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang + OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) @@ -263,6 +265,18 @@ __attribute__((__unused__)) static void foo(void){return;}]], [compiler does not accept __attribute__ on return types]) ] ) +AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) +AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[ +#include +typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], + [[ exit(0); ]])], + [ AC_MSG_RESULT([yes]) ], + [ AC_MSG_RESULT([no]) + AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, + [compiler does not accept __attribute__ on protoype args]) ] +) + if test "x$no_attrib_nonnull" != "x1" ; then AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) fi @@ -363,6 +377,7 @@ AC_CHECK_HEADERS([ \ glob.h \ ia.h \ iaf.h \ + ifaddrs.h \ inttypes.h \ langinfo.h \ limits.h \ @@ -386,12 +401,13 @@ AC_CHECK_HEADERS([ \ stdint.h \ string.h \ strings.h \ - sys/audit.h \ sys/bitypes.h \ sys/bsdtty.h \ sys/cdefs.h \ sys/dir.h \ + sys/file.h \ sys/mman.h \ + sys/label.h \ sys/ndir.h \ sys/poll.h \ sys/prctl.h \ @@ -406,6 +422,7 @@ AC_CHECK_HEADERS([ \ sys/sysmacros.h \ sys/time.h \ sys/timers.h \ + sys/vfs.h \ time.h \ tmpdir.h \ ttyent.h \ @@ -420,6 +437,20 @@ AC_CHECK_HEADERS([ \ wchar.h \ ]) +# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] +# to be included first. +AC_CHECK_HEADERS([sys/audit.h], [], [], [ +#ifdef HAVE_SYS_TIME_H +# include +#endif +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_SYS_LABEL_H +# include +#endif +]) + # sys/capsicum.h requires sys/types.h AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ #ifdef HAVE_SYS_TYPES_H @@ -427,6 +458,16 @@ AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ #endif ]) +# net/route.h requires sys/socket.h and sys/types.h. +# sys/sysctl.h also requires sys/param.h +AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#include +#include +]) + # lastlog.h requires sys/time.h to be included first on Solaris AC_CHECK_HEADERS([lastlog.h], [], [], [ #ifdef HAVE_SYS_TIME_H @@ -562,6 +603,8 @@ case "$host" in [AIX 5.2 and 5.3 (and presumably newer) require this]) AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) + AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) + AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) ;; *-*-android*) AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) @@ -769,8 +812,36 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE([SSH_TUN_PREPEND_AF], [1], [Prepend the address family to IP tunnel traffic]) fi + AC_CHECK_HEADER([linux/if.h], + AC_DEFINE([SYS_RDOMAIN_LINUX], [1], + [Support routing domains using Linux VRF]), [], [ +#ifdef HAVE_SYS_TYPES_H +# include +#endif + ]) AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], [], [#include ]) + # Obtain MIPS ABI + case "$host" in + mips*) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#if _MIPS_SIM != _ABIO32 +#error +#endif + ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#if _MIPS_SIM != _ABIN32 +#error +#endif + ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#if _MIPS_SIM != _ABI64 +#error +#endif + ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) + ]) + ]) + ]) + ;; + esac AC_MSG_CHECKING([for seccomp architecture]) seccomp_audit_arch= case "$host" in @@ -805,10 +876,24 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) seccomp_audit_arch=AUDIT_ARCH_MIPSEL ;; mips64-*) - seccomp_audit_arch=AUDIT_ARCH_MIPS64 + case "$mips_abi" in + "n32") + seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 + ;; + "n64") + seccomp_audit_arch=AUDIT_ARCH_MIPS64 + ;; + esac ;; mips64el-*) - seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 + case "$mips_abi" in + "n32") + seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 + ;; + "n64") + seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 + ;; + esac ;; esac if test "x$seccomp_audit_arch" != "x" ; then @@ -959,6 +1044,7 @@ mips-sony-bsd|mips-sony-newsos4) conf_wtmp_location=/var/adm/wtmp conf_lastlog_location=/var/adm/lastlog AC_DEFINE([USE_PIPES]) + AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) ;; *-ncr-sysv*) LIBS="$LIBS -lc89" @@ -1007,20 +1093,16 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE([PASSWD_NEEDS_USERNAME]) AC_DEFINE([BROKEN_TCGETATTR_ICANON]) TEST_SHELL=$SHELL # let configure find us a capable shell + check_for_libcrypt_later=1 case "$host" in *-*-sysv5SCO_SV*) # SCO OpenServer 6.x maildir=/var/spool/mail - AC_DEFINE([BROKEN_LIBIAF], [1], - [ia_uinfo routines not supported by OS yet]) AC_DEFINE([BROKEN_UPDWTMPX]) AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) - AC_DEFINE([HAVE_SECUREWARE]) - AC_DEFINE([DISABLE_SHADOW]) ], , ) ;; *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) - check_for_libcrypt_later=1 ;; esac ;; @@ -1053,40 +1135,6 @@ mips-sony-bsd|mips-sony-newsos4) TEST_SHELL=$SHELL # let configure find us a capable shell SKIP_DISABLE_LASTLOG_DEFINE=yes ;; -*-*-unicosmk*) - AC_DEFINE([NO_SSH_LASTLOG], [1], - [Define if you don't want to use lastlog in session.c]) - AC_DEFINE([SETEUID_BREAKS_SETUID]) - AC_DEFINE([BROKEN_SETREUID]) - AC_DEFINE([BROKEN_SETREGID]) - AC_DEFINE([USE_PIPES]) - AC_DEFINE([DISABLE_FD_PASSING]) - LDFLAGS="$LDFLAGS" - LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" - MANTYPE=cat - ;; -*-*-unicosmp*) - AC_DEFINE([SETEUID_BREAKS_SETUID]) - AC_DEFINE([BROKEN_SETREUID]) - AC_DEFINE([BROKEN_SETREGID]) - AC_DEFINE([WITH_ABBREV_NO_TTY]) - AC_DEFINE([USE_PIPES]) - AC_DEFINE([DISABLE_FD_PASSING]) - LDFLAGS="$LDFLAGS" - LIBS="$LIBS -lgen -lacid -ldb" - MANTYPE=cat - ;; -*-*-unicos*) - AC_DEFINE([SETEUID_BREAKS_SETUID]) - AC_DEFINE([BROKEN_SETREUID]) - AC_DEFINE([BROKEN_SETREGID]) - AC_DEFINE([USE_PIPES]) - AC_DEFINE([DISABLE_FD_PASSING]) - AC_DEFINE([NO_SSH_LASTLOG]) - LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" - LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" - MANTYPE=cat - ;; *-dec-osf*) AC_MSG_CHECKING([for Digital Unix SIA]) no_osfsia="" @@ -1337,8 +1385,23 @@ AC_FUNC_STRFTIME AC_FUNC_MALLOC AC_FUNC_REALLOC # autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; -if test "x$ac_cv_func_malloc_0_nonnull" != "xyes"; then - AC_DEFINE(HAVE_CALLOC, 0, [calloc(x, 0) returns NULL]) +AC_MSG_CHECKING([if calloc(0, N) returns non-null]) +AC_RUN_IFELSE( + [AC_LANG_PROGRAM( + [[ #include ]], + [[ void *p = calloc(0, 1); exit(p == NULL); ]] + )], + [ func_calloc_0_nonnull=yes ], + [ func_calloc_0_nonnull=no ], + [ AC_MSG_WARN([cross compiling: assuming same as malloc]) + func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] +) +AC_MSG_RESULT([$func_calloc_0_nonnull]) + +if test "x$func_calloc_0_nonnull" == "xyes"; then + AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) +else + AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) AC_DEFINE(calloc, rpl_calloc, [Define to rpl_calloc if the replacement function should be used.]) fi @@ -1487,7 +1550,7 @@ AC_ARG_WITH(ldns, ldns="" if test "x$withval" = "xyes" ; then AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) - if test "x$PKGCONFIG" = "xno"; then + if test "x$LDNSCONFIG" = "xno"; then CPPFLAGS="$CPPFLAGS -I${withval}/include" LDFLAGS="$LDFLAGS -L${withval}/lib" LIBS="-lldns $LIBS" @@ -1695,6 +1758,7 @@ AC_CHECK_FUNCS([ \ bcrypt_pbkdf \ bindresvport_sa \ blf_enc \ + bzero \ cap_rights_limit \ clock \ closefrom \ @@ -1705,6 +1769,7 @@ AC_CHECK_FUNCS([ \ explicit_bzero \ fchmod \ fchown \ + flock \ freeaddrinfo \ freezero \ fstatfs \ @@ -1719,9 +1784,9 @@ AC_CHECK_FUNCS([ \ getpeereid \ getpeerucred \ getpgid \ - getpgrp \ _getpty \ getrlimit \ + getsid \ getttyent \ glob \ group_from_gid \ @@ -1743,6 +1808,7 @@ AC_CHECK_FUNCS([ \ poll \ prctl \ pstat \ + raise \ readpassphrase \ reallocarray \ recvmsg \ @@ -1777,6 +1843,7 @@ AC_CHECK_FUNCS([ \ strlcat \ strlcpy \ strmode \ + strndup \ strnlen \ strnvis \ strptime \ @@ -1800,6 +1867,8 @@ AC_CHECK_FUNCS([ \ warn \ ]) +AC_CHECK_DECLS([bzero]) + dnl Wide character support. AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) @@ -1842,7 +1911,10 @@ AC_ARG_ENABLE([pkcs11], if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then # PKCS#11 support requires dlopen() and co AC_SEARCH_LIBS([dlopen], [dl], - [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])] + AC_CHECK_DECL([RTLD_NOW], + AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]), + [], [#include ] + ) ) fi @@ -1869,7 +1941,6 @@ AC_SEARCH_LIBS([clock_gettime], [rt], [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) dnl Make sure prototypes are defined for these before using them. -AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])]) AC_CHECK_DECL([strsep], [AC_CHECK_FUNCS([strsep])], [], @@ -1905,7 +1976,7 @@ AC_CHECK_DECLS([O_NONBLOCK], , , #endif ]) -AC_CHECK_DECLS([writev], , , [ +AC_CHECK_DECLS([readv, writev], , , [ #include #include #include @@ -2022,6 +2093,16 @@ AC_CHECK_FUNCS([realpath], [ ) ]) +AC_MSG_CHECKING([for working fflush(NULL)]) +AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[#include ]], [[fflush(NULL); exit(0);]])], + AC_MSG_RESULT([yes]), + [AC_MSG_RESULT([no]) + AC_DEFINE([FFLUSH_NULL_BUG], [1], + [define if fflush(NULL) does not work])], + AC_MSG_WARN([cross compiling: assuming working]) +) + dnl Checks for time functions AC_CHECK_FUNCS([gettimeofday time]) dnl Checks for utmp functions @@ -2393,7 +2474,16 @@ static void sighandler(int sig) { _exit(1); } ) fi -AC_FUNC_GETPGRP +AC_CHECK_FUNCS([getpgrp],[ + AC_MSG_CHECKING([if getpgrp accepts zero args]) + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], + [ AC_MSG_RESULT([yes]) + AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], + [ AC_MSG_RESULT([no]) + AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] + ) +]) # Search for OpenSSL saved_CPPFLAGS="$CPPFLAGS" @@ -3641,6 +3731,23 @@ AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ #endif ]) +AC_CHECK_MEMBERS([struct statfs.f_flags], [], [], [[ +#include +#ifdef HAVE_SYS_BITYPES_H +#include +#endif +#ifdef HAVE_SYS_STATFS_H +#include +#endif +#ifdef HAVE_SYS_STATVFS_H +#include +#endif +#ifdef HAVE_SYS_VFS_H +#include +#endif +]]) + + AC_CHECK_TYPES([in_addr_t, in_port_t], , , [#include #include ]) @@ -4755,7 +4862,7 @@ if test ! -d $piddir ; then fi AC_ARG_WITH([pid-dir], - [ --with-pid-dir=PATH Specify location of ssh.pid file], + [ --with-pid-dir=PATH Specify location of sshd.pid file], [ if test -n "$withval" && test "x$withval" != "xno" && \ test "x${withval}" != "xyes"; then @@ -5056,6 +5163,7 @@ AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) +AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" @@ -5107,7 +5215,6 @@ echo " PAM support: $PAM_MSG" echo " OSF SIA support: $SIA_MSG" echo " KerberosV support: $KRB5_MSG" echo " SELinux support: $SELINUX_MSG" -echo " Smartcard support: $SCARD_MSG" echo " S/KEY support: $SKEY_MSG" echo " MD5 password support: $MD5_MSG" echo " libedit support: $LIBEDIT_MSG" diff --git a/contrib/aix/README b/contrib/aix/README index 4a11ae7038f9..1aa5919786ca 100644 --- a/contrib/aix/README +++ b/contrib/aix/README @@ -47,4 +47,3 @@ you get to keep both pieces. - Darren Tucker (dtucker at zip dot com dot au) 2002/03/01 -$Id: README,v 1.4 2003/08/25 05:01:04 dtucker Exp $ diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh index 81d8cc30105c..00b384dc7a61 100755 --- a/contrib/aix/buildbff.sh +++ b/contrib/aix/buildbff.sh @@ -1,7 +1,6 @@ #!/bin/sh # # buildbff.sh: Create AIX SMIT-installable OpenSSH packages -# $Id: buildbff.sh,v 1.13 2011/05/05 03:48:41 djm Exp $ # # Author: Darren Tucker (dtucker at zip dot com dot au) # This file is placed in the public domain and comes with absolutely diff --git a/contrib/aix/inventory.sh b/contrib/aix/inventory.sh index e2641e79c4f9..7d76f49715c4 100755 --- a/contrib/aix/inventory.sh +++ b/contrib/aix/inventory.sh @@ -1,7 +1,6 @@ #!/bin/sh # # inventory.sh -# $Id: inventory.sh,v 1.6 2003/11/21 12:48:56 djm Exp $ # # Originally written by Ben Lindstrom, modified by Darren Tucker to use perl # This file is placed into the public domain. diff --git a/contrib/cygwin/Makefile b/contrib/cygwin/Makefile index a0261f48d53c..4b78cd950576 100644 --- a/contrib/cygwin/Makefile +++ b/contrib/cygwin/Makefile @@ -13,6 +13,7 @@ defaultsdir=$(sysconfdir)/defaults/etc inetdefdir=$(defaultsdir)/inetd.d PRIVSEP_PATH=/var/empty INSTALL=/usr/bin/install -c +MKDIR_P=$(srcdir)/mkinstalldirs DESTDIR= @@ -23,7 +24,7 @@ all: @echo move-config-files: $(DESTDIR)$(sysconfdir)/ssh_config $(DESTDIR)$(sysconfdir)/sshd_config - $(srcdir)/mkinstalldirs $(DESTDIR)$(defaultsdir) + $(MKDIR_P) $(DESTDIR)$(defaultsdir) mv $(DESTDIR)$(sysconfdir)/ssh_config $(DESTDIR)$(defaultsdir) mv $(DESTDIR)$(sysconfdir)/sshd_config $(DESTDIR)$(defaultsdir) @@ -31,11 +32,11 @@ remove-empty-dir: rm -rf $(DESTDIR)$(PRIVSEP_PATH) install-inetd-config: - $(srcdir)/mkinstalldirs $(DESTDIR)$(inetdefdir) + $(MKDIR_P) $(DESTDIR)$(inetdefdir) $(INSTALL) -m 644 sshd-inetd $(DESTDIR)$(inetdefdir)/sshd-inetd install-sshdoc: - $(srcdir)/mkinstalldirs $(DESTDIR)$(sshdocdir) + $(MKDIR_P) $(DESTDIR)$(sshdocdir) -$(INSTALL) -m 644 $(srcdir)/CREDITS $(DESTDIR)$(sshdocdir)/CREDITS -$(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(sshdocdir)/ChangeLog -$(INSTALL) -m 644 $(srcdir)/LICENCE $(DESTDIR)$(sshdocdir)/LICENCE @@ -52,13 +53,13 @@ install-sshdoc: -$(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO install-cygwindoc: README - $(srcdir)/mkinstalldirs $(DESTDIR)$(cygdocdir) + $(MKDIR_P) $(DESTDIR)$(cygdocdir) $(INSTALL) -m 644 README $(DESTDIR)$(cygdocdir)/openssh.README install-doc: install-sshdoc install-cygwindoc install-scripts: ssh-host-config ssh-user-config - $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir) + $(MKDIR_P) $(DESTDIR)$(bindir) $(INSTALL) -m 755 ssh-host-config $(DESTDIR)$(bindir)/ssh-host-config $(INSTALL) -m 755 ssh-user-config $(DESTDIR)$(bindir)/ssh-user-config diff --git a/contrib/findssl.sh b/contrib/findssl.sh index 263fd26445d5..95a0d66dfe63 100755 --- a/contrib/findssl.sh +++ b/contrib/findssl.sh @@ -1,7 +1,5 @@ #!/bin/sh # -# $Id: findssl.sh,v 1.4 2007/02/19 11:44:25 dtucker Exp $ -# # findssl.sh # Search for all instances of OpenSSL headers and libraries # and print their versions. diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index a96a36e492d6..a0d5e2071023 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,5 +1,5 @@ -%define ver 7.6p1 -%define rel 1 +%define ver 7.7p1 +%define rel 1%{?dist} # OpenSSH privilege separation requires a user & group ID %define sshd_uid 74 @@ -23,8 +23,19 @@ # Use GTK2 instead of GNOME in gnome-ssh-askpass %define gtk2 1 -# Is this build for RHL 6.x? +# Use build6x options for older RHEL builds +# RHEL 7 not yet supported +%if 0%{?rhel} > 6 %define build6x 0 +%else +%define build6x 1 +%endif + +%if 0%{?fedora} >= 26 +%define compat_openssl 1 +%else +%define compat_openssl 0 +%endif # Do we want kerberos5 support (1=yes 0=no) %define kerberos5 1 @@ -64,7 +75,7 @@ %define kerberos5 0 %endif -Summary: The OpenSSH implementation of SSH protocol versions 1 and 2. +Summary: The OpenSSH implementation of SSH protocol version 2. Name: openssh Version: %{ver} %if %{rescue} @@ -74,9 +85,7 @@ Release: %{rel} %endif URL: https://www.openssh.com/portable.html Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz -%if ! %{no_x11_askpass} Source1: http://www.jmknoble.net/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz -%endif License: BSD Group: Applications/Internet BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot @@ -86,7 +95,13 @@ PreReq: initscripts >= 5.00 %else Requires: initscripts >= 5.20 %endif -BuildRequires: perl, openssl-devel +BuildRequires: perl +%if %{compat_openssl} +BuildRequires: compat-openssl10-devel +%else +BuildRequires: openssl-devel >= 1.0.1 +BuildRequires: openssl-devel < 1.1 +%endif BuildRequires: /bin/login %if ! %{build6x} BuildRequires: glibc-devel, pam @@ -95,6 +110,12 @@ BuildRequires: /usr/include/security/pam_appl.h %endif %if ! %{no_x11_askpass} BuildRequires: /usr/include/X11/Xlib.h +# Xt development tools +BuildRequires: libXt-devel +# Provides xmkmf +BuildRequires: imake +# Rely on relatively recent gtk +BuildRequires: gtk2-devel %endif %if ! %{no_gnome_askpass} BuildRequires: pkgconfig @@ -183,11 +204,6 @@ environment. CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS %endif -%if %{kerberos5} -K5DIR=`rpm -ql krb5-devel | grep 'include/krb5\.h' | sed 's,\/include\/krb5.h,,'` -echo K5DIR=$K5DIR -%endif - %configure \ --sysconfdir=%{_sysconfdir}/ssh \ --libexecdir=%{_libexecdir}/openssh \ @@ -196,6 +212,9 @@ echo K5DIR=$K5DIR --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \ --with-privsep-path=%{_var}/empty/sshd \ --with-md5-passwords \ + --mandir=%{_mandir} \ + --with-mantype=man \ + --disable-strip \ %if %{scard} --with-smartcard \ %endif @@ -262,12 +281,12 @@ install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd %if ! %{no_x11_askpass} -install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass +install x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass %endif %if ! %{no_gnome_askpass} -install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass +install contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass %endif %if ! %{scard} @@ -391,7 +410,7 @@ fi %doc x11-ssh-askpass-%{aversion}/README %doc x11-ssh-askpass-%{aversion}/ChangeLog %doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad -%attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass +%{_libexecdir}/openssh/ssh-askpass %attr(0755,root,root) %{_libexecdir}/openssh/x11-ssh-askpass %endif @@ -403,6 +422,22 @@ fi %endif %changelog +* Sat Feb 10 2018 Darren Tucker +- Update openssl-devel dependency to match current requirements. +- Handle Fedora >=6 openssl 1.0 compat libs. +- Remove SSH1 from description. +- Don't strip binaries at build time so that debuginfo package can be + created. + +* Sun Nov 16 2014 Nico Kadel-Garcia +- Add '--mandir' and '--with-mantype' for RHEL 5 compatibility +- Add 'dist' option to 'ver' so package names reflect OS at build time +- Always include x11-ssh-askpass tarball in SRPM +- Add openssh-x11-aspass BuildRequires for libXT-devel, imake, gtk2-devel +- Discard 'K5DIR' reporting, not usable inside 'mock' for RHEL 5 compatibility +- Discard obsolete '--with-rsh' configure option +- Update openssl-devel dependency to 0.9.8f, as found in autoconf + * Wed Jul 14 2010 Tim Rice - test for skip_x11_askpass (line 77) should have been for no_x11_askpass @@ -414,7 +449,7 @@ fi - Don't install profile.d scripts when not building with GNOME/GTK askpass (patch from bet@rahul.net) -* Wed Oct 01 2002 Damien Miller +* Tue Oct 01 2002 Damien Miller - Install ssh-agent setgid nobody to prevent ptrace() key theft attacks * Mon Sep 30 2002 Damien Miller @@ -460,7 +495,7 @@ fi - remove dependency on db1-devel, which has just been swallowed up whole by gnome-libs-devel -* Sun Dec 29 2001 Nalin Dahyabhai +* Sat Dec 29 2001 Nalin Dahyabhai - adjust build dependencies so that build6x actually works right (fix from Hugo van der Kooij) diff --git a/contrib/redhat/sshd.init b/contrib/redhat/sshd.init index 40c8dfd9f886..8ee5fcd3bb4f 100755 --- a/contrib/redhat/sshd.init +++ b/contrib/redhat/sshd.init @@ -40,7 +40,6 @@ start() # Create keys if necessary /usr/bin/ssh-keygen -A if [ -x /sbin/restorecon ]; then - /sbin/restorecon /etc/ssh/ssh_host_key.pub /sbin/restorecon /etc/ssh/ssh_host_rsa_key.pub /sbin/restorecon /etc/ssh/ssh_host_dsa_key.pub /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key.pub diff --git a/contrib/redhat/sshd.init.old b/contrib/redhat/sshd.init.old index 0deb6080eb82..8a30f7da4a4a 100755 --- a/contrib/redhat/sshd.init.old +++ b/contrib/redhat/sshd.init.old @@ -24,7 +24,6 @@ prog="sshd" # Some functions to make the below more readable KEYGEN=/usr/bin/ssh-keygen SSHD=/usr/sbin/sshd -RSA1_KEY=/etc/ssh/ssh_host_key RSA_KEY=/etc/ssh/ssh_host_rsa_key DSA_KEY=/etc/ssh/ssh_host_dsa_key PID_FILE=/var/run/sshd.pid @@ -61,21 +60,6 @@ my_failure() { ;; esac } -do_rsa1_keygen() { - if [ ! -s $RSA1_KEY ]; then - echo -n "Generating SSH1 RSA host key: " - if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then - chmod 600 $RSA1_KEY - chmod 644 $RSA1_KEY.pub - my_success "RSA1 key generation" - echo - else - my_failure "RSA1 key generation" - echo - exit 1 - fi - fi -} do_rsa_keygen() { if [ ! -s $RSA_KEY ]; then echo -n "Generating SSH2 RSA host key: " @@ -119,7 +103,6 @@ do_restart_sanity_check() { case "$1" in start) # Create keys if necessary - do_rsa1_keygen; do_rsa_keygen; do_dsa_keygen; diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index fdb3578cbd4e..d9c4298f1c5a 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 7.6p1 +Version: 7.7p1 URL: https://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz diff --git a/crypto_api.h b/crypto_api.h index 5820ce8fa1f6..7f45bbd69e77 100644 --- a/crypto_api.h +++ b/crypto_api.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto_api.h,v 1.3 2013/12/17 10:36:38 markus Exp $ */ +/* $OpenBSD: crypto_api.h,v 1.4 2017/12/14 21:07:39 naddy Exp $ */ /* * Assembled from generated headers and source files by Markus Friedl. @@ -8,6 +8,8 @@ #ifndef crypto_api_h #define crypto_api_h +#include "includes.h" + #ifdef HAVE_STDINT_H # include #endif @@ -18,12 +20,6 @@ typedef uint32_t crypto_uint32; #define randombytes(buf, buf_len) arc4random_buf((buf), (buf_len)) -#define crypto_hashblocks_sha512_STATEBYTES 64U -#define crypto_hashblocks_sha512_BLOCKBYTES 128U - -int crypto_hashblocks_sha512(unsigned char *, const unsigned char *, - unsigned long long); - #define crypto_hash_sha512_BYTES 64U int crypto_hash_sha512(unsigned char *, const unsigned char *, diff --git a/defines.h b/defines.h index f1662edcfea0..3fa5ec5a9b1a 100644 --- a/defines.h +++ b/defines.h @@ -214,24 +214,12 @@ typedef signed char int8_t; # if (SIZEOF_SHORT_INT == 2) typedef short int int16_t; # else -# ifdef _UNICOS -# if (SIZEOF_SHORT_INT == 4) -typedef short int16_t; -# else -typedef long int16_t; -# endif -# else # error "16 bit int type not found." -# endif /* _UNICOS */ # endif # if (SIZEOF_INT == 4) typedef int int32_t; # else -# ifdef _UNICOS -typedef long int32_t; -# else # error "32 bit int type not found." -# endif /* _UNICOS */ # endif #endif @@ -247,24 +235,12 @@ typedef unsigned char u_int8_t; # if (SIZEOF_SHORT_INT == 2) typedef unsigned short int u_int16_t; # else -# ifdef _UNICOS -# if (SIZEOF_SHORT_INT == 4) -typedef unsigned short u_int16_t; -# else -typedef unsigned long u_int16_t; -# endif -# else # error "16 bit int type not found." -# endif # endif # if (SIZEOF_INT == 4) typedef unsigned int u_int32_t; # else -# ifdef _UNICOS -typedef unsigned long u_int32_t; -# else # error "32 bit int type not found." -# endif # endif # endif #define __BIT_TYPES_DEFINED__ diff --git a/dh.c b/dh.c index 475312427805..46afba033693 100644 --- a/dh.c +++ b/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.62 2016/12/15 21:20:41 dtucker Exp $ */ +/* $OpenBSD: dh.c,v 1.63 2018/02/07 02:06:50 jsing Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -25,6 +25,7 @@ #include "includes.h" +#ifdef WITH_OPENSSL #include #include @@ -134,10 +135,8 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg) return 1; fail: - if (dhg->g != NULL) - BN_clear_free(dhg->g); - if (dhg->p != NULL) - BN_clear_free(dhg->p); + BN_clear_free(dhg->g); + BN_clear_free(dhg->p); dhg->g = dhg->p = NULL; return 0; } @@ -465,3 +464,5 @@ dh_estimate(int bits) return 7680; return 8192; } + +#endif /* WITH_OPENSSL */ diff --git a/dns.c b/dns.c index 6e1abb5300cd..ff1a2c41c29d 100644 --- a/dns.c +++ b/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.37 2017/09/14 04:32:21 djm Exp $ */ +/* $OpenBSD: dns.c,v 1.38 2018/02/23 15:58:37 markus Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -105,6 +105,11 @@ dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type, if (!*digest_type) *digest_type = SSHFP_HASH_SHA256; break; + case KEY_XMSS: + *algorithm = SSHFP_KEY_XMSS; + if (!*digest_type) + *digest_type = SSHFP_HASH_SHA256; + break; default: *algorithm = SSHFP_KEY_RESERVED; /* 0 */ *digest_type = SSHFP_HASH_RESERVED; /* 0 */ diff --git a/dns.h b/dns.h index 68443f7cbbb8..91f3c632dd1b 100644 --- a/dns.h +++ b/dns.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.h,v 1.17 2017/09/14 04:32:21 djm Exp $ */ +/* $OpenBSD: dns.h,v 1.18 2018/02/23 15:58:37 markus Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -33,7 +33,8 @@ enum sshfp_types { SSHFP_KEY_RSA = 1, SSHFP_KEY_DSA = 2, SSHFP_KEY_ECDSA = 3, - SSHFP_KEY_ED25519 = 4 + SSHFP_KEY_ED25519 = 4, + SSHFP_KEY_XMSS = 5 }; enum sshfp_hashes { diff --git a/entropy.c b/entropy.c index 9305f89aeada..14b98f188918 100644 --- a/entropy.c +++ b/entropy.c @@ -108,7 +108,7 @@ get_random_bytes_prngd(unsigned char *buf, int len, strlen(socket_path) + 1; } - old_sigpipe = mysignal(SIGPIPE, SIG_IGN); + old_sigpipe = signal(SIGPIPE, SIG_IGN); errors = 0; rval = -1; @@ -158,7 +158,7 @@ reopen: rval = 0; done: - mysignal(SIGPIPE, old_sigpipe); + signal(SIGPIPE, old_sigpipe); if (fd != -1) close(fd); return rval; diff --git a/fixprogs b/fixprogs deleted file mode 100755 index af76ee392456..000000000000 --- a/fixprogs +++ /dev/null @@ -1,72 +0,0 @@ -#!/usr/bin/perl -# -# fixprogs - run through the list of entropy commands and -# score out the losers -# - -$entscale = 50; # divisor for optional entropy measurement - -sub usage { - return("Usage: $0 \n"); -} - -if (($#ARGV == -1) || ($#ARGV>1)) { - die(&usage); -} - -# 'undocumented' option - run ent (in second param) on the output -if ($#ARGV==1) { - $entcmd=$ARGV[1] -} else { - $entcmd = "" -}; - -$infilename = $ARGV[0]; - -if (!open(IN, "<".$infilename)) { - die("Couldn't open input file"); -} -$outfilename=$infilename.".out"; -if (!open(OUT, ">$outfilename")) { - die("Couldn't open output file $outfilename"); -} -@infile=; - -select(OUT); $|=1; select(STDOUT); - -foreach (@infile) { - if (/^\s*\#/ || /^\s*$/) { - print OUT; - next; - } - ($cmd, $path, $est) = /^\"([^\"]+)\"\s+([\w\/_-]+)\s+([\d\.\-]+)/o; - @args = split(/ /, $cmd); - if (! ($pid = fork())) { - # child - close STDIN; close STDOUT; close STDERR; - open (STDIN, "/dev/null"); - open (STDERR, ">/dev/null"); - exec $path @args; - exit 1; # shouldn't be here - } - # parent - waitpid ($pid, 0); $ret=$? >> 8; - - if ($ret != 0) { - $path = "undef"; - } else { - if ($entcmd ne "") { - # now try to run ent on the command - $mostargs=join(" ", splice(@args,1)); - print "Evaluating '$path $mostargs'\n"; - @ent = qx{$path $mostargs | $entcmd -b -t}; - @ent = grep(/^1,/, @ent); - ($null, $null, $rate) = split(/,/, $ent[0]); - $est = $rate / $entscale; # scale the estimate back - } - } - print OUT "\"$cmd\" $path $est\n"; -} - -close(IN); diff --git a/hash.c b/hash.c index 734c6bee2af3..5875d41fafa7 100644 --- a/hash.c +++ b/hash.c @@ -1,76 +1,27 @@ -/* $OpenBSD: hash.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ - -/* Copied from nacl-20110221/crypto_hash/sha512/ref/hash.c */ +/* $OpenBSD: hash.c,v 1.4 2017/12/14 21:07:39 naddy Exp $ */ +/* $OpenBSD: hash.c,v 1.5 2018/01/13 00:24:09 naddy Exp $ */ /* -20080913 -D. J. Bernstein -Public domain. -*/ - -#include "includes.h" + * Public domain. Author: Christian Weisgerber + * API compatible reimplementation of function from nacl + */ #include "crypto_api.h" -#define blocks crypto_hashblocks_sha512 +#include -static const unsigned char iv[64] = { - 0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08, - 0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b, - 0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b, - 0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1, - 0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1, - 0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f, - 0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b, - 0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79 -} ; +#include "digest.h" +#include "log.h" +#include "ssherr.h" -typedef unsigned long long uint64; - -int crypto_hash_sha512(unsigned char *out,const unsigned char *in,unsigned long long inlen) +int +crypto_hash_sha512(unsigned char *out, const unsigned char *in, + unsigned long long inlen) { - unsigned char h[64]; - unsigned char padded[256]; - unsigned int i; - unsigned long long bytes = inlen; - - for (i = 0;i < 64;++i) h[i] = iv[i]; - - blocks(h,in,inlen); - in += inlen; - inlen &= 127; - in -= inlen; - - for (i = 0;i < inlen;++i) padded[i] = in[i]; - padded[inlen] = 0x80; - - if (inlen < 112) { - for (i = inlen + 1;i < 119;++i) padded[i] = 0; - padded[119] = bytes >> 61; - padded[120] = bytes >> 53; - padded[121] = bytes >> 45; - padded[122] = bytes >> 37; - padded[123] = bytes >> 29; - padded[124] = bytes >> 21; - padded[125] = bytes >> 13; - padded[126] = bytes >> 5; - padded[127] = bytes << 3; - blocks(h,padded,128); - } else { - for (i = inlen + 1;i < 247;++i) padded[i] = 0; - padded[247] = bytes >> 61; - padded[248] = bytes >> 53; - padded[249] = bytes >> 45; - padded[250] = bytes >> 37; - padded[251] = bytes >> 29; - padded[252] = bytes >> 21; - padded[253] = bytes >> 13; - padded[254] = bytes >> 5; - padded[255] = bytes << 3; - blocks(h,padded,256); - } - - for (i = 0;i < 64;++i) out[i] = h[i]; + int r; - return 0; + if ((r = ssh_digest_memory(SSH_DIGEST_SHA512, in, inlen, out, + crypto_hash_sha512_BYTES)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + return 0; } diff --git a/install-sh b/install-sh index 220abbf61677..377bb8687ffe 100755 --- a/install-sh +++ b/install-sh @@ -1,251 +1,527 @@ #!/bin/sh -# # install - install a program, script, or datafile -# This comes from X11R5 (mit/util/scripts/install.sh). + +scriptversion=2011-11-20.07; # UTC + +# This originates from X11R5 (mit/util/scripts/install.sh), which was +# later released in X11R6 (xc/config/util/install.sh) with the +# following copyright and license. +# +# Copyright (C) 1994 X Consortium +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- +# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # -# Copyright 1991 by the Massachusetts Institute of Technology +# Except as contained in this notice, the name of the X Consortium shall not +# be used in advertising or otherwise to promote the sale, use or other deal- +# ings in this Software without prior written authorization from the X Consor- +# tium. # -# Permission to use, copy, modify, distribute, and sell this software and its -# documentation for any purpose is hereby granted without fee, provided that -# the above copyright notice appear in all copies and that both that -# copyright notice and this permission notice appear in supporting -# documentation, and that the name of M.I.T. not be used in advertising or -# publicity pertaining to distribution of the software without specific, -# written prior permission. M.I.T. makes no representations about the -# suitability of this software for any purpose. It is provided "as is" -# without express or implied warranty. +# +# FSF changes to this file are in the public domain. # # Calling this script install-sh is preferred over install.sh, to prevent -# `make' implicit rules from creating a file called install from it +# 'make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written -# from scratch. It can only install one file at a time, a restriction -# shared with many OS's install programs. +# from scratch. +nl=' +' +IFS=" "" $nl" # set DOITPROG to echo to test this script # Don't use :- since 4.3BSD and earlier shells don't like it. -doit="${DOITPROG-}" - - -# put in absolute paths if you don't have them in your path; or use env. vars. - -mvprog="${MVPROG-mv}" -cpprog="${CPPROG-cp}" -chmodprog="${CHMODPROG-chmod}" -chownprog="${CHOWNPROG-chown}" -chgrpprog="${CHGRPPROG-chgrp}" -stripprog="${STRIPPROG-strip}" -rmprog="${RMPROG-rm}" -mkdirprog="${MKDIRPROG-mkdir}" - -transformbasename="" -transform_arg="" -instcmd="$mvprog" -chmodcmd="$chmodprog 0755" -chowncmd="" -chgrpcmd="" -stripcmd="" -rmcmd="$rmprog -f" -mvcmd="$mvprog" -src="" -dst="" -dir_arg="" - -while [ x"$1" != x ]; do - case $1 in - -c) instcmd="$cpprog" - shift - continue;; - - -d) dir_arg=true - shift - continue;; - - -m) chmodcmd="$chmodprog $2" - shift - shift - continue;; - - -o) chowncmd="$chownprog $2" - shift - shift - continue;; - - -g) chgrpcmd="$chgrpprog $2" - shift - shift - continue;; - - -s) stripcmd="$stripprog" - shift - continue;; - - -t=*) transformarg=`echo $1 | sed 's/-t=//'` - shift - continue;; - - -b=*) transformbasename=`echo $1 | sed 's/-b=//'` - shift - continue;; - - *) if [ x"$src" = x ] - then - src=$1 - else - # this colon is to work around a 386BSD /bin/sh bug - : - dst=$1 - fi - shift - continue;; - esac -done - -if [ x"$src" = x ] -then - echo "install: no input file specified" - exit 1 +doit=${DOITPROG-} +if test -z "$doit"; then + doit_exec=exec else - true + doit_exec=$doit fi -if [ x"$dir_arg" != x ]; then - dst=$src - src="" - - if [ -d $dst ]; then - instcmd=: - chmodcmd="" - else - instcmd=mkdir - fi -else +# Put in absolute file names if you don't have them in your path; +# or use environment vars. + +chgrpprog=${CHGRPPROG-chgrp} +chmodprog=${CHMODPROG-chmod} +chownprog=${CHOWNPROG-chown} +cmpprog=${CMPPROG-cmp} +cpprog=${CPPROG-cp} +mkdirprog=${MKDIRPROG-mkdir} +mvprog=${MVPROG-mv} +rmprog=${RMPROG-rm} +stripprog=${STRIPPROG-strip} + +posix_glob='?' +initialize_posix_glob=' + test "$posix_glob" != "?" || { + if (set -f) 2>/dev/null; then + posix_glob= + else + posix_glob=: + fi + } +' -# Waiting for this to be detected by the "$instcmd $src $dsttmp" command -# might cause directories to be created, which would be especially bad -# if $src (and thus $dsttmp) contains '*'. +posix_mkdir= - if [ -f $src -o -d $src ] - then - true - else - echo "install: $src does not exist" - exit 1 - fi - - if [ x"$dst" = x ] - then - echo "install: no destination specified" - exit 1 - else - true - fi +# Desired mode of installed file. +mode=0755 -# If destination is a directory, append the input filename; if your system -# does not like double slashes in filenames, you may need to add some logic +chgrpcmd= +chmodcmd=$chmodprog +chowncmd= +mvcmd=$mvprog +rmcmd="$rmprog -f" +stripcmd= - if [ -d $dst ] - then - dst="$dst"/`basename $src` - else - true - fi -fi +src= +dst= +dir_arg= +dst_arg= -## this sed command emulates the dirname command -dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` +copy_on_change=false +no_target_directory= -# Make sure that the destination directory exists. -# this part is taken from Noah Friedman's mkinstalldirs script +usage="\ +Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE + or: $0 [OPTION]... SRCFILES... DIRECTORY + or: $0 [OPTION]... -t DIRECTORY SRCFILES... + or: $0 [OPTION]... -d DIRECTORIES... -# Skip lots of stat calls in the usual case. -if [ ! -d "$dstdir" ]; then -defaultIFS=' -' -IFS="${IFS-${defaultIFS}}" +In the 1st form, copy SRCFILE to DSTFILE. +In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. +In the 4th, create DIRECTORIES. -oIFS="${IFS}" -# Some sh's can't handle IFS=/ for some reason. -IFS='%' -set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` -IFS="${oIFS}" +Options: + --help display this help and exit. + --version display version info and exit. -pathcomp='' + -c (ignored) + -C install only if different (preserve the last data modification time) + -d create directories instead of installing files. + -g GROUP $chgrpprog installed files to GROUP. + -m MODE $chmodprog installed files to MODE. + -o USER $chownprog installed files to USER. + -s $stripprog installed files. + -t DIRECTORY install into DIRECTORY. + -T report an error if DSTFILE is a directory. -while [ $# -ne 0 ] ; do - pathcomp="${pathcomp}${1}" - shift +Environment variables override the default commands: + CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG + RMPROG STRIPPROG +" - if [ ! -d "${pathcomp}" ] ; - then - $mkdirprog "${pathcomp}" - else - true - fi +while test $# -ne 0; do + case $1 in + -c) ;; - pathcomp="${pathcomp}/" -done -fi + -C) copy_on_change=true;; -if [ x"$dir_arg" != x ] -then - $doit $instcmd $dst && + -d) dir_arg=true;; - if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && - if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && - if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && - if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi -else + -g) chgrpcmd="$chgrpprog $2" + shift;; -# If we're going to rename the final executable, determine the name now. + --help) echo "$usage"; exit $?;; - if [ x"$transformarg" = x ] - then - dstfile=`basename $dst` - else - dstfile=`basename $dst $transformbasename | - sed $transformarg`$transformbasename - fi + -m) mode=$2 + case $mode in + *' '* | *' '* | *' +'* | *'*'* | *'?'* | *'['*) + echo "$0: invalid mode: $mode" >&2 + exit 1;; + esac + shift;; -# don't allow the sed command to completely eliminate the filename + -o) chowncmd="$chownprog $2" + shift;; - if [ x"$dstfile" = x ] - then - dstfile=`basename $dst` - else - true - fi + -s) stripcmd=$stripprog;; -# Make a temp file name in the proper directory. + -t) dst_arg=$2 + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac + shift;; - dsttmp=$dstdir/#inst.$$# + -T) no_target_directory=true;; -# Move or copy the file name to the temp name + --version) echo "$0 $scriptversion"; exit $?;; - $doit $instcmd $src $dsttmp && + --) shift + break;; - trap "rm -f ${dsttmp}" 0 && + -*) echo "$0: invalid option: $1" >&2 + exit 1;; -# and set any options; do chmod last to preserve setuid bits + *) break;; + esac + shift +done -# If any of these fail, we abort the whole thing. If we want to -# ignore errors from any of these, just make sure not to ignore -# errors from the above "$doit $instcmd $src $dsttmp" command. +if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then + # When -d is used, all remaining arguments are directories to create. + # When -t is used, the destination is already specified. + # Otherwise, the last argument is the destination. Remove it from $@. + for arg + do + if test -n "$dst_arg"; then + # $@ is not empty: it contains at least $arg. + set fnord "$@" "$dst_arg" + shift # fnord + fi + shift # arg + dst_arg=$arg + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac + done +fi - if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && - if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && - if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && - if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && +if test $# -eq 0; then + if test -z "$dir_arg"; then + echo "$0: no input file specified." >&2 + exit 1 + fi + # It's OK to call 'install-sh -d' without argument. + # This can happen when creating conditional directories. + exit 0 +fi -# Now rename the file to the real destination. +if test -z "$dir_arg"; then + do_exit='(exit $ret); exit $ret' + trap "ret=129; $do_exit" 1 + trap "ret=130; $do_exit" 2 + trap "ret=141; $do_exit" 13 + trap "ret=143; $do_exit" 15 + + # Set umask so as not to create temps with too-generous modes. + # However, 'strip' requires both read and write access to temps. + case $mode in + # Optimize common cases. + *644) cp_umask=133;; + *755) cp_umask=22;; + + *[0-7]) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw='% 200' + fi + cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; + *) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw=,u+rw + fi + cp_umask=$mode$u_plus_rw;; + esac +fi - $doit $rmcmd -f $dstdir/$dstfile && - $doit $mvcmd $dsttmp $dstdir/$dstfile +for src +do + # Protect names problematic for 'test' and other utilities. + case $src in + -* | [=\(\)!]) src=./$src;; + esac + + if test -n "$dir_arg"; then + dst=$src + dstdir=$dst + test -d "$dstdir" + dstdir_status=$? + else + + # Waiting for this to be detected by the "$cpprog $src $dsttmp" command + # might cause directories to be created, which would be especially bad + # if $src (and thus $dsttmp) contains '*'. + if test ! -f "$src" && test ! -d "$src"; then + echo "$0: $src does not exist." >&2 + exit 1 + fi + + if test -z "$dst_arg"; then + echo "$0: no destination specified." >&2 + exit 1 + fi + dst=$dst_arg + + # If destination is a directory, append the input filename; won't work + # if double slashes aren't ignored. + if test -d "$dst"; then + if test -n "$no_target_directory"; then + echo "$0: $dst_arg: Is a directory" >&2 + exit 1 + fi + dstdir=$dst + dst=$dstdir/`basename "$src"` + dstdir_status=0 + else + # Prefer dirname, but fall back on a substitute if dirname fails. + dstdir=` + (dirname "$dst") 2>/dev/null || + expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$dst" : 'X\(//\)[^/]' \| \ + X"$dst" : 'X\(//\)$' \| \ + X"$dst" : 'X\(/\)' \| . 2>/dev/null || + echo X"$dst" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q' + ` + + test -d "$dstdir" + dstdir_status=$? + fi + fi + + obsolete_mkdir_used=false + + if test $dstdir_status != 0; then + case $posix_mkdir in + '') + # Create intermediate dirs using mode 755 as modified by the umask. + # This is like FreeBSD 'install' as of 1997-10-28. + umask=`umask` + case $stripcmd.$umask in + # Optimize common cases. + *[2367][2367]) mkdir_umask=$umask;; + .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; + + *[0-7]) + mkdir_umask=`expr $umask + 22 \ + - $umask % 100 % 40 + $umask % 20 \ + - $umask % 10 % 4 + $umask % 2 + `;; + *) mkdir_umask=$umask,go-w;; + esac + + # With -d, create the new directory with the user-specified mode. + # Otherwise, rely on $mkdir_umask. + if test -n "$dir_arg"; then + mkdir_mode=-m$mode + else + mkdir_mode= + fi -fi && + posix_mkdir=false + case $umask in + *[123567][0-7][0-7]) + # POSIX mkdir -p sets u+wx bits regardless of umask, which + # is incompatible with FreeBSD 'install' when (umask & 300) != 0. + ;; + *) + tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ + trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 + + if (umask $mkdir_umask && + exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 + then + if test -z "$dir_arg" || { + # Check for POSIX incompatibilities with -m. + # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or + # other-writable bit of parent directory when it shouldn't. + # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. + ls_ld_tmpdir=`ls -ld "$tmpdir"` + case $ls_ld_tmpdir in + d????-?r-*) different_mode=700;; + d????-?--*) different_mode=755;; + *) false;; + esac && + $mkdirprog -m$different_mode -p -- "$tmpdir" && { + ls_ld_tmpdir_1=`ls -ld "$tmpdir"` + test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" + } + } + then posix_mkdir=: + fi + rmdir "$tmpdir/d" "$tmpdir" + else + # Remove any dirs left behind by ancient mkdir implementations. + rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null + fi + trap '' 0;; + esac;; + esac + if + $posix_mkdir && ( + umask $mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" + ) + then : + else + + # The umask is ridiculous, or mkdir does not conform to POSIX, + # or it failed possibly due to a race condition. Create the + # directory the slow way, step by step, checking for races as we go. + + case $dstdir in + /*) prefix='/';; + [-=\(\)!]*) prefix='./';; + *) prefix='';; + esac + + eval "$initialize_posix_glob" + + oIFS=$IFS + IFS=/ + $posix_glob set -f + set fnord $dstdir + shift + $posix_glob set +f + IFS=$oIFS + + prefixes= + + for d + do + test X"$d" = X && continue + + prefix=$prefix$d + if test -d "$prefix"; then + prefixes= + else + if $posix_mkdir; then + (umask=$mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break + # Don't fail if two instances are running concurrently. + test -d "$prefix" || exit 1 + else + case $prefix in + *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; + *) qprefix=$prefix;; + esac + prefixes="$prefixes '$qprefix'" + fi + fi + prefix=$prefix/ + done + + if test -n "$prefixes"; then + # Don't fail if two instances are running concurrently. + (umask $mkdir_umask && + eval "\$doit_exec \$mkdirprog $prefixes") || + test -d "$dstdir" || exit 1 + obsolete_mkdir_used=true + fi + fi + fi + + if test -n "$dir_arg"; then + { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && + { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || + test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 + else + + # Make a couple of temp file names in the proper directory. + dsttmp=$dstdir/_inst.$$_ + rmtmp=$dstdir/_rm.$$_ + + # Trap to clean up those temp files at exit. + trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 + + # Copy the file name to the temp name. + (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && + + # and set any options; do chmod last to preserve setuid bits. + # + # If any of these fail, we abort the whole thing. If we want to + # ignore errors from any of these, just make sure not to ignore + # errors from the above "$doit $cpprog $src $dsttmp" command. + # + { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && + { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && + { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && + + # If -C, don't bother to copy if it wouldn't change the file. + if $copy_on_change && + old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && + new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && + + eval "$initialize_posix_glob" && + $posix_glob set -f && + set X $old && old=:$2:$4:$5:$6 && + set X $new && new=:$2:$4:$5:$6 && + $posix_glob set +f && + + test "$old" = "$new" && + $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 + then + rm -f "$dsttmp" + else + # Rename the file to the real destination. + $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || + + # The rename failed, perhaps because mv can't rename something else + # to itself, or perhaps because mv is so ancient that it does not + # support -f. + { + # Now remove or move aside any old file at destination location. + # We try this two ways since rm can't unlink itself on some + # systems and the destination file might be busy for other + # reasons. In this case, the final cleanup might fail but the new + # file should still install successfully. + { + test ! -f "$dst" || + $doit $rmcmd -f "$dst" 2>/dev/null || + { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && + { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } + } || + { echo "$0: cannot unlink or rename $dst" >&2 + (exit 1); exit 1 + } + } && + + # Now rename the file to the real destination. + $doit $mvcmd "$dsttmp" "$dst" + } + fi || exit 1 + + trap '' 0 + fi +done -exit 0 +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff --git a/kex.c b/kex.c index d5d5a9dae996..15ea28b07f5b 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.134 2017/06/13 12:13:59 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.136 2018/02/07 02:06:50 jsing Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -587,11 +587,9 @@ kex_free(struct kex *kex) u_int mode; #ifdef WITH_OPENSSL - if (kex->dh) - DH_free(kex->dh); + DH_free(kex->dh); #ifdef OPENSSL_HAS_ECC - if (kex->ec_client_key) - EC_KEY_free(kex->ec_client_key); + EC_KEY_free(kex->ec_client_key); #endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ for (mode = 0; mode < MODE_MAX; mode++) { @@ -675,9 +673,6 @@ choose_mac(struct ssh *ssh, struct sshmac *mac, char *client, char *server) free(name); return SSH_ERR_INTERNAL_ERROR; } - /* truncate the key */ - if (ssh->compat & SSH_BUG_HMAC) - mac->key_len = 16; mac->name = name; mac->key = NULL; mac->enabled = 0; @@ -866,8 +861,7 @@ kex_choose_conf(struct ssh *ssh) kex->dh_need = dh_need; /* ignore the next message if the proposals do not match */ - if (first_kex_follows && !proposals_match(my, peer) && - !(ssh->compat & SSH_BUG_FIRSTKEX)) + if (first_kex_follows && !proposals_match(my, peer)) ssh->dispatch_skip_packets = 1; r = 0; out: diff --git a/kexc25519c.c b/kexc25519c.c index e488013e93cd..a8d92149c3fd 100644 --- a/kexc25519c.c +++ b/kexc25519c.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519c.c,v 1.8 2017/05/31 04:17:12 djm Exp $ */ +/* $OpenBSD: kexc25519c.c,v 1.9 2017/12/18 02:25:15 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -141,7 +141,7 @@ input_kex_c25519_reply(int type, u_int32_t seq, struct ssh *ssh) goto out; if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, - ssh->compat)) != 0) + kex->hostkey_alg, ssh->compat)) != 0) goto out; /* save session id */ diff --git a/kexc25519s.c b/kexc25519s.c index 0a008d44746f..0800a7a4bcf4 100644 --- a/kexc25519s.c +++ b/kexc25519s.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519s.c,v 1.10 2015/12/04 16:41:28 markus Exp $ */ +/* $OpenBSD: kexc25519s.c,v 1.11 2017/05/31 04:19:28 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. diff --git a/kexdhc.c b/kexdhc.c index 9864ee2ec92e..9a9f1ea784e8 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.20 2017/05/30 14:23:52 markus Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.22 2018/02/07 02:06:51 jsing Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -183,7 +183,7 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh) goto out; if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, - ssh->compat)) != 0) + kex->hostkey_alg, ssh->compat)) != 0) goto out; /* save session id */ @@ -203,14 +203,12 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh) explicit_bzero(hash, sizeof(hash)); DH_free(kex->dh); kex->dh = NULL; - if (dh_server_pub) - BN_clear_free(dh_server_pub); + BN_clear_free(dh_server_pub); if (kbuf) { explicit_bzero(kbuf, klen); free(kbuf); } - if (shared_secret) - BN_clear_free(shared_secret); + BN_clear_free(shared_secret); sshkey_free(server_host_key); free(server_host_key_blob); free(signature); diff --git a/kexdhs.c b/kexdhs.c index 81ce56d7a5ad..da8f4c439fb7 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.25 2017/05/30 14:23:52 markus Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.26 2018/02/07 02:06:51 jsing Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -208,14 +208,12 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) explicit_bzero(hash, sizeof(hash)); DH_free(kex->dh); kex->dh = NULL; - if (dh_client_pub) - BN_clear_free(dh_client_pub); + BN_clear_free(dh_client_pub); if (kbuf) { explicit_bzero(kbuf, klen); free(kbuf); } - if (shared_secret) - BN_clear_free(shared_secret); + BN_clear_free(shared_secret); free(server_host_key_blob); free(signature); return r; diff --git a/kexecdhc.c b/kexecdhc.c index d8a8b660fd56..ac146a362ee0 100644 --- a/kexecdhc.c +++ b/kexecdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhc.c,v 1.11 2017/05/30 14:23:52 markus Exp $ */ +/* $OpenBSD: kexecdhc.c,v 1.13 2018/02/07 02:06:51 jsing Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -89,8 +89,7 @@ kexecdh_client(struct ssh *ssh) ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_REPLY, &input_kex_ecdh_reply); r = 0; out: - if (client_key) - EC_KEY_free(client_key); + EC_KEY_free(client_key); return r; } @@ -188,7 +187,7 @@ input_kex_ecdh_reply(int type, u_int32_t seq, struct ssh *ssh) goto out; if ((r = sshkey_verify(server_host_key, signature, slen, hash, - hashlen, ssh->compat)) != 0) + hashlen, kex->hostkey_alg, ssh->compat)) != 0) goto out; /* save session id */ @@ -206,18 +205,14 @@ input_kex_ecdh_reply(int type, u_int32_t seq, struct ssh *ssh) r = kex_send_newkeys(ssh); out: explicit_bzero(hash, sizeof(hash)); - if (kex->ec_client_key) { - EC_KEY_free(kex->ec_client_key); - kex->ec_client_key = NULL; - } - if (server_public) - EC_POINT_clear_free(server_public); + EC_KEY_free(kex->ec_client_key); + kex->ec_client_key = NULL; + EC_POINT_clear_free(server_public); if (kbuf) { explicit_bzero(kbuf, klen); free(kbuf); } - if (shared_secret) - BN_clear_free(shared_secret); + BN_clear_free(shared_secret); sshkey_free(server_host_key); free(server_host_key_blob); free(signature); diff --git a/kexecdhs.c b/kexecdhs.c index dc24a3af609b..af4f30309971 100644 --- a/kexecdhs.c +++ b/kexecdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhs.c,v 1.16 2017/05/30 14:23:52 markus Exp $ */ +/* $OpenBSD: kexecdhs.c,v 1.17 2018/02/07 02:06:51 jsing Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -187,18 +187,14 @@ input_kex_ecdh_init(int type, u_int32_t seq, struct ssh *ssh) r = kex_send_newkeys(ssh); out: explicit_bzero(hash, sizeof(hash)); - if (kex->ec_client_key) { - EC_KEY_free(kex->ec_client_key); - kex->ec_client_key = NULL; - } - if (server_key) - EC_KEY_free(server_key); + EC_KEY_free(kex->ec_client_key); + kex->ec_client_key = NULL; + EC_KEY_free(server_key); if (kbuf) { explicit_bzero(kbuf, klen); free(kbuf); } - if (shared_secret) - BN_clear_free(shared_secret); + BN_clear_free(shared_secret); free(server_host_key_blob); free(signature); return r; diff --git a/kexgexc.c b/kexgexc.c index cd11287525b6..762a9a322958 100644 --- a/kexgexc.c +++ b/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.25 2017/05/30 14:23:52 markus Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.27 2018/02/07 02:06:51 jsing Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -134,10 +134,8 @@ input_kex_dh_gex_group(int type, u_int32_t seq, struct ssh *ssh) ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REPLY, &input_kex_dh_gex_reply); r = 0; out: - if (p) - BN_clear_free(p); - if (g) - BN_clear_free(g); + BN_clear_free(p); + BN_clear_free(g); return r; } @@ -230,7 +228,7 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) goto out; if ((r = sshkey_verify(server_host_key, signature, slen, hash, - hashlen, ssh->compat)) != 0) + hashlen, kex->hostkey_alg, ssh->compat)) != 0) goto out; /* save session id */ @@ -250,14 +248,12 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) explicit_bzero(hash, sizeof(hash)); DH_free(kex->dh); kex->dh = NULL; - if (dh_server_pub) - BN_clear_free(dh_server_pub); + BN_clear_free(dh_server_pub); if (kbuf) { explicit_bzero(kbuf, klen); free(kbuf); } - if (shared_secret) - BN_clear_free(shared_secret); + BN_clear_free(shared_secret); sshkey_free(server_host_key); free(server_host_key_blob); free(signature); diff --git a/kexgexs.c b/kexgexs.c index c5dd00578a33..d7b48ea88808 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.31 2017/05/30 14:23:52 markus Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.32 2018/02/07 02:06:51 jsing Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -237,14 +237,12 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) out: DH_free(kex->dh); kex->dh = NULL; - if (dh_client_pub) - BN_clear_free(dh_client_pub); + BN_clear_free(dh_client_pub); if (kbuf) { explicit_bzero(kbuf, klen); free(kbuf); } - if (shared_secret) - BN_clear_free(shared_secret); + BN_clear_free(shared_secret); free(server_host_key_blob); free(signature); return r; diff --git a/key.c b/key.c index 6e338c495bbb..a05fdd3c07c8 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.131 2017/05/30 14:16:41 markus Exp $ */ +/* $OpenBSD: key.c,v 1.132 2017/12/18 02:25:15 djm Exp $ */ /* * placed in the public domain */ @@ -95,21 +95,6 @@ key_sign(const Key *key, u_char **sigp, u_int *lenp, return 0; } -int -key_verify(const Key *key, const u_char *signature, u_int signaturelen, - const u_char *data, u_int datalen) -{ - int r; - - if ((r = sshkey_verify(key, signature, signaturelen, - data, datalen, datafellows)) != 0) { - fatal_on_fatal_errors(r, __func__, 0); - error("%s: %s", __func__, ssh_err(r)); - return r == SSH_ERR_SIGNATURE_INVALID ? 0 : -1; - } - return 1; -} - Key * key_demote(const Key *k) { diff --git a/key.h b/key.h index a14f370376c0..fd59cbf544d4 100644 --- a/key.h +++ b/key.h @@ -1,4 +1,4 @@ -/* $OpenBSD: key.h,v 1.51 2017/05/30 14:16:41 markus Exp $ */ +/* $OpenBSD: key.h,v 1.52 2017/12/18 02:25:15 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -58,7 +58,6 @@ int key_to_blob(const Key *, u_char **, u_int *); int key_sign(const Key *, u_char **, u_int *, const u_char *, u_int, const char *); -int key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); /* authfile.c */ Key *key_load_cert(const char *); diff --git a/krl.c b/krl.c index 086fc20e5933..379153247b37 100644 --- a/krl.c +++ b/krl.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.40 2017/05/31 09:15:42 deraadt Exp $ */ +/* $OpenBSD: krl.c,v 1.41 2017/12/18 02:25:15 djm Exp $ */ #include "includes.h" @@ -1014,7 +1014,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, } /* Check signature over entire KRL up to this point */ if ((r = sshkey_verify(key, blob, blen, - sshbuf_ptr(buf), sig_off, 0)) != 0) + sshbuf_ptr(buf), sig_off, NULL, 0)) != 0) goto out; /* Check if this key has already signed this KRL */ for (i = 0; i < nca_used; i++) { diff --git a/loginrec.c b/loginrec.c index 788553e9204d..bdbc9bbf44f7 100644 --- a/loginrec.c +++ b/loginrec.c @@ -663,15 +663,9 @@ construct_utmp(struct logininfo *li, switch (li->type) { case LTYPE_LOGIN: ut->ut_type = USER_PROCESS; -#ifdef _UNICOS - cray_set_tmpdir(ut); -#endif break; case LTYPE_LOGOUT: ut->ut_type = DEAD_PROCESS; -#ifdef _UNICOS - cray_retain_utmp(ut, li->pid); -#endif break; } # endif diff --git a/md5crypt.c b/md5crypt.c index 22ef9893356e..52cf2959a832 100644 --- a/md5crypt.c +++ b/md5crypt.c @@ -50,7 +50,7 @@ is_md5_salt(const char *salt) char * md5_crypt(const char *pw, const char *salt) { - static char passwd[120], salt_copy[9], *p; + static char passwd[120], salt_copy[9]; static const char *sp, *ep; unsigned char final[16]; int sl, pl, i, j; @@ -139,8 +139,6 @@ md5_crypt(const char *pw, const char *salt) MD5_Final(final, &ctx1); } - p = passwd + strlen(passwd); - l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; strlcat(passwd, to64(l, 4), sizeof(passwd)); l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; diff --git a/mdoc2man.awk b/mdoc2man.awk index 3e8725452ed3..d393ae6f1476 100644 --- a/mdoc2man.awk +++ b/mdoc2man.awk @@ -1,7 +1,5 @@ #!/usr/bin/awk # -# $Id: mdoc2man.awk,v 1.9 2009/10/24 00:52:42 dtucker Exp $ -# # Version history: # v4+ Adapted for OpenSSH Portable (see cvs Id and history) # v3, I put the program under a proper license diff --git a/misc.c b/misc.c index 05950a471246..874dcc8a2344 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.113 2017/08/18 05:48:04 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.127 2018/03/12 00:52:01 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -167,6 +167,73 @@ set_nodelay(int fd) error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); } +/* Allow local port reuse in TIME_WAIT */ +int +set_reuseaddr(int fd) +{ + int on = 1; + + if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1) { + error("setsockopt SO_REUSEADDR fd %d: %s", fd, strerror(errno)); + return -1; + } + return 0; +} + +/* Get/set routing domain */ +char * +get_rdomain(int fd) +{ +#if defined(HAVE_SYS_GET_RDOMAIN) + return sys_get_rdomain(fd); +#elif defined(__OpenBSD__) + int rtable; + char *ret; + socklen_t len = sizeof(rtable); + + if (getsockopt(fd, SOL_SOCKET, SO_RTABLE, &rtable, &len) == -1) { + error("Failed to get routing domain for fd %d: %s", + fd, strerror(errno)); + return NULL; + } + xasprintf(&ret, "%d", rtable); + return ret; +#else /* defined(__OpenBSD__) */ + return NULL; +#endif +} + +int +set_rdomain(int fd, const char *name) +{ +#if defined(HAVE_SYS_SET_RDOMAIN) + return sys_set_rdomain(fd, name); +#elif defined(__OpenBSD__) + int rtable; + const char *errstr; + + if (name == NULL) + return 0; /* default table */ + + rtable = (int)strtonum(name, 0, 255, &errstr); + if (errstr != NULL) { + /* Shouldn't happen */ + error("Invalid routing domain \"%s\": %s", name, errstr); + return -1; + } + if (setsockopt(fd, SOL_SOCKET, SO_RTABLE, + &rtable, sizeof(rtable)) == -1) { + error("Failed to set routing domain %d on fd %d: %s", + rtable, fd, strerror(errno)); + return -1; + } + return 0; +#else /* defined(__OpenBSD__) */ + error("Setting routing domain is not supported on this platform"); + return -1; +#endif +} + /* Characters considered whitespace in strsep calls. */ #define WHITESPACE " \t\r\n" #define QUOTE "\"" @@ -395,11 +462,12 @@ put_host_port(const char *host, u_short port) * Search for next delimiter between hostnames/addresses and ports. * Argument may be modified (for termination). * Returns *cp if parsing succeeds. - * *cp is set to the start of the next delimiter, if one was found. + * *cp is set to the start of the next field, if one was found. + * The delimiter char, if present, is stored in delim. * If this is the last field, *cp is set to NULL. */ -char * -hpdelim(char **cp) +static char * +hpdelim2(char **cp, char *delim) { char *s, *old; @@ -422,6 +490,8 @@ hpdelim(char **cp) case ':': case '/': + if (delim != NULL) + *delim = *s; *s = '\0'; /* terminate */ *cp = s + 1; break; @@ -433,6 +503,12 @@ hpdelim(char **cp) return old; } +char * +hpdelim(char **cp) +{ + return hpdelim2(cp, NULL); +} + char * cleanhostname(char *host) { @@ -466,6 +542,75 @@ colon(char *cp) return NULL; } +/* + * Parse a [user@]host:[path] string. + * Caller must free returned user, host and path. + * Any of the pointer return arguments may be NULL (useful for syntax checking). + * If user was not specified then *userp will be set to NULL. + * If host was not specified then *hostp will be set to NULL. + * If path was not specified then *pathp will be set to ".". + * Returns 0 on success, -1 on failure. + */ +int +parse_user_host_path(const char *s, char **userp, char **hostp, char **pathp) +{ + char *user = NULL, *host = NULL, *path = NULL; + char *sdup, *tmp; + int ret = -1; + + if (userp != NULL) + *userp = NULL; + if (hostp != NULL) + *hostp = NULL; + if (pathp != NULL) + *pathp = NULL; + + sdup = xstrdup(s); + + /* Check for remote syntax: [user@]host:[path] */ + if ((tmp = colon(sdup)) == NULL) + goto out; + + /* Extract optional path */ + *tmp++ = '\0'; + if (*tmp == '\0') + tmp = "."; + path = xstrdup(tmp); + + /* Extract optional user and mandatory host */ + tmp = strrchr(sdup, '@'); + if (tmp != NULL) { + *tmp++ = '\0'; + host = xstrdup(cleanhostname(tmp)); + if (*sdup != '\0') + user = xstrdup(sdup); + } else { + host = xstrdup(cleanhostname(sdup)); + user = NULL; + } + + /* Success */ + if (userp != NULL) { + *userp = user; + user = NULL; + } + if (hostp != NULL) { + *hostp = host; + host = NULL; + } + if (pathp != NULL) { + *pathp = path; + path = NULL; + } + ret = 0; +out: + free(sdup); + free(user); + free(host); + free(path); + return ret; +} + /* * Parse a [user@]host[:port] string. * Caller must free returned user and host. @@ -491,7 +636,7 @@ parse_user_host_port(const char *s, char **userp, char **hostp, int *portp) if ((sdup = tmp = strdup(s)) == NULL) return -1; /* Extract optional username */ - if ((cp = strchr(tmp, '@')) != NULL) { + if ((cp = strrchr(tmp, '@')) != NULL) { *cp = '\0'; if (*tmp == '\0') goto out; @@ -527,6 +672,168 @@ parse_user_host_port(const char *s, char **userp, char **hostp, int *portp) return ret; } +/* + * Converts a two-byte hex string to decimal. + * Returns the decimal value or -1 for invalid input. + */ +static int +hexchar(const char *s) +{ + unsigned char result[2]; + int i; + + for (i = 0; i < 2; i++) { + if (s[i] >= '0' && s[i] <= '9') + result[i] = (unsigned char)(s[i] - '0'); + else if (s[i] >= 'a' && s[i] <= 'f') + result[i] = (unsigned char)(s[i] - 'a') + 10; + else if (s[i] >= 'A' && s[i] <= 'F') + result[i] = (unsigned char)(s[i] - 'A') + 10; + else + return -1; + } + return (result[0] << 4) | result[1]; +} + +/* + * Decode an url-encoded string. + * Returns a newly allocated string on success or NULL on failure. + */ +static char * +urldecode(const char *src) +{ + char *ret, *dst; + int ch; + + ret = xmalloc(strlen(src) + 1); + for (dst = ret; *src != '\0'; src++) { + switch (*src) { + case '+': + *dst++ = ' '; + break; + case '%': + if (!isxdigit((unsigned char)src[1]) || + !isxdigit((unsigned char)src[2]) || + (ch = hexchar(src + 1)) == -1) { + free(ret); + return NULL; + } + *dst++ = ch; + src += 2; + break; + default: + *dst++ = *src; + break; + } + } + *dst = '\0'; + + return ret; +} + +/* + * Parse an (scp|ssh|sftp)://[user@]host[:port][/path] URI. + * See https://tools.ietf.org/html/draft-ietf-secsh-scp-sftp-ssh-uri-04 + * Either user or path may be url-encoded (but not host or port). + * Caller must free returned user, host and path. + * Any of the pointer return arguments may be NULL (useful for syntax checking) + * but the scheme must always be specified. + * If user was not specified then *userp will be set to NULL. + * If port was not specified then *portp will be -1. + * If path was not specified then *pathp will be set to NULL. + * Returns 0 on success, 1 if non-uri/wrong scheme, -1 on error/invalid uri. + */ +int +parse_uri(const char *scheme, const char *uri, char **userp, char **hostp, + int *portp, char **pathp) +{ + char *uridup, *cp, *tmp, ch; + char *user = NULL, *host = NULL, *path = NULL; + int port = -1, ret = -1; + size_t len; + + len = strlen(scheme); + if (strncmp(uri, scheme, len) != 0 || strncmp(uri + len, "://", 3) != 0) + return 1; + uri += len + 3; + + if (userp != NULL) + *userp = NULL; + if (hostp != NULL) + *hostp = NULL; + if (portp != NULL) + *portp = -1; + if (pathp != NULL) + *pathp = NULL; + + uridup = tmp = xstrdup(uri); + + /* Extract optional ssh-info (username + connection params) */ + if ((cp = strchr(tmp, '@')) != NULL) { + char *delim; + + *cp = '\0'; + /* Extract username and connection params */ + if ((delim = strchr(tmp, ';')) != NULL) { + /* Just ignore connection params for now */ + *delim = '\0'; + } + if (*tmp == '\0') { + /* Empty username */ + goto out; + } + if ((user = urldecode(tmp)) == NULL) + goto out; + tmp = cp + 1; + } + + /* Extract mandatory hostname */ + if ((cp = hpdelim2(&tmp, &ch)) == NULL || *cp == '\0') + goto out; + host = xstrdup(cleanhostname(cp)); + if (!valid_domain(host, 0, NULL)) + goto out; + + if (tmp != NULL && *tmp != '\0') { + if (ch == ':') { + /* Convert and verify port. */ + if ((cp = strchr(tmp, '/')) != NULL) + *cp = '\0'; + if ((port = a2port(tmp)) <= 0) + goto out; + tmp = cp ? cp + 1 : NULL; + } + if (tmp != NULL && *tmp != '\0') { + /* Extract optional path */ + if ((path = urldecode(tmp)) == NULL) + goto out; + } + } + + /* Success */ + if (userp != NULL) { + *userp = user; + user = NULL; + } + if (hostp != NULL) { + *hostp = host; + host = NULL; + } + if (portp != NULL) + *portp = port; + if (pathp != NULL) { + *pathp = path; + path = NULL; + } + ret = 0; + out: + free(uridup); + free(user); + free(host); + free(path); + return ret; +} + /* function to assist building execv() arguments */ void addargs(arglist *args, char *fmt, ...) @@ -724,16 +1031,19 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, } int -tun_open(int tun, int mode) +tun_open(int tun, int mode, char **ifname) { #if defined(CUSTOM_SYS_TUN_OPEN) - return (sys_tun_open(tun, mode)); + return (sys_tun_open(tun, mode, ifname)); #elif defined(SSH_TUN_OPENBSD) struct ifreq ifr; char name[100]; int fd = -1, sock; const char *tunbase = "tun"; + if (ifname != NULL) + *ifname = NULL; + if (mode == SSH_TUNMODE_ETHERNET) tunbase = "tap"; @@ -780,6 +1090,9 @@ tun_open(int tun, int mode) } } + if (ifname != NULL) + *ifname = xstrdup(ifr.ifr_name); + close(sock); return fd; @@ -946,8 +1259,8 @@ ms_subtract_diff(struct timeval *start, int *ms) { struct timeval diff, finish; - gettimeofday(&finish, NULL); - timersub(&finish, start, &diff); + monotime_tv(&finish); + timersub(&finish, start, &diff); *ms -= (diff.tv_sec * 1000) + (diff.tv_usec / 1000); } @@ -960,54 +1273,63 @@ ms_to_timeval(struct timeval *tv, int ms) tv->tv_usec = (ms % 1000) * 1000; } -time_t -monotime(void) +void +monotime_ts(struct timespec *ts) { -#if defined(HAVE_CLOCK_GETTIME) && \ - (defined(CLOCK_MONOTONIC) || defined(CLOCK_BOOTTIME)) - struct timespec ts; + struct timeval tv; +#if defined(HAVE_CLOCK_GETTIME) && (defined(CLOCK_BOOTTIME) || \ + defined(CLOCK_MONOTONIC) || defined(CLOCK_REALTIME)) static int gettime_failed = 0; if (!gettime_failed) { -#if defined(CLOCK_BOOTTIME) - if (clock_gettime(CLOCK_BOOTTIME, &ts) == 0) - return (ts.tv_sec); -#endif -#if defined(CLOCK_MONOTONIC) - if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0) - return (ts.tv_sec); -#endif +# ifdef CLOCK_BOOTTIME + if (clock_gettime(CLOCK_BOOTTIME, ts) == 0) + return; +# endif /* CLOCK_BOOTTIME */ +# ifdef CLOCK_MONOTONIC + if (clock_gettime(CLOCK_MONOTONIC, ts) == 0) + return; +# endif /* CLOCK_MONOTONIC */ +# ifdef CLOCK_REALTIME + /* Not monotonic, but we're almost out of options here. */ + if (clock_gettime(CLOCK_REALTIME, ts) == 0) + return; +# endif /* CLOCK_REALTIME */ debug3("clock_gettime: %s", strerror(errno)); gettime_failed = 1; } -#endif /* HAVE_CLOCK_GETTIME && (CLOCK_MONOTONIC || CLOCK_BOOTTIME */ +#endif /* HAVE_CLOCK_GETTIME && (BOOTTIME || MONOTONIC || REALTIME) */ + gettimeofday(&tv, NULL); + ts->tv_sec = tv.tv_sec; + ts->tv_nsec = (long)tv.tv_usec * 1000; +} - return time(NULL); +void +monotime_tv(struct timeval *tv) +{ + struct timespec ts; + + monotime_ts(&ts); + tv->tv_sec = ts.tv_sec; + tv->tv_usec = ts.tv_nsec / 1000; +} + +time_t +monotime(void) +{ + struct timespec ts; + + monotime_ts(&ts); + return ts.tv_sec; } double monotime_double(void) { -#if defined(HAVE_CLOCK_GETTIME) && \ - (defined(CLOCK_MONOTONIC) || defined(CLOCK_BOOTTIME)) struct timespec ts; - static int gettime_failed = 0; - - if (!gettime_failed) { -#if defined(CLOCK_BOOTTIME) - if (clock_gettime(CLOCK_BOOTTIME, &ts) == 0) - return (ts.tv_sec + (double)ts.tv_nsec / 1000000000); -#endif -#if defined(CLOCK_MONOTONIC) - if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0) - return (ts.tv_sec + (double)ts.tv_nsec / 1000000000); -#endif - debug3("clock_gettime: %s", strerror(errno)); - gettime_failed = 1; - } -#endif /* HAVE_CLOCK_GETTIME && (CLOCK_MONOTONIC || CLOCK_BOOTTIME */ - return (double)time(NULL); + monotime_ts(&ts); + return ts.tv_sec + ((double)ts.tv_nsec / 1000000000); } void @@ -1029,7 +1351,7 @@ bandwidth_limit(struct bwlimit *bw, size_t read_len) struct timespec ts, rm; if (!timerisset(&bw->bwstart)) { - gettimeofday(&bw->bwstart, NULL); + monotime_tv(&bw->bwstart); return; } @@ -1037,7 +1359,7 @@ bandwidth_limit(struct bwlimit *bw, size_t read_len) if (bw->lamt < bw->thresh) return; - gettimeofday(&bw->bwend, NULL); + monotime_tv(&bw->bwend); timersub(&bw->bwend, &bw->bwstart, &bw->bwend); if (!timerisset(&bw->bwend)) return; @@ -1071,7 +1393,7 @@ bandwidth_limit(struct bwlimit *bw, size_t read_len) } bw->lamt = 0; - gettimeofday(&bw->bwstart, NULL); + monotime_tv(&bw->bwstart); } /* Make a template filename for mk[sd]temp() */ @@ -1172,9 +1494,10 @@ unix_listener(const char *path, int backlog, int unlink_first) memset(&sunaddr, 0, sizeof(sunaddr)); sunaddr.sun_family = AF_UNIX; - if (strlcpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path)) >= sizeof(sunaddr.sun_path)) { - error("%s: \"%s\" too long for Unix domain socket", __func__, - path); + if (strlcpy(sunaddr.sun_path, path, + sizeof(sunaddr.sun_path)) >= sizeof(sunaddr.sun_path)) { + error("%s: path \"%s\" too long for Unix domain socket", + __func__, path); errno = ENAMETOOLONG; return -1; } @@ -1182,7 +1505,7 @@ unix_listener(const char *path, int backlog, int unlink_first) sock = socket(PF_UNIX, SOCK_STREAM, 0); if (sock < 0) { saved_errno = errno; - error("socket: %.100s", strerror(errno)); + error("%s: socket: %.100s", __func__, strerror(errno)); errno = saved_errno; return -1; } @@ -1192,18 +1515,18 @@ unix_listener(const char *path, int backlog, int unlink_first) } if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) { saved_errno = errno; - error("bind: %.100s", strerror(errno)); + error("%s: cannot bind to path %s: %s", + __func__, path, strerror(errno)); close(sock); - error("%s: cannot bind to path: %s", __func__, path); errno = saved_errno; return -1; } if (listen(sock, backlog) < 0) { saved_errno = errno; - error("listen: %.100s", strerror(errno)); + error("%s: cannot listen on path %s: %s", + __func__, path, strerror(errno)); close(sock); unlink(path); - error("%s: cannot listen on path: %s", __func__, path); errno = saved_errno; return -1; } @@ -1417,158 +1740,6 @@ argv_assemble(int argc, char **argv) return ret; } -/* - * Runs command in a subprocess wuth a minimal environment. - * Returns pid on success, 0 on failure. - * The child stdout and stderr maybe captured, left attached or sent to - * /dev/null depending on the contents of flags. - * "tag" is prepended to log messages. - * NB. "command" is only used for logging; the actual command executed is - * av[0]. - */ -pid_t -subprocess(const char *tag, struct passwd *pw, const char *command, - int ac, char **av, FILE **child, u_int flags) -{ - FILE *f = NULL; - struct stat st; - int fd, devnull, p[2], i; - pid_t pid; - char *cp, errmsg[512]; - u_int envsize; - char **child_env; - - if (child != NULL) - *child = NULL; - - debug3("%s: %s command \"%s\" running as %s (flags 0x%x)", __func__, - tag, command, pw->pw_name, flags); - - /* Check consistency */ - if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0 && - (flags & SSH_SUBPROCESS_STDOUT_CAPTURE) != 0) { - error("%s: inconsistent flags", __func__); - return 0; - } - if (((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) == 0) != (child == NULL)) { - error("%s: inconsistent flags/output", __func__); - return 0; - } - - /* - * If executing an explicit binary, then verify the it exists - * and appears safe-ish to execute - */ - if (*av[0] != '/') { - error("%s path is not absolute", tag); - return 0; - } - temporarily_use_uid(pw); - if (stat(av[0], &st) < 0) { - error("Could not stat %s \"%s\": %s", tag, - av[0], strerror(errno)); - restore_uid(); - return 0; - } - if (safe_path(av[0], &st, NULL, 0, errmsg, sizeof(errmsg)) != 0) { - error("Unsafe %s \"%s\": %s", tag, av[0], errmsg); - restore_uid(); - return 0; - } - /* Prepare to keep the child's stdout if requested */ - if (pipe(p) != 0) { - error("%s: pipe: %s", tag, strerror(errno)); - restore_uid(); - return 0; - } - restore_uid(); - - switch ((pid = fork())) { - case -1: /* error */ - error("%s: fork: %s", tag, strerror(errno)); - close(p[0]); - close(p[1]); - return 0; - case 0: /* child */ - /* Prepare a minimal environment for the child. */ - envsize = 5; - child_env = xcalloc(sizeof(*child_env), envsize); - child_set_env(&child_env, &envsize, "PATH", _PATH_STDPATH); - child_set_env(&child_env, &envsize, "USER", pw->pw_name); - child_set_env(&child_env, &envsize, "LOGNAME", pw->pw_name); - child_set_env(&child_env, &envsize, "HOME", pw->pw_dir); - if ((cp = getenv("LANG")) != NULL) - child_set_env(&child_env, &envsize, "LANG", cp); - - for (i = 0; i < NSIG; i++) - signal(i, SIG_DFL); - - if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) { - error("%s: open %s: %s", tag, _PATH_DEVNULL, - strerror(errno)); - _exit(1); - } - if (dup2(devnull, STDIN_FILENO) == -1) { - error("%s: dup2: %s", tag, strerror(errno)); - _exit(1); - } - - /* Set up stdout as requested; leave stderr in place for now. */ - fd = -1; - if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) != 0) - fd = p[1]; - else if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0) - fd = devnull; - if (fd != -1 && dup2(fd, STDOUT_FILENO) == -1) { - error("%s: dup2: %s", tag, strerror(errno)); - _exit(1); - } - closefrom(STDERR_FILENO + 1); - - /* Don't use permanently_set_uid() here to avoid fatal() */ - if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) { - error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid, - strerror(errno)); - _exit(1); - } - if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) { - error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid, - strerror(errno)); - _exit(1); - } - /* stdin is pointed to /dev/null at this point */ - if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0 && - dup2(STDIN_FILENO, STDERR_FILENO) == -1) { - error("%s: dup2: %s", tag, strerror(errno)); - _exit(1); - } - - execve(av[0], av, child_env); - error("%s exec \"%s\": %s", tag, command, strerror(errno)); - _exit(127); - default: /* parent */ - break; - } - - close(p[1]); - if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) == 0) - close(p[0]); - else if ((f = fdopen(p[0], "r")) == NULL) { - error("%s: fdopen: %s", tag, strerror(errno)); - close(p[0]); - /* Don't leave zombie child */ - kill(pid, SIGTERM); - while (waitpid(pid, NULL, 0) == -1 && errno == EINTR) - ; - return 0; - } - /* Success */ - debug3("%s: %s pid %ld", __func__, tag, (long)pid); - if (child != NULL) - *child = f; - return pid; -} - /* Returns 0 if pid exited cleanly, non-zero otherwise */ int exited_cleanly(pid_t pid, const char *tag, const char *cmd, int quiet) @@ -1739,7 +1910,122 @@ child_set_env(char ***envp, u_int *envsizep, const char *name, } /* Allocate space and format the variable in the appropriate slot. */ + /* XXX xasprintf */ env[i] = xmalloc(strlen(name) + 1 + strlen(value) + 1); snprintf(env[i], strlen(name) + 1 + strlen(value) + 1, "%s=%s", name, value); } +/* + * Check and optionally lowercase a domain name, also removes trailing '.' + * Returns 1 on success and 0 on failure, storing an error message in errstr. + */ +int +valid_domain(char *name, int makelower, const char **errstr) +{ + size_t i, l = strlen(name); + u_char c, last = '\0'; + static char errbuf[256]; + + if (l == 0) { + strlcpy(errbuf, "empty domain name", sizeof(errbuf)); + goto bad; + } + if (!isalpha((u_char)name[0]) && !isdigit((u_char)name[0])) { + snprintf(errbuf, sizeof(errbuf), "domain name \"%.100s\" " + "starts with invalid character", name); + goto bad; + } + for (i = 0; i < l; i++) { + c = tolower((u_char)name[i]); + if (makelower) + name[i] = (char)c; + if (last == '.' && c == '.') { + snprintf(errbuf, sizeof(errbuf), "domain name " + "\"%.100s\" contains consecutive separators", name); + goto bad; + } + if (c != '.' && c != '-' && !isalnum(c) && + c != '_') /* technically invalid, but common */ { + snprintf(errbuf, sizeof(errbuf), "domain name " + "\"%.100s\" contains invalid characters", name); + goto bad; + } + last = c; + } + if (name[l - 1] == '.') + name[l - 1] = '\0'; + if (errstr != NULL) + *errstr = NULL; + return 1; +bad: + if (errstr != NULL) + *errstr = errbuf; + return 0; +} + +const char * +atoi_err(const char *nptr, int *val) +{ + const char *errstr = NULL; + long long num; + + if (nptr == NULL || *nptr == '\0') + return "missing"; + num = strtonum(nptr, 0, INT_MAX, &errstr); + if (errstr == NULL) + *val = (int)num; + return errstr; +} + +int +parse_absolute_time(const char *s, uint64_t *tp) +{ + struct tm tm; + time_t tt; + char buf[32], *fmt; + + *tp = 0; + + /* + * POSIX strptime says "The application shall ensure that there + * is white-space or other non-alphanumeric characters between + * any two conversion specifications" so arrange things this way. + */ + switch (strlen(s)) { + case 8: /* YYYYMMDD */ + fmt = "%Y-%m-%d"; + snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2s", s, s + 4, s + 6); + break; + case 12: /* YYYYMMDDHHMM */ + fmt = "%Y-%m-%dT%H:%M"; + snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2sT%.2s:%.2s", + s, s + 4, s + 6, s + 8, s + 10); + break; + case 14: /* YYYYMMDDHHMMSS */ + fmt = "%Y-%m-%dT%H:%M:%S"; + snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2sT%.2s:%.2s:%.2s", + s, s + 4, s + 6, s + 8, s + 10, s + 12); + break; + default: + return SSH_ERR_INVALID_FORMAT; + } + + memset(&tm, 0, sizeof(tm)); + if (strptime(buf, fmt, &tm) == NULL) + return SSH_ERR_INVALID_FORMAT; + if ((tt = mktime(&tm)) < 0) + return SSH_ERR_INVALID_FORMAT; + /* success */ + *tp = (uint64_t)tt; + return 0; +} + +void +format_absolute_time(uint64_t t, char *buf, size_t len) +{ + time_t tt = t > INT_MAX ? INT_MAX : t; /* XXX revisit in 2038 :P */ + struct tm tm; + + localtime_r(&tt, &tm); + strftime(buf, len, "%Y-%m-%dT%H:%M:%S", &tm); +} diff --git a/misc.h b/misc.h index 153d11375bf5..cdafea735984 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.63 2017/08/18 05:48:04 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.71 2018/03/12 00:52:01 djm Exp $ */ /* * Author: Tatu Ylonen @@ -48,13 +48,18 @@ char *strdelim(char **); int set_nonblock(int); int unset_nonblock(int); void set_nodelay(int); +int set_reuseaddr(int); +char *get_rdomain(int); +int set_rdomain(int, const char *); int a2port(const char *); int a2tun(const char *, int *); char *put_host_port(const char *, u_short); char *hpdelim(char **); char *cleanhostname(char *); char *colon(char *); +int parse_user_host_path(const char *, char **, char **, char **); int parse_user_host_port(const char *, char **, char **, int *); +int parse_uri(const char *, const char *, char **, char **, int *, char **); long convtime(const char *); char *tilde_expand_filename(const char *, uid_t); char *percent_expand(const char *, ...) __attribute__((__sentinel__)); @@ -62,10 +67,16 @@ char *tohex(const void *, size_t); void sanitise_stdfd(void); void ms_subtract_diff(struct timeval *, int *); void ms_to_timeval(struct timeval *, int); +void monotime_ts(struct timespec *); +void monotime_tv(struct timeval *); time_t monotime(void); double monotime_double(void); void lowercase(char *s); int unix_listener(const char *, int, int); +int valid_domain(char *, int, const char **); +const char *atoi_err(const char *, int *); +int parse_absolute_time(const char *, uint64_t *); +void format_absolute_time(uint64_t, char *, size_t); void sock_set_v6only(int); @@ -84,7 +95,7 @@ void replacearg(arglist *, u_int, char *, ...) __attribute__((format(printf, 3, 4))); void freeargs(arglist *); -int tun_open(int, int); +int tun_open(int, int, char **); /* Common definitions for ssh tunnel device forwarding */ #define SSH_TUNMODE_NO 0x00 @@ -140,12 +151,6 @@ int argv_split(const char *, int *, char ***); char *argv_assemble(int, char **argv); int exited_cleanly(pid_t, const char *, const char *, int); -#define SSH_SUBPROCESS_STDOUT_DISCARD (1) /* Discard stdout */ -#define SSH_SUBPROCESS_STDOUT_CAPTURE (1<<1) /* Redirect stdout */ -#define SSH_SUBPROCESS_STDERR_DISCARD (1<<2) /* Discard stderr */ -pid_t subprocess(const char *, struct passwd *, - const char *, int, char **, FILE **, u_int flags); - struct stat; int safe_path(const char *, struct stat *, const char *, uid_t, char *, size_t); diff --git a/mkinstalldirs b/mkinstalldirs index 47d5f43fea60..399f40925ac7 100755 --- a/mkinstalldirs +++ b/mkinstalldirs @@ -4,8 +4,6 @@ # Created: 1993-05-16 # Public domain -# $Id: mkinstalldirs,v 1.2 2003/11/21 12:48:55 djm Exp $ - errstatus=0 for file diff --git a/moduli b/moduli index 00b5a6937df5..cf28bd36bdee 100644 --- a/moduli +++ b/moduli @@ -1,431 +1,407 @@ -# $OpenBSD: moduli,v 1.18 2016/08/11 01:42:11 dtucker Exp $ +# $OpenBSD: moduli,v 1.20 2017/11/29 05:49:54 dtucker Exp $ # Time Type Tests Tries Size Generator Modulus -20160301052556 2 6 100 2047 5 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D19F4647 -20160301052601 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D1A5C13B -20160301052612 2 6 100 2047 5 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D1B7A3EF -20160301052620 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D1C4C33B -20160301052628 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D1CFFACB -20160301052645 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D1F31D8B -20160301052703 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D218C293 -20160301052723 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D24116E3 -20160301052732 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D25321F3 -20160301052741 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D260D8E3 -20160301052748 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D26CD3D3 -20160301052756 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D2791F7B -20160301052823 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D2B71133 -20160301052827 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D2BABBA3 -20160301052832 2 6 100 2047 5 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D2BFC957 -20160301052931 2 6 100 2047 5 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D3514117 -20160301053017 2 6 100 2047 5 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D3BF91F7 -20160301053037 2 6 100 2047 5 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D3E9113F -20160301053101 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D41BFA83 -20160301053129 2 6 100 2047 5 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D45A369F -20160301053217 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D4CB8683 -20160301053222 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D4D01463 -20160301053251 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D50F62C3 -20160301053309 2 6 100 2047 5 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D5351887 -20160301053333 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D568358B -20160301053350 2 6 100 2047 5 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D58AA31F -20160301053359 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D5991AF3 -20160301053438 2 6 100 2047 5 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D5F65E07 -20160301053523 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D65F37D3 -20160301053556 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D6AB7E73 -20160301053608 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D6C131CB -20160301053631 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D6F18A93 -20160301053647 2 6 100 2047 5 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D7132B7F -20160301053724 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D76995EB -20160301053743 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D793D27B -20160301053757 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D7AE856B -20160301053820 2 6 100 2047 5 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D7E1810F -20160301053828 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D7EC09EB -20160301053831 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D7ECC2FB -20160301053958 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D8B829CB -20160301054042 2 6 100 2047 2 DA57B18976E9C55CEAC3BFFF70419A1550258EA7359400BD4FAC8F4203B73E0BC54D62C0A2D9AA9B543FACA0290514EA426DE6FEF897CB858243511DCE5170420C799D888DCFDC4502FF49B66F34E75C00E98A55408A791FF5CFEA7C288F8E6664226A6A90BE237D2E40C207B5AD0CAEDFDA4946E63AEA351A09EF462515FED4098694241CD07E2CB7727B39B8B1B9467D72DFB908D8169F5DB3CD5A6BEBE1344C585A882508B760402E86EB9B5548A7B98635ECFCDC02FF62B29C53847142FC598ADC66F622F6E9F73BDF02B3D795C0DF23D00E5A3A7748F3E1D5B06F46D4568CE3F4CC57E67D4C36DF5C12800620698C727CC5F5BCACF3B7E17E37D91CFCF3 -20160301054134 2 6 100 2047 2 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251903103B -20160301054139 2 6 100 2047 2 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF2519072B8B -20160301054157 2 6 100 2047 5 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF25192F631F -20160301054207 2 6 100 2047 5 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF25193F9E7F -20160301054213 2 6 100 2047 5 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF2519475A1F -20160301054301 2 6 100 2047 5 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF2519BA6807 -20160301054320 2 6 100 2047 5 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF2519E2FA7F -20160301054340 2 6 100 2047 2 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251A0CD913 -20160301054413 2 6 100 2047 2 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251A5B8A43 -20160301054511 2 6 100 2047 5 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251AE66597 -20160301054527 2 6 100 2047 5 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251B03A57F -20160301054544 2 6 100 2047 2 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251B276FBB -20160301054548 2 6 100 2047 2 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251B2915B3 -20160301054621 2 6 100 2047 2 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251B79A4BB -20160301054714 2 6 100 2047 5 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251BF77377 -20160301054737 2 6 100 2047 2 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251C28D853 -20160301054819 2 6 100 2047 2 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251C8C959B -20160301054844 2 6 100 2047 2 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251CC0A39B -20160301055002 2 6 100 2047 5 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251D7C0A9F -20160301055021 2 6 100 2047 5 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251DA0A72F -20160301055024 2 6 100 2047 5 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251DA1003F -20160301055029 2 6 100 2047 5 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251DA4B607 -20160301055034 2 6 100 2047 2 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251DA82003 -20160301055101 2 6 100 2047 2 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251DE323BB -20160301055123 2 6 100 2047 2 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251E13DB33 -20160301055136 2 6 100 2047 2 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251E2A2203 -20160301055141 2 6 100 2047 2 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251E2F180B -20160301055208 2 6 100 2047 2 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251E6B2E8B -20160301055248 2 6 100 2047 2 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251ECCA61B -20160301055312 2 6 100 2047 5 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251EFFD5C7 -20160301055319 2 6 100 2047 2 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251F08AD6B -20160301055413 2 6 100 2047 2 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251F881A4B -20160301055420 2 6 100 2047 5 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251F8FC967 -20160301055438 2 6 100 2047 2 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251FB8102B -20160301055505 2 6 100 2047 2 F030C513D5C6694FB09539ECF9D8290608A96280EDDEB74FD66DD43CACE3A5BFD6BC4F02EF38E44F68296DA50091214D9E6C518D715D76E19CCCA0578886B93ADA36E8AFDC23B311DA04EB8AC2FF31F3B87BD27C283519DF9CFCAA9D4EF822ECD2AD5593D3819399CEF3FAF0B786071496A9BD94164F739A2D1E0DEBB798BAEF0540B4388D3762523B68E100D6EE231DD95BEB4F4472E9E2236A24E0891DF5A19222A6C69D531C9E73DEF6ADAC84D61BC4EEA36E2A9FD64902461BFAF9BF81D699E141EE77A03996DC4586D3487A0E6189696C1D67F91E91595EB584AD1DF9EF5FC64160EAC3F2D88B4FB0E20A7925FE133D71EF9E1DD018101AAF251FF16983 -20160301061411 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26C5D83833 -20160301061835 2 6 100 3071 5 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26C6AAA907 -20160301062447 2 6 100 3071 5 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26C7D2DF17 -20160301062535 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26C7F0856B -20160301062652 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26C8266573 -20160301062708 2 6 100 3071 5 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26C82B4297 -20160301063801 2 6 100 3071 5 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26CA342897 -20160301063920 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26CA6B6B53 -20160301064001 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26CA83D25B -20160301064133 2 6 100 3071 5 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26CAC6E0AF -20160301064312 2 6 100 3071 5 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26CB0B8B2F -20160301064624 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26CB9E9EBB -20160301064954 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26CC41F773 -20160301065030 2 6 100 3071 5 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26CC56680F -20160301065134 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26CC82B2B3 -20160301065432 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26CD0A0833 -20160301065614 2 6 100 3071 5 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26CD54CA17 -20160301070010 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26CE0A7B73 -20160301070046 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26CE21045B -20160301070141 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26CE4560CB -20160301070334 2 6 100 3071 5 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26CE9951EF -20160301070607 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26CF0C830B -20160301070911 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26CF96B75B -20160301070931 2 6 100 3071 5 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26CF9EB207 -20160301071405 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D07614DB -20160301071648 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D0F1177B -20160301071915 2 6 100 3071 5 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D15E484F -20160301071932 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D16371F3 -20160301072032 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D18BD843 -20160301072158 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D1C7632B -20160301072445 2 6 100 3071 5 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D2450187 -20160301072709 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D2B15CFB -20160301073130 2 6 100 3071 5 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D37B3327 -20160301073142 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D37C7FA3 -20160301073822 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D4B57B13 -20160301074016 2 6 100 3071 5 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D50A615F -20160301074134 2 6 100 3071 5 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D5419827 -20160301074208 2 6 100 3071 5 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D554AA2F -20160301074359 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D5A29FEB -20160301074457 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D5C6DA83 -20160301074620 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D601594B -20160301074846 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D66D7E6B -20160301074917 2 6 100 3071 5 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D67D64E7 -20160301075053 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D6C27B8B -20160301075132 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D6DB9C33 -20160301075225 2 6 100 3071 5 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D6FE9337 -20160301075252 2 6 100 3071 5 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D70AF577 -20160301075345 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D72CB613 -20160301075358 2 6 100 3071 2 E2871F8AF82B8E1038DDACF268D3690580ED64FC99F13D64B8322F1F6F19B0860BD4CB74BD2FF72ADF1090B0506E77743EA2C3102093C10A5045A17F92E403AE24B4E9276F9999A4AAD7DF5F2C03EB72B6BB303FE894149BFD670A13ADEDEFBD726A12A7F32919BC4FFFC8FA3E2E73645B432EB894D6906D1E6E8CD5C8BB882953EAA0306508205B6BC0B99177C81E9E9192D8185185CE82CF310AD42A24DB83039A4F10D1C55E7EA7D4C020BD12947A25732829D1AC6100ED9DA3F4D834D8EB28875F37B399C5AE21D6A122950A41680857CEB6A25158A108E8E0338047A2DD979AB97E9F84ABA18FB1DD43FD630F494CEACF0F7FFEF38BC14968B0FDF4942927D0169B46E84D52356EB1B7D04EFCDF2239AEA21A63B6F64E83AC18F81EB6EAEF03328B830860C184B4434B39FA6AE31C751FB5BA1AEA1BD8D41457D9AE58C6EFD230493454BA3C5EB791E74CAB907D0AF1173FFB99D78953660B23127550350A9A09B0116099087A04B56078C274874507ED92ECD2D98A7F064C26D72F088B -20160301080151 2 6 100 3071 5 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F1FA94507 -20160301080332 2 6 100 3071 5 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F1FF62A2F -20160301080512 2 6 100 3071 5 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F203E0E3F -20160301080759 2 6 100 3071 5 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F20BE897F -20160301081008 2 6 100 3071 2 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F211E8DAB -20160301081510 2 6 100 3071 2 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F220FBEBB -20160301081725 2 6 100 3071 2 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F22727C13 -20160301082213 2 6 100 3071 5 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F2352279F -20160301083400 2 6 100 3071 5 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F25905AEF -20160301083955 2 6 100 3071 2 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F26AB557B -20160301084035 2 6 100 3071 5 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F26C1D647 -20160301084145 2 6 100 3071 2 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F26F0E75B -20160301084827 2 6 100 3071 2 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F282FE7DB -20160301084906 2 6 100 3071 5 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F2847CBF7 -20160301085226 2 6 100 3071 2 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F28E1E963 -20160301085254 2 6 100 3071 2 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F28EF835B -20160301085737 2 6 100 3071 2 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F29D012DB -20160301085933 2 6 100 3071 2 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F2A259503 -20160301090045 2 6 100 3071 5 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F2A569E5F -20160301090201 2 6 100 3071 5 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F2A89EEB7 -20160301090441 2 6 100 3071 5 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F2B037B2F -20160301090534 2 6 100 3071 2 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F2B2559FB -20160301090628 2 6 100 3071 2 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F2B484193 -20160301092125 2 6 100 3071 5 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F2E1E1337 -20160301092513 2 6 100 3071 2 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F2ECC261B -20160301093051 2 6 100 3071 2 F5B3EB8BEBA51E3899E7F8C7E202FBB132EF5731B3C2AC07945AEDA6A77A194E69538E08ABB8BBC3FC5AC2D3F66E582AA280D1832065E63F462AE71CD69CB3523656358545BF625F0F0BA9A8902D2A09484BE915E4AB809B8C767F84AADC75744E07F691893DA5DCCCD3FE8A7140858A9CF09A52E3A8F1050913A592B5750BC54682523B6920F626D87A717D6680B4EE430317DDF7B36458D479ADF6855FE46D865D02F8161D8BD8F4D0F330EE27B28AA40D48B6EA8E183223FCBC4E9C4F1F615DE750A5F8BE130EE46DC23970AD5A3CB93F5822A53084553A3B27A72ADD55958935D98B06D6398B00A718EA6BCE075DD6708F714002AF5A75C67D087DB8308B6FCEC775DBE8415F57CCD39C13496F0782D4834C03241D1B2EFE5CD07D702BD489DE25DAF08CA1DE5FDA5962A8CC6E0283B992640B8706B076531844CF66D26BEC2DD5A0BCDABE6A048BA55F8C25621E8CAA55F2D9E011896DEA823CF9FFBC76143FF7F4653C3BBDC34138A482A150A221E2CA2BE774B7BD22B2481F2FD6418B -20160301101954 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29E60ED3CB -20160301104238 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29E7F21B53 -20160301105433 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29E8EA1923 -20160301110823 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29EA099523 -20160301111806 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29EAD0379B -20160301112515 2 6 100 4095 5 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29EB5F9FF7 -20160301112655 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29EB7A3C73 -20160301113152 2 6 100 4095 5 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29EBD8A1AF -20160301114603 2 6 100 4095 5 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29ED0421CF -20160301115854 2 6 100 4095 5 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29EE10BE07 -20160301122138 2 6 100 4095 5 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29EFED1757 -20160301124138 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29F18BB82B -20160301124341 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29F1AE9F93 -20160301130540 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29F378431B -20160301132038 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29F4B041CB -20160301132156 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29F4C33A3B -20160301133248 2 6 100 4095 5 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29F59F1817 -20160301135039 2 6 100 4095 5 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29F70D3707 -20160301135200 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29F720CFD3 -20160301135955 2 6 100 4095 5 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29F7BFD4BF -20160301141625 2 6 100 4095 5 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29F9118567 -20160301143329 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29FA446E3B -20160301143411 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29FA4A5D73 -20160301143511 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29FA57571B -20160301145341 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29FBCEC3DB -20160301150532 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29FCBAFB3B -20160301150756 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29FCE5B5B3 -20160301151026 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29FD119B83 -20160301152435 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29FE2CAD43 -20160301152638 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29FE504DD3 -20160301153829 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29FF425A73 -20160301154015 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29FF5FBCDB -20160301154135 2 6 100 4095 5 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29FF725ADF -20160301154325 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F29FF9005B3 -20160301155218 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F2A00430653 -20160301160626 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F2A01612A43 -20160301160831 2 6 100 4095 5 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F2A01842FE7 -20160301161542 2 6 100 4095 2 EF7840BC7248E3E12D223BD86584358750562F5FCB298632E269C7F4347DC441CEBCBAF5B8AD25C3A3EE85A97FC342EF2B320425ACE6A816200E4A46596E6D911E8E5940E4ED1F64275D1A2A1E2DC8A34E26026A8DD9D20AF2E36B2BEB467168E516F1DF9145DBA60CE4BE46B34E918D36F581B2860BEBD153A09BF5B51348137CEB0BFA43FDEF5398C538CB9854BED966017DC918E4EA26E0E1A283AEA90F41B2D27CBC34E6AA64FE7E370D532BE4A0DB2E77958CA6E570DEDA817FB91351B65E227BAF96383323820AC5CF785CD686E99398773DF19C1E33D7199A5104337AD3C8CF78FE1AF5D8A4A2B8C092E1FD2688F2829E006C050257DC4C16576AB12AC01AE40F35785586902058735024E0CF90B1DD3B547647AC6F98A70BE3CA9EF80E9A1E408D29FDBE7935625B9AB863891D6D30A54903DD23933303055B8E864751CEB7A153A841D2E1CD3C5943C7F6F1BB2836ED387BE4FB3075363317A1E813965497F5CC621A72B1CF5B50813B418F391FB7C4530B6C19416B4A942063012798536BBF853166697747F39827832A3D135ABFB03BF15990787F64D25E629ED1A6009BADF5447730445ACF2684715A84ECBC4B3A1E2C93E3EFCF4D9373E1355740776F66353576D7359C69EAE48FCFB06CA7536F4B132BFCE6DB2FDBD687B24E7A0AD1EBCBF887A7258C24D8AC9BB86BF847D9AC980919AD9BAF3F2A020ED50B -20160301165149 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE54C87A80B -20160301165241 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE54C91EA2B -20160301165750 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE54CFA74E3 -20160301173839 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE5504AEAFB -20160301174247 2 6 100 4095 5 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE5509AF4D7 -20160301174504 2 6 100 4095 5 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE550BFB1D7 -20160301180608 2 6 100 4095 5 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE5526F5F0F -20160301181854 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE55377C36B -20160301182221 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE553B4B8F3 -20160301183911 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE55510470B -20160301184110 2 6 100 4095 5 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE555338897 -20160301184426 2 6 100 4095 5 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE55571A23F -20160301190148 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE556DEB983 -20160301192446 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE558BD1523 -20160301193428 2 6 100 4095 5 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE559875F5F -20160301193505 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE5598BF0AB -20160301194148 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE55A0E82C3 -20160301195020 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE55AB8837B -20160301195917 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE55B6C5AB3 -20160301200332 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE55BBC661B -20160301201317 2 6 100 4095 5 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE55C7D9887 -20160301201523 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE55CA30A3B -20160301202029 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE55D044403 -20160301203514 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE55E324A43 -20160301203700 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE55E4D607B -20160301204309 2 6 100 4095 5 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE55EC519A7 -20160301205135 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE55F6BDE23 -20160301205244 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE55F7B0B23 -20160301205520 2 6 100 4095 5 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE55FA81627 -20160301205558 2 6 100 4095 5 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE55FACF2AF -20160301213318 2 6 100 4095 5 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE562B75737 -20160301214847 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE563F5D2EB -20160301215746 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE564AA7C23 -20160301220025 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE564DC00EB -20160301222154 2 6 100 4095 5 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE5669AE6CF -20160301223932 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE567FEFC33 -20160301225302 2 6 100 4095 5 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE569139497 -20160301225705 2 6 100 4095 5 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE5695E7AB7 -20160301230308 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE569D3D2B3 -20160301230751 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE56A2CD9CB -20160301231012 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE56A537EDB -20160301231655 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE56AD78EE3 -20160301232437 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE56B7299EB -20160301232518 2 6 100 4095 2 E268D4796069A7E90EC81DC69831656A982D57FD2C1E7810FD32855F3A67C150F52C2B45EC5C1183DE82AE98202BCD0CA7D1CD0A4D15AE296B23B6FCC0BD171005C939D9D1D75DEA733A6B4F3DA9A96759881B7482ABC3CF967763F261D0D6BEDDEE374F138597B347A57A4E21F8F801CD8F8A33FB3638FE0CE021E052AD5CE00E23E3A6644C844E8F79749384DBD4AC2D46B7804D797174F4BF19F92D8710B18BAE576F69449EA91681A92B0E8E95EECB47CCB0720DA611EF8686A09A7DB37726E1357EA9A1CFB7B2DB04529147BD30F96515123A7B5540890860D45C7C033DC0FAF079A0A7825C6A6DFD9B87189F2EEFBE5F68BA9B1DDA8E3BF26ECA3A8A261BF5C67E2A01C8E4BDFAA1C221950596216C69468493E424DBBCEFB8BCCF0A83C773123087F355A15EE7515BC3C6536FFCA05B50F8FB7F3A57103DDB6FA82E2B902991086E2EA9284CB09FEC7A4184EBA09A700930188711313FD16C27B338BA4BA55736E0C7B4C6E731933BD9FD7DDC80BC3A23676FF871FE3E21945BFC83B22C3992E2219F75A6C7AD05F66F2D09B8C805C2E1FFBEDBE5115FD9FB023B58B37FAFEA2CDE16C52A54BD7090C03438EF19F04D8FC630055FC96AFEA891B8CDF6016A6E101A9C27C1E6A5A3B81DC785B6E8808EF59414B58C1CBC5E3E1428DA520F1AA2E8BF6A6554F2DCA1CE30972E13BED33D2744621C763D387AE56B78E563 -20160302001351 2 6 100 6143 2 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDF880CFD33 -20160302060207 2 6 100 6143 5 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDF915C8E67 -20160302080221 2 6 100 6143 2 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDF9484D603 -20160302085858 2 6 100 6143 2 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDF95FD5243 -20160302110323 2 6 100 6143 2 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDF99425D23 -20160302115537 2 6 100 6143 5 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDF9AA4530F -20160302121026 2 6 100 6143 2 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDF9AFF17B3 -20160302125303 2 6 100 6143 2 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDF9C1752FB -20160302132855 2 6 100 6143 2 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDF9D055A3B -20160302145027 2 6 100 6143 2 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDF9F210C3B -20160302160128 2 6 100 6143 5 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDFA0F799CF -20160302164318 2 6 100 6143 2 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDFA205C49B -20160302193543 2 6 100 6143 2 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDFA66F725B -20160302223446 2 6 100 6143 5 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDFAB045BFF -20160302230706 2 6 100 6143 5 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDFABD44B9F -20160303005014 2 6 100 6143 2 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDFAE7817DB -20160303013053 2 6 100 6143 2 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDFAF76805B -20160303031806 2 6 100 6143 2 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDFB234F5BB -20160303034446 2 6 100 6143 2 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDFB2DCD713 -20160303042131 2 6 100 6143 2 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDFB3CABEBB -20160303052710 2 6 100 6143 5 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDFB569F28F -20160303064237 2 6 100 6143 5 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDFB744D6A7 -20160303074318 2 6 100 6143 5 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDFB8C38E87 -20160303091435 2 6 100 6143 5 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDFBB0B707F -20160303111232 2 6 100 6143 2 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDFBE003643 -20160303112343 2 6 100 6143 2 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDFBE40A0B3 -20160303113550 2 6 100 6143 5 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDFBE87B0BF -20160303120708 2 6 100 6143 2 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDFBF49A92B -20160303122005 2 6 100 6143 2 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDFBF954093 -20160303134821 2 6 100 6143 5 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDFC1C0AD17 -20160303183137 2 6 100 6143 5 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDFC8B45457 -20160303204451 2 6 100 6143 2 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDFCBFBCF5B -20160303210530 2 6 100 6143 2 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDFCC756893 -20160303224116 2 6 100 6143 2 D9752DD196C5E138B7F542FD56561455DDBDF05DCC107F8A5C8F393529CEBAE3CECA54E85766015CBFE1856D830D7A20385951C0941FF754570F697951C77F6FC064C28B708E8A691BDA8C6C1921C7559288EE8A024EB50D923EFF9F143E76B053D2B5FF1779C1CDC0E5856BBE4396928E605009866CFD212C68183120D5A7EA14BD3878690406069F8BC9AED334AEB6C25FD4CD9421F860893256B1A7741F729982BC109E3B6DF4D86CCFCDC1EBAB2EB13836E7988CB9F32F3EC5120E6B2DD74FF13E456A1A01E313E00A728D2ED690A656DACB1C71C6BADCA959CD944EBA762FC8B0B3CEF237386ED3D4FC6983A8F950B956DC76C09B6AAE22B5B8501B73B6E685FA40AA56139A8C02F6E0B7836E3F08EB5F9D4EC83A8BDA394FC5DA24D2CF078AE7491E3856A18FCA2C68BF9BC82ABCDE494CDFB31F82E5FE8C20D7832412F478BFC67A2B4B2CF5F266DDF53CB62372957861B95FFD2C82C46E48ACD75CAEC30E8453C8A24020ABB6143665441179478D8E33E505C2E34C1EA8F22205CA8FB31A48209BCF10ACD56B6B0060DE1836A4C9EF3C062C552C1BC8528D262FF0A2BEB56626C69A8CC7BA24F65FC39768212BB7C41BFFEDDAFD1A1528F6258F2ABC102F693425FDDF20D9EC9601FBFDC6FCD43E551C082A8A1373A1CB5E83BCD8175D9B60662D03ED5894D3EF4325180633C33FA1DD0964CC0CAEDE403146E7A5B8ED74FC6AB359EE1909A45A445429B17C04658E7F4F31F84DD194FDFBF3EF345C1B4EF2563E16351808FE4262B52D0C8AA748DF502FEF3A92C9F6A6A03BDE903DD1392177265313C08E767B003614AC6C6BFC501AAC24737BB3C8CC0160D81FC3BC6244974E1D83D15E676976F92999AEE25A66E7FE124A94D52A902E035FA5F866833D7AD3387BE2423095930671D8588E49510AEC9430ED1F03A02F3160124D893833D44FA4B51FED9044AE5B4136105466D5CD711FDFC37690183BA1D4930347148433D76B98A857EF4962FE0F48A16F20454555411EC778B248529F50503C4E0D62A122EEF42CA6BEFC7B3517CCB75A293AF2532E29FC2889DFDFCEC94F0B -20160304002011 2 6 100 6143 2 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F213AE3B5BB -20160304013213 2 6 100 6143 5 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F213CCC818F -20160304014837 2 6 100 6143 5 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F213D3357F7 -20160304050100 2 6 100 6143 2 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F21426DAC33 -20160304070516 2 6 100 6143 2 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F2145B0AFE3 -20160304085926 2 6 100 6143 2 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F2148A9E96B -20160304092251 2 6 100 6143 2 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F21493F5C9B -20160304092815 2 6 100 6143 2 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F21495C2BA3 -20160304115839 2 6 100 6143 2 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F214D4FED23 -20160304122842 2 6 100 6143 5 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F214E130FAF -20160304143749 2 6 100 6143 5 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F215161823F -20160304160139 2 6 100 6143 2 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F2153888D53 -20160304160440 2 6 100 6143 2 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F215394B933 -20160304162214 2 6 100 6143 2 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F215400CF9B -20160304212008 2 6 100 6143 2 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F215BACC633 -20160304221341 2 6 100 6143 5 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F215D065E4F -20160304221614 2 6 100 6143 5 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F215D0E8A6F -20160305022340 2 6 100 6143 2 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F216368CBBB -20160305044620 2 6 100 6143 5 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F216709F6C7 -20160305053801 2 6 100 6143 2 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F2168484233 -20160305060125 2 6 100 6143 5 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F2168D0E0E7 -20160305081042 2 6 100 6143 2 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F216C1797FB -20160305094218 2 6 100 6143 2 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F216E608403 -20160305095044 2 6 100 6143 5 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F216E8BAD0F -20160305095440 2 6 100 6143 5 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F216E9B001F -20160305111737 2 6 100 6143 2 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F2170A72F1B -20160305152313 2 6 100 6143 2 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F2176C19D53 -20160305152947 2 6 100 6143 2 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F2176E37BCB -20160305154608 2 6 100 6143 2 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F217744E9E3 -20160305161226 2 6 100 6143 5 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F2177E547CF -20160305173357 2 6 100 6143 2 FC87210E608B51094653AB8D5963CAEF1C053FBDBBEDF91B83BBD945C79B4F67E96E8FA2C32DD50643434724257CC86C29F3CA2D266A719934B4D350E933D37153610C332F148D4B22D7D790A2A83995B0600254F640BD5E48B7D97D1BCEE76515FE078CE062EFB08529A5670F773DF514EC5392403D50C33577AFCDDE7D90224AEED69799AE17968CADDBFDC81A6E10B1CDE4A0D3F41C4B82CE346E0621973BE07918EAD36D7C67BCF2984D0F78BCD1E540847CA4DC90D909845862D4F699ABFA17F5749554774BC2C59443265CE386C655055202009B32590EB0FD85F203E63425342E756AB57F5BA14BD2E283B617A230E11A955442F0C1F53AF4F08DFD1D2606DD5DD04486C40A0E6D2DB2B390D664A97D32ED7868A6AAC5F2E534B7C880EE0F6834EC100D547B823547443D02980F1EBB2EBB6D57E9368BC70C440BB5406220630583D59AB11C489B0B0B8591A7F9FF322BFD4B9FE0672800A402F9734652EF151B44180D4EA7A713C66873A245691AAF295272BFF02979772EC48D65CF34540F38EDF2B95BDF8E7A88062866A8F5471F29993E1D4A4F1638A447D237964907CA1090C0CE1D4FDD79277219F9E1CE63E3E95BAFF8017639969710AE8520769B09C318BDD8A0CB3560DDC3A6281E1816EF16D942980934B6B381D44FD19311FDE8457113B6F8FBC9101EC20F6F216712BC17A63A753F0724BA90EA9A4766FF93BBA39020CC72E0B33CB6CC3C3D87A13CB86BA9C1A9B9086DBD905F62B29782E5AAD4C27704913415E583A0EF1F2586C612DCA66CA31FD1F797752EC984E543616C7575ADC6BDAB9788F82C9258DF1E58777440BDAD5D93A2CBEAC466D6BE37CC4307CA0534B00B6EBEE4C3958BC587117E8E26D13E36B1D4A9D0F7DB2F00E9568EB21F6530EF635650C51DC9D04B788439BE01ACBF5501D673896A170037E0048882DCF5A09F7605AEFEA5615A534B5CAE77D46B00E27CAC0C7685AA235EBC0941B056FCE7737E3BD6597EF0C5774D1535F294645B12025F17474F9066DA7DFD867B72E3706FAEECD892C05D92494D7A3BEE52080BAC6FCA8F2179D3586B -20160305235825 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B0B4DFC33 -20160306022229 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B0D65D0DB -20160306093737 2 6 100 7679 5 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B13D7D927 -20160306094452 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B13E933BB -20160306160337 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B1971D123 -20160306224032 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B1F3B6DAB -20160306225345 2 6 100 7679 5 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B1F6160BF -20160306233854 2 6 100 7679 5 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B2005324F -20160307010902 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B214E9673 -20160307051433 2 6 100 7679 5 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B24C9A09F -20160307062817 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B25CA759B -20160307113227 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B2A201EFB -20160307123109 2 6 100 7679 5 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B2AEC017F -20160307185147 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B3059D223 -20160308031623 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B3779276B -20160308074434 2 6 100 7679 5 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B3B36AF7F -20160308080500 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B3B735E1B -20160308090559 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B3C46A863 -20160308204809 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B45F50A43 -20160308220844 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B47098FDB -20160309000534 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B4893E51B -20160309035855 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B4B9D5AF3 -20160309042540 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B4BEF4FBB -20160309152136 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B54B515AB -20160309192852 2 6 100 7679 5 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B57FBEBF7 -20160310013359 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B5CE29283 -20160310035549 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B5EB8EE13 -20160310075706 2 6 100 7679 5 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B61EA384F -20160310173812 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B6993761B -20160310190029 2 6 100 7679 5 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B6A9FDA07 -20160310193821 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B6B156863 -20160311033330 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B714D2463 -20160311043906 2 6 100 7679 5 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B7225A617 -20160311054129 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B72E8A083 -20160311060123 2 6 100 7679 5 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B7320D78F -20160311060829 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B732F58C3 -20160311071819 2 6 100 7679 2 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B740FC84B -20160311081031 2 6 100 7679 5 CDE6C545B0D2F4A803F7AA7269ADA925DA60EAE55764AE38A7C61738B71DA67096F9E2CABF9B30B2E33E1FE97BFE4CE54B53041F2B2A0DAEF6135B6FB4990BE5C32AA56F223B6FDA4599B58517C6B78EA50C8E17CBB37865B5DB8AB5AB0F9A30B27AD76B11F758F10643A569346816280CE9368A159957E161B5E877CBD33D838B725F3CBAA53F6BC1B8F0062B9ED6D756CBB077B92A0A010636B4B92D570C8E0E3BA5553A92B7F1BF41C7AF7354849491B1C63886EE4A52DDBCF24444D5EA1636F883C1B5482E5ECBCA45BB5C741E9A302554B218DEC84908A75D6A2FB12CD96B1C6046A27FCBEDF260AA445C90A156DC17A1147861792E81840E71D0C8DA6BFC54BE0AA2409B7B23807FC07EF4B2B88B6AA9755809D084448E20D06890B4F299F4A38653F34BB52F38E06E4BC7AECD019E6E06FE39238F661726D7FD4AF8F5CFD49177CE8F8D324C99A00D4FF37B5CE5845106893B0AB4600F0A47BC5C3A536969498548EB86BC2ADB0155F9D2F94B02E7198CCE6E03D091191F63F7CD9AF5F2781D32C105A5DD8425090F90FD2099FE37630A69DB179A7161A226B0CD24C93C087B3AC90EF711C2358DC39EA53C0B9BEAF30851B9DCC5BCE27B4595D391DB68336FF330D3A1E90358A2CB1B35765C6F629D737EF13D6565390D25F3DC8E5A17FDDAF740568659F064CC5DB9F4A3A6CA3BA027A58CD18880F4941CC9B372BDB9B3398FBC357B7672EFEA922537846A4F4B7F393B927786A30DEEC3E5234CFB2D9CE459D1CB2140DE33052CF325BF81C4AA80928FB4906B6700F9CC2628747894CDF90FE2C2F07303F435CFD182F661B19E802092BEDB3E22C275A9AB635DD60A442E2E3D6B61CB204898EB0F0D888CE8903FA8521B9EF18046904F63B66C70B2C503CD1E2A2EEF203274D59D5A86F1B2758B9DDC9F97708841322C99BE9A47524A8BE01D7152B9ACF12C0181BB8C1884DD03FF26FA916FD95A4325DAC03139C80F7931F24694AFDDC150848579C28276BC4DA72400277F560A1E9701186148B5ADADDA2BCC8F7ED47A999DC77C3D6C7E20AD7F3C0A4DFAD3B8EEA0C0C402A28B27B01EAE661CF48CB7A8E14FF0597612798D954B1AC078984BAC3353F2A9829E9F29D88562F5EF90DF5A5E81A97C4BC9565F2F915B43ECD333B189D3C774E18B397D3B6640D8F4902DE3A90BF4E2646302A4BE7341A40F83AEC49B7DC31C0B91CF4BF022EBC8623CDFAD234CECD39942649B386CC65EBED4676F6B0FBC015D2C300B252A7DE8DC6434270DF9918D48FF541CAFFEE9485166EFB82C4F4FB2FA109C6C16D475052E530B12FB81DF189F77C08A9DC2F6A4F37E38601B74B68FAF -20160311170649 2 6 100 7679 5 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073B9B171F787 -20160311195449 2 6 100 7679 5 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073B9B3EAFC07 -20160312113901 2 6 100 7679 2 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073B9C1FC4A03 -20160312141825 2 6 100 7679 2 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073B9C45A6C9B -20160312221956 2 6 100 7679 5 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073B9CB35C95F -20160313023234 2 6 100 7679 2 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073B9CED021AB -20160313062450 2 6 100 7679 5 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073B9D2124DF7 -20160313135733 2 6 100 7679 2 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073B9D880F89B -20160314002320 2 6 100 7679 2 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073B9E14CBED3 -20160314074608 2 6 100 7679 2 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073B9E75C54D3 -20160314135741 2 6 100 7679 2 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073B9EC7E3DAB -20160314140815 2 6 100 7679 5 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073B9EC9AC0E7 -20160314202745 2 6 100 7679 2 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073B9F1BD98C3 -20160314223316 2 6 100 7679 2 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073B9F36F08D3 -20160315005016 2 6 100 7679 5 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073B9F54715BF -20160315013952 2 6 100 7679 2 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073B9F5E3A7F3 -20160315060542 2 6 100 7679 2 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073B9F968A573 -20160315072619 2 6 100 7679 2 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073B9FA7969D3 -20160315105849 2 6 100 7679 2 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073B9FD4C31DB -20160315120521 2 6 100 7679 5 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073B9FE292087 -20160315121136 2 6 100 7679 2 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073B9FE352FC3 -20160315152946 2 6 100 7679 2 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073BA00CB151B -20160315165331 2 6 100 7679 5 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073BA01DFD347 -20160315184225 2 6 100 7679 5 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073BA034D7527 -20160315214330 2 6 100 7679 2 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073BA05A75E33 -20160316020204 2 6 100 7679 5 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073BA0912D52F -20160316065014 2 6 100 7679 5 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073BA0CD7441F -20160316121031 2 6 100 7679 2 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073BA1102A093 -20160316165356 2 6 100 7679 5 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073BA14B5C017 -20160316191831 2 6 100 7679 2 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073BA168B1623 -20160316230539 2 6 100 7679 5 EC435B7E292EBAAEC94B8E8A53ED9F3FF717BB820D4893F0BBE6589BD3AF344B765A6000950C6244B2E4262E7E500BF699AF0FF49605A15EB80C61429C9FB79F658C3E0F8DB516AF9703BCB5E84ABA314292808DC70D183C513609A6D345F5D8676256E25108EE70B210C0293B5C804CF21FD843D2F5F79F91F57CF2C2EFB7052CA5F73544F0568A68FA5583CA6EDD300817AAB25E650B0AB9523C6C60156726F4B5243A8BE580308BB6297E23785893119D49B2407D4D8DACD551D08A5F9BB32BD7965313EC6C9DDCD685A62F7AFC8E71DF10F9E1FA25EB3DCD41D7DBDEFE5DB565BAE0CB62F192AA573A126FB92C9638457E73EB4C007268142D9506B17D20A4D73B51E21983D9AC86F7ABBDCE9B9D10BE307642C49382E27B45ADB32E9FF7A2203F395C71EAF7656DF83F57E527CCA37A2BE9AFBA89FB718DB95CC041BF4025FF1CB5F463C8A09FD374AF3F143EE53FF4B369117BDBE0743335B1B5650B68C5B4F64E42D4CF0B329316F4FCD5E66F4A1359F2B29684961CA04EC5AC787FD4BF990F3FBE698D69FAF946DE12A4215392928E29ACF24F940AE4046C74BC6E799EE1D85BA8264C6C7DFF62A244CA2D05C4352870E0E8EF71F884AEFA4A4CA704B6C6607D2E59D36253350AF73C1FBE9C5D61A26A9024B715B45ECF1487D23970C5E405B46029403DD95B2F5672E61863E48CBB280300B2CF87C749F0ACC52940819688C819250B71E54397C8792AAB31655BCE19FAD3A7C59BD64904CC806304AEB6DC8B534081CD2EFD2808977FAC9BAB540EC153DD98D8B33984EC40BCFBC0C5D5B95AB3E183961DB2EE8883B174A3CFEC21CBE7F200FDD2879C1BA808B65A03B02793688FBB1F753333A23A4139766DD3ECD30742E55C25474D068CAB008BA6957CB014E4D46C4BF3084C8343D61231B6B997A8BCEE761D907E4323B92EED55575A38048D686B04F6614B7F931BF1F7D2CF35912E3472F424B11FEBA41F6D569B1A13002A33D5660844A896436AA4D8BC74B6951C75F883D747690B6AD3501B84C6C5B4E29C4153A98C0F2DF38CAFDF00E15CFE8DB0939E5611518DB4547CB2880B5F2D431526082D608384FA3BDD78B75157F25C7A2448249E635C20051C39577AE777C75E7B424CB647B76C9880E905E401DA09DE7A6A5F3E59376B24DCAC613C6EF263741FA15E83B64C78C03016FD34AB608D77100FD8733F130F63A0725B8E7CCD344F5E9A460D2F4F5BE139A6B57A3955A47726A02D6425EF8D1440709517F2DE1D8BB1D054BF69B77E44B4C4427F26EC6303F91CF197298214820264AFACBD355F08E278734BDBF1E116ADF6C1C03ADF5E73212A7073BA1974D157 -20160317204037 2 6 100 8191 5 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27F505984F7 -20160317232704 2 6 100 8191 2 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27F52635AA3 -20160318065706 2 6 100 8191 2 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27F57FAD16B -20160318115527 2 6 100 8191 5 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27F5BAEDEAF -20160318183751 2 6 100 8191 5 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27F608FC39F -20160318220732 2 6 100 8191 2 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27F6315D9EB -20160318231533 2 6 100 8191 5 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27F63E5739F -20160319161235 2 6 100 8191 2 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27F7037DD73 -20160319230645 2 6 100 8191 2 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27F751E7BE3 -20160320013744 2 6 100 8191 5 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27F76DF3D47 -20160320040506 2 6 100 8191 5 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27F789CABBF -20160321132428 2 6 100 8191 2 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27F8FC5A85B -20160321160901 2 6 100 8191 5 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27F91961EDF -20160321181311 2 6 100 8191 2 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27F92F8EDBB -20160321224946 2 6 100 8191 5 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27F9615911F -20160321230806 2 6 100 8191 2 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27F963FE5D3 -20160322064427 2 6 100 8191 2 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27F9B60592B -20160322090339 2 6 100 8191 2 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27F9CE9AD5B -20160322103202 2 6 100 8191 2 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27F9DDFC97B -20160322120630 2 6 100 8191 5 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27F9EE9F43F -20160322130823 2 6 100 8191 2 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27F9F927B4B -20160322151455 2 6 100 8191 2 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27FA0F6C9EB -20160322151924 2 6 100 8191 2 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27FA0FAAD73 -20160323004347 2 6 100 8191 5 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27FA73E643F -20160323011842 2 6 100 8191 2 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27FA794B363 -20160323041407 2 6 100 8191 5 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27FA98073AF -20160323042341 2 6 100 8191 2 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27FA992813B -20160324042502 2 6 100 8191 5 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27FB9535E6F -20160324084810 2 6 100 8191 2 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27FBC2024D3 -20160324112528 2 6 100 8191 5 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27FBDCE47F7 -20160324195325 2 6 100 8191 5 D8320CDE33443FD11E472910A82D580EF614A690CF5313E998A695702508351835AF6D1DF2FA7AF2F1B234CB85E4174D67D9A32B8CC58DAF6DCFD555275B1D038D5EAAC00E0396BFF8A3686F1BB5DADDEB3C5F12B02358C7A1249A01CB1AA2AB3FAC5FC95CB7D16A38DBCD11804212872394D9A2E2F2797A3062AC5AF0C0C57F5ABEF3608546608EC08F197CE2CCF0490875BE4BCF1BD35358AF5694217F2E3DE713800F3C4071622FDBAD20CAEBE2BA60C80DF012DA576EE24A753749C0BAD8707A2382B6E909FF0B8F4A304EEDB1BF04CA0747166981279FE69248AF0DD177702DA2DC709E301D7D6FE985A7D3F7A1678A9BEF306D6036F143806563C42ADFFD8D70595F0C60BA39F0D392CE7EF7CA57547DB2E35B0464FEC6F59F6095F93BD0A241589CAEE15E2226873D31876900E534999F1D2E23E7239FF679377580065A861D3E29FA7215979BDE039ED1FFED26CC2F5541C5CD907E81434EED0479D8737262CCB2807A70504088F23E72A3D949F37C2C8E957DC2FE64BB9CE028013270F42E022BA671F1670EBD20413453A3CF19F53A1A6BDE5D744E39BBF9377384AAF0FBAF475DD1067A2906244CB87F919159DDC71256A251F1BBA789B18D97602C9C1254A4443849C16E0CE2A7A0B6AA6F117788A92C1CB3F60E2C8E539840E3AF49B9248D3E1CAACB08B43146F07CC53D2573086ED062D108C9AC924F58265CCEF3731D39FE5D4F983EADD0E9F9D8B68D953AA9342B8604AFE7916E544D88870F2ED0AFC2CD0C47DD1E5F361004D97B5108D13CD127DEC8609FA2C65FF1714FD45F3B2B3809BAC06DFCA198B71B3929E2A7B62538E5B1B8B5024D8BB78438883911A6FCA870DB16F8F2DA46D9C611F785428A356B40C07B2B8A72E157E3497DE2982AAAE4D2D9F4368469A7AD4061AEE188DA4317D826721B9F9B1A361FECF0C725E0AB6F17C147D2C62A4D11989DB1503F85763FA3E4A49BAB6BDD05C95199158D421B115F40B124EE448803E07496DE7C2682D4AF433662978CFDCFAC88C9100C46CC16929A10E3082BCAD4444D59FE57717FB4BE8DE45F4D84716D204AC97CBA5A7824765636C571AD6780AAA7510E832EECC54D571A780F90BC6A1B54DE8CC83ECB797A9065CC9807CC99DD7638AFC500D05FD2EDEB795227CAA37EBBC04A37DF07762E0319F27B523282D11DEFD85A1DBA40C87EA1EA4D1B9B2A2FC34F9F5395AE51E3A994FE25C680022E5ABD19D11703C2CB6EEE1780F76FEA8601FAE9E27BC16F832BC16776609DC2B0E3D605E635258A95907A148D583B44E202BA4A48211DA3358B7B391B6F3AD0F84D9D7F97DFFA9D819C3D316A59173E8CA970240349A89E09F0A9B1A4B4C6FFCDD878A977BC9EB254318574C40C49D2DCE56FF803601E1752BE3824F94D0D66C1C5FDADCC9670BFC85C422811D27FC34000DF -20160325054405 2 6 100 8191 5 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD3C9827F7 -20160325073844 2 6 100 8191 2 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD3DFD683B -20160326035547 2 6 100 8191 2 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD4D2BE973 -20160326072058 2 6 100 8191 2 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD4FA14E4B -20160326092507 2 6 100 8191 2 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD511CC0FB -20160326124028 2 6 100 8191 5 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD537EA3E7 -20160326204702 2 6 100 8191 2 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD595EF333 -20160327004038 2 6 100 8191 2 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD5C324F5B -20160327062851 2 6 100 8191 5 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD606E1A47 -20160327081155 2 6 100 8191 5 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD61A5005F -20160327123555 2 6 100 8191 5 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD64D2A70F -20160327223323 2 6 100 8191 2 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD6BD47A7B -20160328011117 2 6 100 8191 5 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD6DAD19BF -20160328031621 2 6 100 8191 2 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD6F1E5643 -20160328081352 2 6 100 8191 2 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD7291B183 -20160328130100 2 6 100 8191 2 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD75E7418B -20160328200420 2 6 100 8191 2 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD7AC63CBB -20160328203420 2 6 100 8191 2 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD7B12C7E3 -20160329051003 2 6 100 8191 2 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD80FE5033 -20160329150013 2 6 100 8191 2 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD87A1FCEB -20160329205744 2 6 100 8191 2 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD8BA2A65B -20160330010039 2 6 100 8191 2 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD8E545E13 -20160330064620 2 6 100 8191 2 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD922B39AB -20160330195544 2 6 100 8191 5 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD9AE926F7 -20160330202118 2 6 100 8191 2 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD9B2841A3 -20160331010824 2 6 100 8191 5 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DD9E522A6F -20160331155606 2 6 100 8191 2 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DDA80BFF2B -20160401003202 2 6 100 8191 5 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DDADA756E7 -20160401083841 2 6 100 8191 5 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DDB2E0BFC7 -20160401133333 2 6 100 8191 5 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DDB612067F -20160401171656 2 6 100 8191 2 E8E5A3AF93DBD4FB99E4325B3B9308AE7731E7E27B532A2D0AF5306CB249EF6C63C7DFB66FC19B8E84A5672B378D77DD413933ACA7F62EABCD4012865D9336A47AD7E596B21EA5B6A2695C0F6C1C70D92CFF3CA18522B29993AA0A43A6849CEFFF53DF7E33C833B5B0037D8906528C80F98C2FC22F0C43B933795D153ECD05FC0D734F4EC61BBBD611F61CACA7CEC4FEF72A127074ACF73A11B1004A954C48D18E74B534E318069C5CE76C1D9BBB0326432B3C39F26058B6D6077B562CBE0DCA4E5B53F1CF9B80EB4F40DA6DAADF924DD2E7A689321F1558FFB55DA7B91009767791BDA252285D117D45A77FF044F467273CDEA8D4B5AC83DBF16DDB8F5FA4C1556129FFF4213D199DE4E0996BAA284FEC13A86A9F81E7FEAD84B4C59CC6DD641ADDE2E74DEAAD096E53F1F9509BF4A5405BAE67B7A1107E685D6CB934A422673ED632BD91BF84758C9B504DBFF7835E36B038C74400C983452CFEE72FACF76D3AE196BA44DF804657B92D6B646DA47910E53FAE8979C1DA9120C672CD4AAD18A7BDBA2AD397F7B0E01AA7AF4700F9A83EDBA90D25F74C1DCE0520BA9DE24636629D0140BB4BC6C2A703103E5A234BBB9154AEBA22D48F8EBC37368CCC68DC6BA310E2060EC37BCA2BF7DBD68F951BB23D7C018DB2CBC74752F5CED8ECA04EC743A8F4B503831DB09C387F6BD3A7DF1A25BCA452FFB852B134B67CCE4B0141E84B3D796BFDE7BFB2C34760C64200D40728560598B6FB965C0187495318A6EE97E6648F476939AE82F3D9D51761652672CFB3263385219E41D9A26ECFD975AB2005F67B9B6DB6D72ACE42C5079C2E11BEF3B2C0B334E9D4C2EFE518AD4BB8C0A9A995F99B4625D570E283D41EB4542BA37ADCEB772E45F77A72071874CBF8E9C2022DB9FAB62BB8BB11F72416193D10F4A493BDD9FB68A3BADF8130AE380D1987CD5ECCD6D9F5AD2F219D0076964D17F2232E5DAACB832D6E54A0CDAE72302C52604675053C5ED83680DB1D5A2FB9D4885B61E29465FDC016B9CE5DD93582A7221167E77C194C6E7A6D00E98A3E0FBE3987B1C5C1562AE878FC14AC7458003F949665D92F4F01B7A511C9C9126B79E32258AD5BFAB38B91B710AFDD222312DB543EA712C60CF8C8C0C9A7968A9AED867EA11E9718D25EF8A21F18A2F2B3FB28944F8E049705ADC399296AFBA30228CC7AF6D39F49689A16FF5FD64F09A2233970885EB76AEF2650D9A16CA594A3C67F0640095D10FB6E818BDC512F36446FB7277480BA1947D49A8AB5D78965DB16F2E50BFD09910DB0DD99654A32E07C86CF1601D618E7B9D2745C4CFC983E3D48FFE5A08AA471B29DD0E7BBE6DC1DE82FF8988E76835D0E03C177945886DC273C9C91B8B0950E7619490125AFC453772CB66D45D3CEBA3AFA919AE4AEF42D36AF7EDC4C5F030B5720C82FB229E9DDB86F198B +20170623034823 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EAE4E76CB +20170623034906 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EAEB63283 +20170623034928 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EAEE49C27 +20170623034936 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EAEF2BE1B +20170623034957 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EAF22F2D7 +20170623035029 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EAF68D3A7 +20170623035052 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EAF9A9793 +20170623035228 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB085C01B +20170623035326 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB1140217 +20170623035332 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB11ACBD7 +20170623035408 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB16AD187 +20170623035414 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB1737B53 +20170623035442 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB1B1C483 +20170623035454 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB1C8B93B +20170623035510 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB1EAD06B +20170623035525 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB208DA8B +20170623035553 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB2498F17 +20170623035604 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB25D82D3 +20170623035609 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB262420F +20170623035735 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB3376DEF +20170623035801 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB370E193 +20170623035916 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB426D9CF +20170623035935 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB44E559B +20170623035955 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB4777177 +20170623040012 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB4995E77 +20170623040023 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB4ACAF8B +20170623040032 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB4BB1ADB +20170623040120 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB52D4F1F +20170623040131 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB542306B +20170623040202 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB5899CB7 +20170623040216 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB5A317FB +20170623040224 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB5AEBE43 +20170623040246 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB5E190BF +20170623040254 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB5EBE533 +20170623040334 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB649ECAF +20170623040448 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C4B50D13 +20170623040459 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C4C9F477 +20170623040510 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C4DDC50B +20170623040603 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C55E2BE7 +20170623040614 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C5715757 +20170623040626 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C58A0617 +20170623040632 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C5910FF7 +20170623040709 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C5E85ABB +20170623040729 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C61714B7 +20170623040745 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C6362DF7 +20170623040759 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C64F9EEB +20170623040829 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C6949627 +20170623040836 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C69F6763 +20170623040925 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C712B23B +20170623040941 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C7336C6F +20170623041004 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C76418FB +20170623041040 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C7B6A153 +20170623041049 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C7C6F12F +20170623041059 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C7D798EF +20170623041129 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C81D54F3 +20170623041311 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C919987F +20170623041314 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C91A831B +20170623041341 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C95422FF +20170623041350 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C9646B7F +20170623041354 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C9662E87 +20170623041503 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3CA105123 +20170623041522 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3CA3BE707 +20170623041541 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3CA620DAB +20170623041546 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3CA66FFC3 +20170623041620 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3CAB69493 +20170623041704 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3CB1C2B4B +20170623041709 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3CB1FD10B +20170623041747 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3CB7550DB +20170623041822 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3CBC63D2B +20170623041830 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3CBD499AB +20170623043901 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5508B03E93 +20170623044452 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5509C5C937 +20170623044600 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5509F436FB +20170623044825 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB550A640733 +20170623045050 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB550AD6755B +20170623045124 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB550AE93B43 +20170623045420 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB550B6F1ED3 +20170623045805 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB550C20298F +20170623045930 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB550C5914BF +20170623050341 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB550D1A1773 +20170623050720 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB550DC219FB +20170623051801 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB550FBDD1AF +20170623052216 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5510842093 +20170623052416 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5510DBFCD7 +20170623052526 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB55110BB843 +20170623052831 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB551196B36B +20170623053119 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB551217A237 +20170623053458 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5512C20307 +20170623053734 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB55133990CB +20170623054412 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5514721AB3 +20170623054517 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB55149F4D0B +20170623055017 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB551583DD9B +20170623055422 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB55163A7903 +20170623055449 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5516475E5F +20170623055516 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5516556F37 +20170623055539 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB55165F8F67 +20170623055716 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5516A5CA13 +20170623055812 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5516C8A4A3 +20170623055846 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5516DBF96B +20170623060438 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5517E20F03 +20170623060534 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB551803F1D7 +20170623060551 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB55180824C7 +20170623060759 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5518622977 +20170623061152 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB55190DD957 +20170623061950 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21EBBB813F +20170623062054 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21EBE73A63 +20170623062250 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21EC3B7BBB +20170623062850 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21ED5538D7 +20170623063051 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21EDADBD87 +20170623063106 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21EDB14127 +20170623063228 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21EDEBD58B +20170623063242 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21EDEE14B3 +20170623063301 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21EDF542E7 +20170623063538 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21EE64F8A3 +20170623063759 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21EEC9D597 +20170623064815 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F0A8EB1F +20170623065609 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F21F5CB7 +20170623070150 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F32604CB +20170623070933 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F48C5ED3 +20170623071215 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F5044ECB +20170623071504 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F5815613 +20170623071625 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F5B8F8AB +20170623071723 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F5DE3F7B +20170623071945 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F645009B +20170623072445 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F721A837 +20170623072516 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F731AF17 +20170623073343 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F8B6F58F +20170623073442 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F8DA7A47 +20170623073826 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F983F783 +20170623074239 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21FA40B7CF +20170623074307 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21FA4F193B +20170623074345 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21FA61D323 +20170623074648 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21FAEB991B +20170623074919 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21FB5876F7 +20170623075011 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21FB79557F +20170623075040 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21FB88E5F7 +20170623075211 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21FBC86DF3 +20170623075233 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21FBD19D1B +20170623075313 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21FBE8A97F +20170623080026 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21FD35417B +20170623082844 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069919E3F0A3 +20170623084111 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB47998481906991AE37AEB +20170623091322 2 6 100 4095 5 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB47998481906991D857A5F +20170623095654 2 6 100 4095 5 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB4799848190699210172E7 +20170623095828 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069921188C6B +20170623095901 2 6 100 4095 5 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB4799848190699211B667F +20170623100423 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069921818383 +20170623101338 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB4799848190699223C1F3B +20170623101757 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB4799848190699228B3683 +20170623104910 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB4799848190699250221BB +20170623110231 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB4799848190699260AC373 +20170623110814 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB47998481906992672C113 +20170623113826 2 6 100 4095 5 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069928D90D4F +20170623120249 2 6 100 4095 5 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB47998481906992AC1BA3F +20170623121815 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB47998481906992BFC1B7B +20170623122456 2 6 100 4095 5 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB47998481906992C7EB0CF +20170623123432 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB47998481906992D3D886B +20170623125910 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB47998481906992F34AA0B +20170623130350 2 6 100 4095 5 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB47998481906992F8B1CFF +20170623131900 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069930BE28FB +20170623132006 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069930CCBBC3 +20170623134400 2 6 100 4095 5 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069932B40887 +20170623134659 2 6 100 4095 5 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069932E77127 +20170623140059 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069934031953 +20170623140936 2 6 100 4095 5 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069934AC3B0F +20170623142309 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069935BCCF33 +20170623142743 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB47998481906993611A26B +20170623150027 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069938A6965B +20170623150107 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069938AB78CB +20170623150738 2 6 100 4095 5 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB4799848190699392AA267 +20170623152234 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988DA657F33 +20170623152823 2 6 100 4095 5 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988DAD58DFF +20170623153243 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988DB1F719B +20170623153719 2 6 100 4095 5 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988DB76316F +20170623154606 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988DC289BA3 +20170623155435 2 6 100 4095 5 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988DCCFF757 +20170623161905 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988DEC7BD43 +20170623163928 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988E064A38B +20170623164410 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988E0BD160B +20170623172908 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988E467E87B +20170623174045 2 6 100 4095 5 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988E54CE16F +20170623175902 2 6 100 4095 5 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988E6CA185F +20170623180229 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988E706D14B +20170623180811 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988E76F7CD3 +20170623180923 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988E77E8123 +20170623182724 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988E8D82A2B +20170623185420 2 6 100 4095 5 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988EAF9DAE7 +20170623195226 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988EFA2202B +20170623195633 2 6 100 4095 5 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988EFEED5BF +20170623201051 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F10F59CB +20170623202959 2 6 100 4095 5 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F2921927 +20170623203734 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F32287EB +20170623204218 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F37F8B03 +20170623204329 2 6 100 4095 5 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F38F411F +20170623204840 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F3EE7B13 +20170623205709 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F493374B +20170623205814 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F4A24813 +20170623210627 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F53F787B +20170623210958 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F57EC8EB +20170623211248 2 6 100 4095 5 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F5B1A9D7 +20170623213826 2 6 100 4095 5 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F7B2A7AF +20170623213924 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F7BDBA73 +20170623214723 2 6 100 4095 5 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F8513E37 +20170623233949 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D915376BC3 +20170624020214 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D918FF036F +20170624030028 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D91A80668F +20170624033630 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D91B697BC3 +20170624052652 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D91E5556DB +20170624075515 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D922262F73 +20170624103157 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D92638CCD7 +20170624120558 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D92895C273 +20170624130210 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D92A0429E7 +20170624131317 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D92A441063 +20170624132538 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D92A8E794F +20170624133715 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D92AD26E07 +20170624145051 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D92CB7412F +20170624163751 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D92F668E7B +20170624172739 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D930A8FC4B +20170624174055 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D930F6B80B +20170624185924 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D932ED85B7 +20170624220917 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D937BF2B3B +20170624222456 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D9381B839B +20170625033902 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D94007305B +20170625053719 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D942F8C1E7 +20170625062259 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D944178FAB +20170625072908 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D945B1B3DF +20170625075138 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D9463A10C3 +20170625080610 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D94691AE5B +20170625112146 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D94B5B8CDB +20170625113648 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D94BB43777 +20170625131459 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D94E2020A7 +20170625141110 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D94F7F2B87 +20170625144415 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D9504A46D3 +20170625145639 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D9508CDF97 +20170625203254 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D958CDC1DB +20170625215049 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D95AA6BE13 +20170625220255 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D95AE8D4FF +20170626000351 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973A06777EB +20170626010044 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973A1E685DB +20170626011405 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973A237A0AB +20170626020723 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973A39C76DB +20170626021405 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973A3C0D837 +20170626025354 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973A4CB1E73 +20170626025848 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973A4E33427 +20170626034407 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973A60D840F +20170626042648 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973A7271AD3 +20170626063327 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973AA7A8227 +20170626073301 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973AC001F7B +20170626073912 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973AC204247 +20170626083935 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973ADB29CEF +20170626085130 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973ADFA675B +20170626103016 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973B0702723 +20170626110918 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973B1648BFF +20170626113343 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973B1F924B3 +20170626150922 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973B78B107B +20170626162428 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973B972EB6B +20170626171558 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973BAC16547 +20170626231518 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973C3C4E533 +20170627001636 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973C53DC917 +20170627023229 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973C8A24E33 +20170627055348 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973CDB0A037 +20170627085558 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973D234059B +20170627111046 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973D57B1B3B +20170627114331 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973D63E6527 +20170627143549 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973DA76351B +20170627150713 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973DB2FF40B +20170627151417 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973DB566CC3 +20170627162358 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973DD096627 +20170627175138 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973DF2B3477 +20170627180034 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973DF5CD463 +20170627192816 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973E16B337B +20170627194138 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973E1B23A4B +20170627235654 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6CE22848CB +20170628025708 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6CE4C7FC03 +20170628090844 2 6 100 7679 5 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6CEA316C0F +20170628104935 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6CEB9D111B +20170628114328 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6CEC57837B +20170628155547 2 6 100 7679 5 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6CEFEB085F +20170628161354 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6CF024A37B +20170629103301 2 6 100 7679 5 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6CF75BD46F +20170629121023 2 6 100 7679 5 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6CF8B74F97 +20170630003105 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D0331EC63 +20170630052003 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D04F2C61B +20170630145450 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D0CF7BF93 +20170701010810 2 6 100 7679 5 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D1578081F +20170701015400 2 6 100 7679 5 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D161119BF +20170701082405 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D1B5FB48B +20170701092427 2 6 100 7679 5 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D1C2B0E47 +20170701161137 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D21ABD21B +20170702022204 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D29CF7033 +20170702023811 2 6 100 7679 5 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D29FB9AAF +20170702062241 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D2CED4213 +20170702082528 2 6 100 7679 5 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D2E88DA5F +20170702151719 2 6 100 7679 5 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D33FAA757 +20170702175101 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D360021F3 +20170702200102 2 6 100 7679 5 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D37A9C6C7 +20170703011731 2 6 100 7679 5 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D3BCD4977 +20170703155054 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D431F42D3 +20170704184253 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936A2722BB3 +20170704204537 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936A4446CCB +20170705051520 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936ABC7F083 +20170705084652 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936AED1CC73 +20170705094007 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936AF8A26FF +20170705115139 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936B15913CF +20170705123819 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936B1FD105B +20170705150548 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936B411305B +20170705152103 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936B43D87FB +20170705174143 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936B637D557 +20170706120313 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936C5C0BE63 +20170706131942 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936C6CA2F0F +20170706141404 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936C781A68B +20170706153843 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936C8A1C2AB +20170706173242 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936CA322EEF +20170706183451 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936CB02939B +20170706184330 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936CB163C7B +20170706195815 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936CC15613B +20170707002909 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936CFBE39B3 +20170707012259 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936D06F0ADF +20170707064939 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936D4E0A703 +20170707065604 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936D4EE0BAF +20170707120623 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936D9082CA3 +20170707121752 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936D928FC67 +20170707164931 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936DCD75823 +20170707220455 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936E0F28243 +20170707233018 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936E20BF7B3 +20170708014205 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936E3C89587 +20170708023140 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936E469C123 +20170708053646 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936E6DBCAE7 +20170708071735 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936E8297A7F +20170708072409 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936E836D247 +20170708102649 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936EA984FCF +20170708144918 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936EE06AB6B +20170708163647 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936EF6DD803 +20170708181531 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936F0B07D83 +20170708234000 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936F4E4D5BF +20170709023719 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936F727B0C3 +20170709063946 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936FA3DA1B3 +20170709093311 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936FC71EB57 +20170709151341 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D14593700D34957 +20170709162318 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D14593701B3041F +20170709184215 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D1459370374B3A3 +20170709215933 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D14593705ED75E7 +20170710000252 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145937077174C3 +20170710052851 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D1459370B975DE3 +20170710074510 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C8898200FD23 +20170710114649 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C88984F315BB +20170711033842 2 6 100 8191 5 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C88990A1C3A7 +20170711064933 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C88992F18383 +20170711070835 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C8899321BE1B +20170712081942 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889A5694573 +20170712175235 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889AC1C9503 +20170712184856 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889ACBA643B +20170712224446 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889AF76B1E3 +20170713034208 2 6 100 8191 5 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889B2F38EEF +20170713034622 2 6 100 8191 5 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889B2F6567F +20170713071216 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889B55B411B +20170713222010 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889BFD2C803 +20170714013005 2 6 100 8191 5 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889C1EF6397 +20170714094721 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889C7A27293 +20170714141853 2 6 100 8191 5 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889CAA42B27 +20170714204505 2 6 100 8191 5 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889CEF31E77 +20170714205139 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889CEFD860B +20170714214942 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889CF9B7253 +20170714230801 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889D071D153 +20170715054028 2 6 100 8191 5 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889D4C6B33F +20170715152910 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889DB4248D3 +20170715213011 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889DF38680B +20170716095854 2 6 100 8191 5 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889E75F9737 +20170716115603 2 6 100 8191 5 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889E896321F +20170717072754 2 6 100 8191 5 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889F528B29F +20170718103850 2 6 100 8191 5 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889FB304F4F +20170718123146 2 6 100 8191 5 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889FC58729F +20170718203220 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C88A012AA89B +20170718211015 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C88A0186FF33 +20170719070720 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA225378FA20B88F +20170719080355 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA225378FABF2F5B +20170719081323 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA225378FAD37237 +20170719083433 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA225378FB0C1BEB +20170719124018 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA225378FDE8D93F +20170720083815 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA2253790C2785C7 +20170720203303 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA225379147CF99B +20170721064950 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA2253791BAF7AFB +20170721151849 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA225379217C124F +20170721220636 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA225379260D3263 +20170722033935 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA22537929DAE9CB +20170722155118 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA225379320A3B27 +20170722181755 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA22537933A7A623 +20170722212038 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA225379359D2C63 +20170722230812 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA22537936C5DA37 +20170723005838 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA22537937F9469F +20170723041453 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA2253793A1DBF1B +20170723051250 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA2253793AB9FC9B +20170723112206 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA2253793EBF09F7 +20170723140224 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA2253794072005B +20170723170945 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA225379427689A7 +20170724050156 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA2253794A23E407 +20170724065019 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA2253794B47E553 +20170725032628 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA225379588A6BE3 +20170725142722 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA2253795F8CFE9B +20170725192821 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA22537962B35BAB +20170726032919 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA22537967BE1D7F +20170726062511 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA22537969930233 +20170726073958 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA2253796A4B8B7B +20170726144150 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA2253796EA9D3DF +20170726150548 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA2253796EE14A73 diff --git a/moduli.c b/moduli.c index e983b07b74c9..233cba8e881a 100644 --- a/moduli.c +++ b/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.31 2016/09/12 01:22:38 deraadt Exp $ */ +/* $OpenBSD: moduli.c,v 1.32 2017/12/08 03:45:52 deraadt Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -412,8 +412,8 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start) time(&time_stop); - logit("%.24s Sieved with %u small primes in %ld seconds", - ctime(&time_stop), largetries, (long) (time_stop - time_start)); + logit("%.24s Sieved with %u small primes in %lld seconds", + ctime(&time_stop), largetries, (long long)(time_stop - time_start)); for (j = r = 0; j < largebits; j++) { if (BIT_TEST(LargeSieve, j)) diff --git a/monitor.c b/monitor.c index f517da482ce5..c68e1b0d912f 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.174 2017/10/02 19:33:20 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.180 2018/03/03 03:15:51 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -116,6 +116,7 @@ extern u_char session_id[]; extern Buffer auth_debug; extern int auth_debug_init; extern Buffer loginmsg; +extern struct sshauthopt *auth_opts; /* XXX move to permanent ssh->authctxt? */ /* State exported from the child */ static struct sshbuf *child_state; @@ -172,6 +173,7 @@ static Authctxt *authctxt; static u_char *key_blob = NULL; static u_int key_bloblen = 0; static int key_blobtype = MM_NOKEY; +static struct sshauthopt *key_opts = NULL; static char *hostbased_cuser = NULL; static char *hostbased_chost = NULL; static char *auth_method = "unknown"; @@ -252,7 +254,6 @@ struct mon_table mon_dispatch_postauth20[] = { struct mon_table *mon_dispatch; /* Specifies if a certain message is allowed at the moment */ - static void monitor_permit(struct mon_table *ent, enum monitor_reqtype type, int permit) { @@ -289,12 +290,15 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) debug3("preauth child monitor started"); - close(pmonitor->m_recvfd); - close(pmonitor->m_log_sendfd); + if (pmonitor->m_recvfd >= 0) + close(pmonitor->m_recvfd); + if (pmonitor->m_log_sendfd >= 0) + close(pmonitor->m_log_sendfd); pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1; authctxt = _authctxt; memset(authctxt, 0, sizeof(*authctxt)); + ssh->authctxt = authctxt; authctxt->loginmsg = &loginmsg; @@ -329,7 +333,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) fatal("%s: unexpected authentication from %d", __func__, ent->type); if (authctxt->pw->pw_uid == 0 && - !auth_root_allowed(auth_method)) + !auth_root_allowed(ssh, auth_method)) authenticated = 0; #ifdef USE_PAM /* PAM needs to perform account checks after auth */ @@ -363,6 +367,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) debug("%s: %s has been authenticated by privileged process", __func__, authctxt->user); + ssh->authctxt = NULL; ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user); mm_get_keystate(pmonitor); @@ -371,8 +376,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0) ; - close(pmonitor->m_sendfd); - close(pmonitor->m_log_recvfd); + if (pmonitor->m_recvfd >= 0) + close(pmonitor->m_recvfd); + if (pmonitor->m_log_sendfd >= 0) + close(pmonitor->m_log_sendfd); pmonitor->m_sendfd = pmonitor->m_log_recvfd = -1; } @@ -409,7 +416,7 @@ monitor_child_postauth(struct monitor *pmonitor) monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); - if (!no_pty_flag) { + if (auth_opts->permit_pty_flag) { monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); } @@ -554,9 +561,11 @@ monitor_reset_key_state(void) free(key_blob); free(hostbased_cuser); free(hostbased_chost); + sshauthopt_free(key_opts); key_blob = NULL; key_bloblen = 0; key_blobtype = MM_NOKEY; + key_opts = NULL; hostbased_cuser = NULL; hostbased_chost = NULL; } @@ -760,12 +769,10 @@ mm_answer_pwnamallow(int sock, Buffer *m) for (i = 0; i < options.nx; i++) \ buffer_put_cstring(m, options.x[i]); \ } while (0) -#define M_CP_STRARRAYOPT_ALLOC(x, nx) M_CP_STRARRAYOPT(x, nx) /* See comment in servconf.h */ COPY_MATCH_STRING_OPTS(); #undef M_CP_STROPT #undef M_CP_STRARRAYOPT -#undef M_CP_STRARRAYOPT_ALLOC /* Create valid auth method lists */ if (auth2_setup_methods_lists(authctxt) != 0) { @@ -826,6 +833,7 @@ mm_answer_authserv(int sock, Buffer *m) int mm_answer_authpassword(int sock, Buffer *m) { + struct ssh *ssh = active_state; /* XXX */ static int call_count; char *passwd; int authenticated; @@ -836,7 +844,7 @@ mm_answer_authpassword(int sock, Buffer *m) passwd = buffer_get_string(m, &plen); /* Only authenticate if the context is valid */ authenticated = options.password_authentication && - auth_password(authctxt, passwd); + auth_password(ssh, passwd); explicit_bzero(passwd, strlen(passwd)); free(passwd); @@ -1127,15 +1135,16 @@ mm_answer_pam_free_ctx(int sock, Buffer *m) int mm_answer_keyallowed(int sock, Buffer *m) { + struct ssh *ssh = active_state; /* XXX */ struct sshkey *key; char *cuser, *chost; u_char *blob; u_int bloblen, pubkey_auth_attempt; enum mm_keytype type = 0; - int allowed = 0; + int r, allowed = 0; + struct sshauthopt *opts = NULL; debug3("%s entering", __func__); - type = buffer_get_int(m); cuser = buffer_get_string(m, NULL); chost = buffer_get_string(m, NULL); @@ -1154,28 +1163,31 @@ mm_answer_keyallowed(int sock, Buffer *m) switch (type) { case MM_USERKEY: - allowed = options.pubkey_authentication && - !auth2_key_already_used(authctxt, key) && - match_pattern_list(sshkey_ssh_name(key), - options.pubkey_key_types, 0) == 1 && - user_key_allowed(authctxt->pw, key, - pubkey_auth_attempt); auth_method = "publickey"; - if (options.pubkey_authentication && - (!pubkey_auth_attempt || allowed != 1)) - auth_clear_options(); + if (!options.pubkey_authentication) + break; + if (auth2_key_already_used(authctxt, key)) + break; + if (match_pattern_list(sshkey_ssh_name(key), + options.pubkey_key_types, 0) != 1) + break; + allowed = user_key_allowed(ssh, authctxt->pw, key, + pubkey_auth_attempt, &opts); break; case MM_HOSTKEY: - allowed = options.hostbased_authentication && - !auth2_key_already_used(authctxt, key) && - match_pattern_list(sshkey_ssh_name(key), - options.hostbased_key_types, 0) == 1 && - hostbased_key_allowed(authctxt->pw, + auth_method = "hostbased"; + if (!options.hostbased_authentication) + break; + if (auth2_key_already_used(authctxt, key)) + break; + if (match_pattern_list(sshkey_ssh_name(key), + options.hostbased_key_types, 0) != 1) + break; + allowed = hostbased_key_allowed(authctxt->pw, cuser, chost, key); auth2_record_info(authctxt, "client user \"%.100s\", client host \"%.100s\"", cuser, chost); - auth_method = "hostbased"; break; default: fatal("%s: unknown key type %d", __func__, type); @@ -1183,7 +1195,10 @@ mm_answer_keyallowed(int sock, Buffer *m) } } - debug3("%s: key is %s", __func__, allowed ? "allowed" : "not allowed"); + debug3("%s: %s authentication%s: %s key is %s", __func__, + auth_method, pubkey_auth_attempt ? "" : " test", + (key == NULL || !authctxt->valid) ? "invalid" : sshkey_type(key), + allowed ? "allowed" : "not allowed"); auth2_record_key(authctxt, 0, key); sshkey_free(key); @@ -1196,6 +1211,7 @@ mm_answer_keyallowed(int sock, Buffer *m) key_blob = blob; key_bloblen = bloblen; key_blobtype = type; + key_opts = opts; hostbased_cuser = cuser; hostbased_chost = chost; } else { @@ -1208,10 +1224,13 @@ mm_answer_keyallowed(int sock, Buffer *m) buffer_clear(m); buffer_put_int(m, allowed); - buffer_put_int(m, forced_command != NULL); - + if (opts != NULL && (r = sshauthopt_serialise(opts, m, 1)) != 0) + fatal("%s: sshauthopt_serialise: %s", __func__, ssh_err(r)); mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m); + if (!allowed) + sshauthopt_free(opts); + return (0); } @@ -1257,18 +1276,13 @@ monitor_valid_userblob(u_char *data, u_int datalen) free(userstyle); free(cp); buffer_skip_string(&b); - if (datafellows & SSH_BUG_PKAUTH) { - if (!buffer_get_char(&b)) - fail++; - } else { - cp = buffer_get_cstring(&b, NULL); - if (strcmp("publickey", cp) != 0) - fail++; - free(cp); - if (!buffer_get_char(&b)) - fail++; - buffer_skip_string(&b); - } + cp = buffer_get_cstring(&b, NULL); + if (strcmp("publickey", cp) != 0) + fail++; + free(cp); + if (!buffer_get_char(&b)) + fail++; + buffer_skip_string(&b); buffer_skip_string(&b); if (buffer_len(&b) != 0) fail++; @@ -1339,20 +1353,29 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, int mm_answer_keyverify(int sock, struct sshbuf *m) { + struct ssh *ssh = active_state; /* XXX */ struct sshkey *key; u_char *signature, *data, *blob; + char *sigalg; size_t signaturelen, datalen, bloblen; int r, ret, valid_data = 0, encoded_ret; if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 || (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 || - (r = sshbuf_get_string(m, &data, &datalen)) != 0) + (r = sshbuf_get_string(m, &data, &datalen)) != 0 || + (r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (hostbased_cuser == NULL || hostbased_chost == NULL || !monitor_allowed_key(blob, bloblen)) fatal("%s: bad key, not previously allowed", __func__); + /* Empty signature algorithm means NULL. */ + if (*sigalg == '\0') { + free(sigalg); + sigalg = NULL; + } + /* XXX use sshkey_froms here; need to change key_blob, etc. */ if ((r = sshkey_from_blob(blob, bloblen, &key)) != 0) fatal("%s: bad public key blob: %s", __func__, ssh_err(r)); @@ -1375,7 +1398,7 @@ mm_answer_keyverify(int sock, struct sshbuf *m) fatal("%s: bad signature data blob", __func__); ret = sshkey_verify(key, signature, signaturelen, data, datalen, - active_state->compat); + sigalg, active_state->compat); debug3("%s: %s %p signature %s", __func__, auth_method, key, (ret == 0) ? "verified" : "unverified"); auth2_record_key(authctxt, ret == 0, key); @@ -1383,7 +1406,10 @@ mm_answer_keyverify(int sock, struct sshbuf *m) free(blob); free(signature); free(data); + free(sigalg); + if (key_blobtype == MM_USERKEY) + auth_activate_options(ssh, key_opts); monitor_reset_key_state(); sshkey_free(key); diff --git a/monitor_wrap.c b/monitor_wrap.c index 69212aaf330b..9666bda4ba8a 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.94 2017/10/02 19:33:20 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.99 2018/03/03 03:15:51 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -76,7 +76,6 @@ #include "atomicio.h" #include "monitor_fdpass.h" #include "misc.h" -#include "uuencode.h" #include "channels.h" #include "session.h" @@ -287,19 +286,15 @@ out: newopts->x = buffer_get_string(&m, NULL); \ } while (0) #define M_CP_STRARRAYOPT(x, nx) do { \ - for (i = 0; i < newopts->nx; i++) \ - newopts->x[i] = buffer_get_string(&m, NULL); \ - } while (0) -#define M_CP_STRARRAYOPT_ALLOC(x, nx) do { \ newopts->x = newopts->nx == 0 ? \ NULL : xcalloc(newopts->nx, sizeof(*newopts->x)); \ - M_CP_STRARRAYOPT(x, nx); \ + for (i = 0; i < newopts->nx; i++) \ + newopts->x[i] = buffer_get_string(&m, NULL); \ } while (0) /* See comment in servconf.h */ COPY_MATCH_STRING_OPTS(); #undef M_CP_STROPT #undef M_CP_STRARRAYOPT -#undef M_CP_STRARRAYOPT_ALLOC copy_set_server_options(&options, newopts, 1); log_change_level(options.log_level); @@ -356,7 +351,7 @@ mm_inform_authserv(char *service, char *style) /* Do the password authentication */ int -mm_auth_password(Authctxt *authctxt, char *password) +mm_auth_password(struct ssh *ssh, char *password) { Buffer m; int authenticated = 0; @@ -383,34 +378,38 @@ mm_auth_password(Authctxt *authctxt, char *password) } int -mm_user_key_allowed(struct passwd *pw, struct sshkey *key, - int pubkey_auth_attempt) +mm_user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key, + int pubkey_auth_attempt, struct sshauthopt **authoptp) { return (mm_key_allowed(MM_USERKEY, NULL, NULL, key, - pubkey_auth_attempt)); + pubkey_auth_attempt, authoptp)); } int mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host, struct sshkey *key) { - return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0)); + return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0, NULL)); } int mm_key_allowed(enum mm_keytype type, const char *user, const char *host, - struct sshkey *key, int pubkey_auth_attempt) + struct sshkey *key, int pubkey_auth_attempt, struct sshauthopt **authoptp) { Buffer m; u_char *blob; u_int len; - int allowed = 0, have_forced = 0; + int r, allowed = 0; + struct sshauthopt *opts = NULL; debug3("%s entering", __func__); + if (authoptp != NULL) + *authoptp = NULL; + /* Convert the key to a blob and the pass it over */ if (!key_to_blob(key, &blob, &len)) - return (0); + return 0; buffer_init(&m); buffer_put_int(&m, type); @@ -423,18 +422,24 @@ mm_key_allowed(enum mm_keytype type, const char *user, const char *host, mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYALLOWED, &m); + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_KEYALLOWED, &m); allowed = buffer_get_int(&m); - - /* fake forced command */ - auth_clear_options(); - have_forced = buffer_get_int(&m); - forced_command = have_forced ? xstrdup("true") : NULL; - + if (allowed && type == MM_USERKEY) { + if ((r = sshauthopt_deserialise(&m, &opts)) != 0) + fatal("%s: sshauthopt_deserialise: %s", + __func__, ssh_err(r)); + } buffer_free(&m); - return (allowed); + if (authoptp != NULL) { + *authoptp = opts; + opts = NULL; + } + sshauthopt_free(opts); + + return allowed; } /* @@ -445,7 +450,7 @@ mm_key_allowed(enum mm_keytype type, const char *user, const char *host, int mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen, - const u_char *data, size_t datalen, u_int compat) + const u_char *data, size_t datalen, const char *sigalg, u_int compat) { Buffer m; u_char *blob; @@ -462,6 +467,7 @@ mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen, buffer_put_string(&m, blob, len); buffer_put_string(&m, sig, siglen); buffer_put_string(&m, data, datalen); + buffer_put_cstring(&m, sigalg == NULL ? "" : sigalg); free(blob); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m); diff --git a/monitor_wrap.h b/monitor_wrap.h index 9e032d204b40..762332704764 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.35 2017/05/31 08:09:45 markus Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.37 2018/03/03 03:15:51 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -35,6 +35,8 @@ enum mm_keytype { MM_NOKEY, MM_HOSTKEY, MM_USERKEY }; struct monitor; struct Authctxt; +struct sshkey; +struct sshauthopt; void mm_log_handler(LogLevel, const char *, void *); int mm_is_monitor(void); @@ -44,14 +46,15 @@ int mm_key_sign(struct sshkey *, u_char **, u_int *, const u_char *, u_int, void mm_inform_authserv(char *, char *); struct passwd *mm_getpwnamallow(const char *); char *mm_auth2_read_banner(void); -int mm_auth_password(struct Authctxt *, char *); +int mm_auth_password(struct ssh *, char *); int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *, - int); -int mm_user_key_allowed(struct passwd *, struct sshkey *, int); + int, struct sshauthopt **); +int mm_user_key_allowed(struct ssh *, struct passwd *, struct sshkey *, int, + struct sshauthopt **); int mm_hostbased_key_allowed(struct passwd *, const char *, const char *, struct sshkey *); int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t, - const u_char *, size_t, u_int); + const u_char *, size_t, const char *, u_int); #ifdef GSSAPI OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); diff --git a/opacket.c b/opacket.c index ad244b452634..fca48e5f5193 100644 --- a/opacket.c +++ b/opacket.c @@ -1,3 +1,4 @@ +/* $OpenBSD: opacket.c,v 1.7 2017/10/20 01:56:39 djm Exp $ */ /* Written by Markus Friedl. Placed in the public domain. */ #include "includes.h" diff --git a/opacket.h b/opacket.h index c49d0c04a790..b2c2e7f6a28b 100644 --- a/opacket.h +++ b/opacket.h @@ -1,3 +1,4 @@ +/* $OpenBSD: opacket.h,v 1.12 2017/10/20 01:56:39 djm Exp $ */ #ifndef _OPACKET_H /* Written by Markus Friedl. Placed in the public domain. */ diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index ac8ae4305d0b..8e3b42991382 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -1,5 +1,3 @@ -# $Id: Makefile.in,v 1.56 2014/09/30 23:43:08 djm Exp $ - sysconfdir=@sysconfdir@ piddir=@piddir@ srcdir=@srcdir@ @@ -16,11 +14,84 @@ RANLIB=@RANLIB@ INSTALL=@INSTALL@ LDFLAGS=-L. @LDFLAGS@ -OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o reallocarray.o realpath.o recallocarray.o rresvport.o setenv.o setproctitle.o sha1.o sha2.o rmd160.o md5.o sigact.o strcasestr.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o freezero.o +OPENBSD=base64.o \ + basename.o \ + bcrypt_pbkdf.o \ + bcrypt_pbkdf.o \ + bindresvport.o \ + blowfish.o \ + daemon.o \ + dirname.o \ + explicit_bzero.o \ + fmt_scaled.o \ + freezero.o \ + getcwd.o \ + getgrouplist.o \ + getopt_long.o \ + getrrsetbyname.o \ + glob.o \ + inet_aton.o \ + inet_ntoa.o \ + inet_ntop.o \ + md5.o \ + mktemp.o \ + pwcache.o \ + readpassphrase.o \ + reallocarray.o \ + realpath.o \ + recallocarray.o \ + rmd160.o \ + rresvport.o \ + setenv.o \ + setproctitle.o \ + sha1.o \ + sha2.o \ + sigact.o \ + strcasestr.o \ + strlcat.o \ + strlcpy.o \ + strmode.o \ + strndup.o \ + strnlen.o \ + strptime.o \ + strsep.o \ + strtoll.o \ + strtonum.o \ + strtoull.o \ + strtoul.o \ + timingsafe_bcmp.o \ + vis.o -COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-getpagesize.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-malloc.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o +COMPAT= arc4random.o \ + bsd-asprintf.o \ + bsd-closefrom.o \ + bsd-cygwin_util.o \ + bsd-err.o \ + bsd-flock.o \ + bsd-getpagesize.o \ + bsd-getpeereid.o \ + bsd-malloc.o \ + bsd-misc.o \ + bsd-nextstep.o \ + bsd-openpty.o \ + bsd-poll.o \ + bsd-setres_id.o \ + bsd-signal.o \ + bsd-snprintf.o \ + bsd-statvfs.o \ + bsd-waitpid.o \ + fake-rfc2553.o \ + getrrsetbyname-ldns.o \ + kludge-fd_set.o \ + openssl-compat.o \ + xcrypt.o -PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o +PORTS= port-aix.o \ + port-irix.o \ + port-linux.o \ + port-solaris.o \ + port-net.o \ + port-uw.o .c.o: $(CC) $(CFLAGS) $(CPPFLAGS) -c $< diff --git a/openbsd-compat/bsd-cray.c b/openbsd-compat/bsd-cray.c deleted file mode 100644 index c02e6326123c..000000000000 --- a/openbsd-compat/bsd-cray.c +++ /dev/null @@ -1,816 +0,0 @@ -/* - * - * bsd-cray.c - * - * Copyright (c) 2002, Cray Inc. (Wendy Palm ) - * Significant portions provided by - * Wayne Schroeder, SDSC - * William Jones, UTexas - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * Created: Apr 22 16.34:00 2002 wp - * - * This file contains functions required for proper execution - * on UNICOS systems. - * - */ -#ifdef _UNICOS - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "ssh.h" - -#include "includes.h" -#include "sys/types.h" - -#ifndef HAVE_STRUCT_SOCKADDR_STORAGE -# define _SS_MAXSIZE 128 /* Implementation specific max size */ -# define _SS_PADSIZE (_SS_MAXSIZE - sizeof (struct sockaddr)) - -# define ss_family ss_sa.sa_family -#endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */ - -#ifndef IN6_IS_ADDR_LOOPBACK -# define IN6_IS_ADDR_LOOPBACK(a) \ - (((u_int32_t *) (a))[0] == 0 && ((u_int32_t *) (a))[1] == 0 && \ - ((u_int32_t *) (a))[2] == 0 && ((u_int32_t *) (a))[3] == htonl (1)) -#endif /* !IN6_IS_ADDR_LOOPBACK */ - -#ifndef AF_INET6 -/* Define it to something that should never appear */ -#define AF_INET6 AF_MAX -#endif - -#include "log.h" -#include "servconf.h" -#include "bsd-cray.h" - -#define MAXACID 80 - -extern ServerOptions options; - -char cray_tmpdir[TPATHSIZ + 1]; /* job TMPDIR path */ - -struct sysv sysv; /* system security structure */ -struct usrv usrv; /* user security structure */ - -/* - * Functions. - */ -void cray_retain_utmp(struct utmp *, int); -void cray_delete_tmpdir(char *, int, uid_t); -void cray_init_job(struct passwd *); -void cray_set_tmpdir(struct utmp *); -void cray_login_failure(char *, int); -int cray_setup(uid_t, char *, const char *); -int cray_access_denied(char *); - -void -cray_login_failure(char *username, int errcode) -{ - struct udb *ueptr; /* UDB pointer for username */ - ia_failure_t fsent; /* ia_failure structure */ - ia_failure_ret_t fret; /* ia_failure return stuff */ - struct jtab jtab; /* job table structure */ - int jid = 0; /* job id */ - - if ((jid = getjtab(&jtab)) < 0) - debug("cray_login_failure(): getjtab error"); - - getsysudb(); - if ((ueptr = getudbnam(username)) == UDB_NULL) - debug("cray_login_failure(): getudbname() returned NULL"); - endudb(); - - memset(&fsent, '\0', sizeof(fsent)); - fsent.revision = 0; - fsent.uname = username; - fsent.host = (char *)get_canonical_hostname(options.use_dns); - fsent.ttyn = "sshd"; - fsent.caller = IA_SSHD; - fsent.flags = IA_INTERACTIVE; - fsent.ueptr = ueptr; - fsent.jid = jid; - fsent.errcode = errcode; - fsent.pwdp = NULL; - fsent.exitcode = 0; /* dont exit in ia_failure() */ - - fret.revision = 0; - fret.normal = 0; - - /* - * Call ia_failure because of an login failure. - */ - ia_failure(&fsent, &fret); -} - -/* - * Cray access denied - */ -int -cray_access_denied(char *username) -{ - struct udb *ueptr; /* UDB pointer for username */ - int errcode; /* IA errorcode */ - - errcode = 0; - getsysudb(); - if ((ueptr = getudbnam(username)) == UDB_NULL) - debug("cray_login_failure(): getudbname() returned NULL"); - endudb(); - - if (ueptr != NULL && ueptr->ue_disabled) - errcode = IA_DISABLED; - if (errcode) - cray_login_failure(username, errcode); - - return (errcode); -} - -/* - * record_failed_login: generic "login failed" interface function - */ -void -record_failed_login(const char *user, const char *hostname, const char *ttyname) -{ - cray_login_failure((char *)user, IA_UDBERR); -} - -int -cray_setup (uid_t uid, char *username, const char *command) -{ - extern struct udb *getudb(); - extern char *setlimits(); - - int err; /* error return */ - time_t system_time; /* current system clock */ - time_t expiration_time; /* password expiration time */ - int maxattempts; /* maximum no. of failed login attempts */ - int SecureSys; /* unicos security flag */ - int minslevel = 0; /* system minimum security level */ - int i, j; - int valid_acct = -1; /* flag for reading valid acct */ - char acct_name[MAXACID] = { "" }; /* used to read acct name */ - struct jtab jtab; /* Job table struct */ - struct udb ue; /* udb entry for logging-in user */ - struct udb *up; /* pointer to UDB entry */ - struct secstat secinfo; /* file security attributes */ - struct servprov init_info; /* used for sesscntl() call */ - int jid; /* job ID */ - int pid; /* process ID */ - char *sr; /* status return from setlimits() */ - char *ttyn = NULL; /* ttyname or command name*/ - char hostname[MAXHOSTNAMELEN]; - /* passwd stuff for ia_user */ - passwd_t pwdacm, pwddialup, pwdudb, pwdwal, pwddce; - ia_user_ret_t uret; /* stuff returned from ia_user */ - ia_user_t usent; /* ia_user main structure */ - int ia_rcode; /* ia_user return code */ - ia_failure_t fsent; /* ia_failure structure */ - ia_failure_ret_t fret; /* ia_failure return stuff */ - ia_success_t ssent; /* ia_success structure */ - ia_success_ret_t sret; /* ia_success return stuff */ - int ia_mlsrcode; /* ia_mlsuser return code */ - int secstatrc; /* [f]secstat return code */ - - if (SecureSys = (int)sysconf(_SC_CRAY_SECURE_SYS)) { - getsysv(&sysv, sizeof(struct sysv)); - minslevel = sysv.sy_minlvl; - if (getusrv(&usrv) < 0) - fatal("getusrv() failed, errno = %d", errno); - } - hostname[0] = '\0'; - strlcpy(hostname, - (char *)get_canonical_hostname(options.use_dns), - MAXHOSTNAMELEN); - /* - * Fetch user's UDB entry. - */ - getsysudb(); - if ((up = getudbnam(username)) == UDB_NULL) - fatal("cannot fetch user's UDB entry"); - - /* - * Prevent any possible fudging so perform a data - * safety check and compare the supplied uid against - * the udb's uid. - */ - if (up->ue_uid != uid) - fatal("IA uid missmatch"); - endudb(); - - if ((jid = getjtab(&jtab)) < 0) { - debug("getjtab"); - return(-1); - } - pid = getpid(); - ttyn = ttyname(0); - if (SecureSys) { - if (ttyn != NULL) - secstatrc = secstat(ttyn, &secinfo); - else - secstatrc = fsecstat(1, &secinfo); - - if (secstatrc == 0) - debug("[f]secstat() successful"); - else - fatal("[f]secstat() error, rc = %d", secstatrc); - } - if ((ttyn == NULL) && ((char *)command != NULL)) - ttyn = (char *)command; - /* - * Initialize all structures to call ia_user - */ - usent.revision = 0; - usent.uname = username; - usent.host = hostname; - usent.ttyn = ttyn; - usent.caller = IA_SSHD; - usent.pswdlist = &pwdacm; - usent.ueptr = &ue; - usent.flags = IA_INTERACTIVE | IA_FFLAG; - pwdacm.atype = IA_SECURID; - pwdacm.pwdp = NULL; - pwdacm.next = &pwdudb; - - pwdudb.atype = IA_UDB; - pwdudb.pwdp = NULL; - pwdudb.next = &pwddce; - - pwddce.atype = IA_DCE; - pwddce.pwdp = NULL; - pwddce.next = &pwddialup; - - pwddialup.atype = IA_DIALUP; - pwddialup.pwdp = NULL; - /* pwddialup.next = &pwdwal; */ - pwddialup.next = NULL; - - pwdwal.atype = IA_WAL; - pwdwal.pwdp = NULL; - pwdwal.next = NULL; - - uret.revision = 0; - uret.pswd = NULL; - uret.normal = 0; - - ia_rcode = ia_user(&usent, &uret); - switch (ia_rcode) { - /* - * These are acceptable return codes from ia_user() - */ - case IA_UDBWEEK: /* Password Expires in 1 week */ - expiration_time = ue.ue_pwage.time + ue.ue_pwage.maxage; - printf ("WARNING - your current password will expire %s\n", - ctime((const time_t *)&expiration_time)); - break; - case IA_UDBEXPIRED: - if (ttyname(0) != NULL) { - /* Force a password change */ - printf("Your password has expired; Choose a new one.\n"); - execl("/bin/passwd", "passwd", username, 0); - exit(9); - } - break; - case IA_NORMAL: /* Normal Return Code */ - break; - case IA_BACKDOOR: - /* XXX: can we memset it to zero here so save some of this */ - strlcpy(ue.ue_name, "root", sizeof(ue.ue_name)); - strlcpy(ue.ue_dir, "/", sizeof(ue.ue_dir)); - strlcpy(ue.ue_shell, "/bin/sh", sizeof(ue.ue_shell)); - - ue.ue_passwd[0] = '\0'; - ue.ue_age[0] = '\0'; - ue.ue_comment[0] = '\0'; - ue.ue_loghost[0] = '\0'; - ue.ue_logline[0] = '\0'; - - ue.ue_uid = -1; - ue.ue_nice[UDBRC_INTER] = 0; - - for (i = 0; i < MAXVIDS; i++) - ue.ue_gids[i] = 0; - - ue.ue_logfails = 0; - ue.ue_minlvl = ue.ue_maxlvl = ue.ue_deflvl = minslevel; - ue.ue_defcomps = 0; - ue.ue_comparts = 0; - ue.ue_permits = 0; - ue.ue_trap = 0; - ue.ue_disabled = 0; - ue.ue_logtime = 0; - break; - case IA_CONSOLE: /* Superuser not from Console */ - case IA_TRUSTED: /* Trusted user */ - if (options.permit_root_login > PERMIT_NO) - break; /* Accept root login */ - default: - /* - * These are failed return codes from ia_user() - */ - switch (ia_rcode) - { - case IA_BADAUTH: - printf("Bad authorization, access denied.\n"); - break; - case IA_DISABLED: - printf("Your login has been disabled. Contact the system "); - printf("administrator for assistance.\n"); - break; - case IA_GETSYSV: - printf("getsysv() failed - errno = %d\n", errno); - break; - case IA_MAXLOGS: - printf("Maximum number of failed login attempts exceeded.\n"); - printf("Access denied.\n"); - break; - case IA_UDBPWDNULL: - if (SecureSys) - printf("NULL Password not allowed on MLS systems.\n"); - break; - default: - break; - } - - /* - * Authentication failed. - */ - printf("sshd: Login incorrect, (0%o)\n", - ia_rcode-IA_ERRORCODE); - - /* - * Initialize structure for ia_failure - * which will exit. - */ - fsent.revision = 0; - fsent.uname = username; - fsent.host = hostname; - fsent.ttyn = ttyn; - fsent.caller = IA_SSHD; - fsent.flags = IA_INTERACTIVE; - fsent.ueptr = &ue; - fsent.jid = jid; - fsent.errcode = ia_rcode; - fsent.pwdp = uret.pswd; - fsent.exitcode = 1; - - fret.revision = 0; - fret.normal = 0; - - /* - * Call ia_failure because of an IA failure. - * There is no return because ia_failure exits. - */ - ia_failure(&fsent, &fret); - - exit(1); - } - - ia_mlsrcode = IA_NORMAL; - if (SecureSys) { - debug("calling ia_mlsuser()"); - ia_mlsrcode = ia_mlsuser(&ue, &secinfo, &usrv, NULL, 0); - } - if (ia_mlsrcode != IA_NORMAL) { - printf("sshd: Login incorrect, (0%o)\n", - ia_mlsrcode-IA_ERRORCODE); - /* - * Initialize structure for ia_failure - * which will exit. - */ - fsent.revision = 0; - fsent.uname = username; - fsent.host = hostname; - fsent.ttyn = ttyn; - fsent.caller = IA_SSHD; - fsent.flags = IA_INTERACTIVE; - fsent.ueptr = &ue; - fsent.jid = jid; - fsent.errcode = ia_mlsrcode; - fsent.pwdp = uret.pswd; - fsent.exitcode = 1; - fret.revision = 0; - fret.normal = 0; - - /* - * Call ia_failure because of an IA failure. - * There is no return because ia_failure exits. - */ - ia_failure(&fsent,&fret); - exit(1); - } - - /* Provide login status information */ - if (options.print_lastlog && ue.ue_logtime != 0) { - printf("Last successful login was : %.*s ", 19, - (char *)ctime(&ue.ue_logtime)); - - if (*ue.ue_loghost != '\0') { - printf("from %.*s\n", sizeof(ue.ue_loghost), - ue.ue_loghost); - } else { - printf("on %.*s\n", sizeof(ue.ue_logline), - ue.ue_logline); - } - - if (SecureSys && (ue.ue_logfails != 0)) { - printf(" followed by %d failed attempts\n", - ue.ue_logfails); - } - } - - /* - * Call ia_success to process successful I/A. - */ - ssent.revision = 0; - ssent.uname = username; - ssent.host = hostname; - ssent.ttyn = ttyn; - ssent.caller = IA_SSHD; - ssent.flags = IA_INTERACTIVE; - ssent.ueptr = &ue; - ssent.jid = jid; - ssent.errcode = ia_rcode; - ssent.us = NULL; - ssent.time = 1; /* Set ue_logtime */ - - sret.revision = 0; - sret.normal = 0; - - ia_success(&ssent, &sret); - - /* - * Query for account, iff > 1 valid acid & askacid permbit - */ - if (((ue.ue_permbits & PERMBITS_ACCTID) || - (ue.ue_acids[0] >= 0) && (ue.ue_acids[1] >= 0)) && - ue.ue_permbits & PERMBITS_ASKACID) { - if (ttyname(0) != NULL) { - debug("cray_setup: ttyname true case, %.100s", ttyname); - while (valid_acct == -1) { - printf("Account (? for available accounts)" - " [%s]: ", acid2nam(ue.ue_acids[0])); - fgets(acct_name, MAXACID, stdin); - switch (acct_name[0]) { - case EOF: - exit(0); - break; - case '\0': - valid_acct = ue.ue_acids[0]; - strlcpy(acct_name, acid2nam(valid_acct), MAXACID); - break; - case '?': - /* Print the list 3 wide */ - for (i = 0, j = 0; i < MAXVIDS; i++) { - if (ue.ue_acids[i] == -1) { - printf("\n"); - break; - } - if (++j == 4) { - j = 1; - printf("\n"); - } - printf(" %s", - acid2nam(ue.ue_acids[i])); - } - if (ue.ue_permbits & PERMBITS_ACCTID) { - printf("\"acctid\" permbit also allows" - " you to select any valid " - "account name.\n"); - } - printf("\n"); - break; - default: - valid_acct = nam2acid(acct_name); - if (valid_acct == -1) - printf( - "Account id not found for" - " account name \"%s\"\n\n", - acct_name); - break; - } - /* - * If an account was given, search the user's - * acids array to verify they can use this account. - */ - if ((valid_acct != -1) && - !(ue.ue_permbits & PERMBITS_ACCTID)) { - for (i = 0; i < MAXVIDS; i++) { - if (ue.ue_acids[i] == -1) - break; - if (valid_acct == ue.ue_acids[i]) - break; - } - if (i == MAXVIDS || - ue.ue_acids[i] == -1) { - fprintf(stderr, "Cannot set" - " account name to " - "\"%s\", permission " - "denied\n\n", acct_name); - valid_acct = -1; - } - } - } - } else { - /* - * The client isn't connected to a terminal and can't - * respond to an acid prompt. Use default acid. - */ - debug("cray_setup: ttyname false case, %.100s", - ttyname); - valid_acct = ue.ue_acids[0]; - } - } else { - /* - * The user doesn't have the askacid permbit set or - * only has one valid account to use. - */ - valid_acct = ue.ue_acids[0]; - } - if (acctid(0, valid_acct) < 0) { - printf ("Bad account id: %d\n", valid_acct); - exit(1); - } - - /* - * Now set shares, quotas, limits, including CPU time for the - * (interactive) job and process, and set up permissions - * (for chown etc), etc. - */ - if (setshares(ue.ue_uid, valid_acct, printf, 0, 0)) { - printf("Unable to give %d shares to <%s>(%d/%d)\n", - ue.ue_shares, ue.ue_name, ue.ue_uid, valid_acct); - exit(1); - } - - sr = setlimits(username, C_PROC, pid, UDBRC_INTER); - if (sr != NULL) { - debug("%.200s", sr); - exit(1); - } - sr = setlimits(username, C_JOB, jid, UDBRC_INTER); - if (sr != NULL) { - debug("%.200s", sr); - exit(1); - } - /* - * Place the service provider information into - * the session table (Unicos) or job table (Unicos/mk). - * There exist double defines for the job/session table in - * unicos/mk (jtab.h) so no need for a compile time switch. - */ - memset(&init_info, '\0', sizeof(init_info)); - init_info.s_sessinit.si_id = URM_SPT_LOGIN; - init_info.s_sessinit.si_pid = getpid(); - init_info.s_sessinit.si_sid = jid; - sesscntl(0, S_SETSERVPO, (int)&init_info); - - /* - * Set user and controlling tty security attributes. - */ - if (SecureSys) { - if (setusrv(&usrv) == -1) { - debug("setusrv() failed, errno = %d",errno); - exit(1); - } - } - - return (0); -} - -/* - * The rc.* and /etc/sdaemon methods of starting a program on unicos/unicosmk - * can have pal privileges that sshd can inherit which - * could allow a user to su to root with out a password. - * This subroutine clears all privileges. - */ -void -drop_cray_privs() -{ -#if defined(_SC_CRAY_PRIV_SU) - priv_proc_t *privstate; - int result; - extern int priv_set_proc(); - extern priv_proc_t *priv_init_proc(); - - /* - * If ether of theses two flags are not set - * then don't allow this version of ssh to run. - */ - if (!sysconf(_SC_CRAY_PRIV_SU)) - fatal("Not PRIV_SU system."); - if (!sysconf(_SC_CRAY_POSIX_PRIV)) - fatal("Not POSIX_PRIV."); - - debug("Setting MLS labels.");; - - if (sysconf(_SC_CRAY_SECURE_MAC)) { - usrv.sv_minlvl = SYSLOW; - usrv.sv_actlvl = SYSHIGH; - usrv.sv_maxlvl = SYSHIGH; - } else { - usrv.sv_minlvl = sysv.sy_minlvl; - usrv.sv_actlvl = sysv.sy_minlvl; - usrv.sv_maxlvl = sysv.sy_maxlvl; - } - usrv.sv_actcmp = 0; - usrv.sv_valcmp = sysv.sy_valcmp; - - usrv.sv_intcat = TFM_SYSTEM; - usrv.sv_valcat |= (TFM_SYSTEM | TFM_SYSFILE); - - if (setusrv(&usrv) < 0) { - fatal("%s(%d): setusrv(): %s", __FILE__, __LINE__, - strerror(errno)); - } - - if ((privstate = priv_init_proc()) != NULL) { - result = priv_set_proc(privstate); - if (result != 0 ) { - fatal("%s(%d): priv_set_proc(): %s", - __FILE__, __LINE__, strerror(errno)); - } - priv_free_proc(privstate); - } - debug ("Privileges should be cleared..."); -#else - /* XXX: do this differently */ -# error Cray systems must be run with _SC_CRAY_PRIV_SU on! -#endif -} - - -/* - * Retain utmp/wtmp information - used by cray accounting. - */ -void -cray_retain_utmp(struct utmp *ut, int pid) -{ - int fd; - struct utmp utmp; - - if ((fd = open(UTMP_FILE, O_RDONLY)) != -1) { - /* XXX use atomicio */ - while (read(fd, (char *)&utmp, sizeof(utmp)) == sizeof(utmp)) { - if (pid == utmp.ut_pid) { - ut->ut_jid = utmp.ut_jid; - strncpy(ut->ut_tpath, utmp.ut_tpath, sizeof(utmp.ut_tpath)); - strncpy(ut->ut_host, utmp.ut_host, sizeof(utmp.ut_host)); - strncpy(ut->ut_name, utmp.ut_name, sizeof(utmp.ut_name)); - break; - } - } - close(fd); - } else - fatal("Unable to open utmp file"); -} - -/* - * tmpdir support. - */ - -/* - * find and delete jobs tmpdir. - */ -void -cray_delete_tmpdir(char *login, int jid, uid_t uid) -{ - static char jtmp[TPATHSIZ]; - struct stat statbuf; - int child, c, wstat; - - for (c = 'a'; c <= 'z'; c++) { - snprintf(jtmp, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c); - if (stat(jtmp, &statbuf) == 0 && statbuf.st_uid == uid) - break; - } - - if (c > 'z') - return; - - if ((child = fork()) == 0) { - execl(CLEANTMPCMD, CLEANTMPCMD, login, jtmp, (char *)NULL); - fatal("cray_delete_tmpdir: execl of CLEANTMPCMD failed"); - } - - while (waitpid(child, &wstat, 0) == -1 && errno == EINTR) - ; -} - -/* - * Remove tmpdir on job termination. - */ -void -cray_job_termination_handler(int sig) -{ - int jid; - char *login = NULL; - struct jtab jtab; - - if ((jid = waitjob(&jtab)) == -1 || - (login = uid2nam(jtab.j_uid)) == NULL) - return; - - cray_delete_tmpdir(login, jid, jtab.j_uid); -} - -/* - * Set job id and create tmpdir directory. - */ -void -cray_init_job(struct passwd *pw) -{ - int jid; - int c; - - jid = setjob(pw->pw_uid, WJSIGNAL); - if (jid < 0) - fatal("System call setjob failure"); - - for (c = 'a'; c <= 'z'; c++) { - snprintf(cray_tmpdir, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c); - if (mkdir(cray_tmpdir, JTMPMODE) != 0) - continue; - if (chown(cray_tmpdir, pw->pw_uid, pw->pw_gid) != 0) { - rmdir(cray_tmpdir); - continue; - } - break; - } - - if (c > 'z') - cray_tmpdir[0] = '\0'; -} - -void -cray_set_tmpdir(struct utmp *ut) -{ - int jid; - struct jtab jbuf; - - if ((jid = getjtab(&jbuf)) < 0) - return; - - /* - * Set jid and tmpdir in utmp record. - */ - ut->ut_jid = jid; - strncpy(ut->ut_tpath, cray_tmpdir, TPATHSIZ); -} -#endif /* UNICOS */ - -#ifdef _UNICOSMP -#include -/* - * Set job id and create tmpdir directory. - */ -void -cray_init_job(struct passwd *pw) -{ - initrm_silent(pw->pw_uid); - return; -} -#endif /* _UNICOSMP */ diff --git a/openbsd-compat/bsd-cray.h b/openbsd-compat/bsd-cray.h deleted file mode 100644 index ca626a021c1a..000000000000 --- a/openbsd-compat/bsd-cray.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 2002, Cray Inc. (Wendy Palm ) - * Significant portions provided by - * Wayne Schroeder, SDSC - * William Jones, UTexas - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * Created: Apr 22 16.34:00 2002 wp - * - * This file contains functions required for proper execution - * on UNICOS systems. - * - */ - -#ifndef _BSD_CRAY_H -#define _BSD_CRAY_H - -#ifdef _UNICOS - -void cray_init_job(struct passwd *); -void cray_job_termination_handler(int); -void cray_login_failure(char *, int ); -int cray_access_denied(char *); -extern char cray_tmpdir[]; - -#define CUSTOM_FAILED_LOGIN 1 - -#ifndef IA_SSHD -# define IA_SSHD IA_LOGIN -#endif -#ifndef MAXHOSTNAMELEN -# define MAXHOSTNAMELEN 64 -#endif -#ifndef _CRAYT3E -# define TIOCGPGRP (tIOC|20) -#endif - -#endif /* UNICOS */ - -#endif /* _BSD_CRAY_H */ diff --git a/openbsd-compat/bsd-flock.c b/openbsd-compat/bsd-flock.c new file mode 100644 index 000000000000..9b15d1eaf49e --- /dev/null +++ b/openbsd-compat/bsd-flock.c @@ -0,0 +1,81 @@ +/* $NetBSD: flock.c,v 1.6 2008/04/28 20:24:12 martin Exp $ */ + +/*- + * Copyright (c) 2001 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Todd Vierling. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * Emulate flock() with fcntl(), where available. + * Otherwise, don't do locking; just pretend success. + */ + +#include "includes.h" + +#ifndef HAVE_FLOCK +#include +#include + +int +flock(int fd, int op) +{ + int rc = 0; + +#if defined(F_SETLK) && defined(F_SETLKW) + struct flock fl = {0}; + + switch (op & (LOCK_EX|LOCK_SH|LOCK_UN)) { + case LOCK_EX: + fl.l_type = F_WRLCK; + break; + + case LOCK_SH: + fl.l_type = F_RDLCK; + break; + + case LOCK_UN: + fl.l_type = F_UNLCK; + break; + + default: + errno = EINVAL; + return -1; + } + + fl.l_whence = SEEK_SET; + rc = fcntl(fd, op & LOCK_NB ? F_SETLK : F_SETLKW, &fl); + + if (rc && (errno == EAGAIN)) + errno = EWOULDBLOCK; +#else + rc = -1; + errno = ENOSYS; +#endif + + return rc; +} +#endif diff --git a/openbsd-compat/bsd-getpagesize.c b/openbsd-compat/bsd-getpagesize.c index 9daddfbd3865..416a8d4cb72f 100644 --- a/openbsd-compat/bsd-getpagesize.c +++ b/openbsd-compat/bsd-getpagesize.c @@ -1,5 +1,7 @@ /* Placed in the public domain */ +#include "includes.h" + #ifndef HAVE_GETPAGESIZE #include diff --git a/openbsd-compat/bsd-malloc.c b/openbsd-compat/bsd-malloc.c index 6402ab588b09..482facdc9a34 100644 --- a/openbsd-compat/bsd-malloc.c +++ b/openbsd-compat/bsd-malloc.c @@ -50,6 +50,8 @@ rpl_realloc(void *ptr, size_t size) { if (size == 0) size = 1; + if (ptr == 0) + return malloc(size); return realloc(ptr, size); } #endif diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index 29f6ad38c5a1..3daf610711a3 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -104,16 +104,6 @@ const char *strerror(int e) } #endif -#if !defined(HAVE_STRSIGNAL) -char *strsignal(int sig) -{ - static char buf[16]; - - (void)snprintf(buf, sizeof(buf), "%d", sig); - return buf; -} -#endif - #ifndef HAVE_UTIMES int utimes(char *filename, struct timeval *tvp) { @@ -221,33 +211,6 @@ tcsendbreak(int fd, int duration) } #endif /* HAVE_TCSENDBREAK */ -mysig_t -mysignal(int sig, mysig_t act) -{ -#ifdef HAVE_SIGACTION - struct sigaction sa, osa; - - if (sigaction(sig, NULL, &osa) == -1) - return (mysig_t) -1; - if (osa.sa_handler != act) { - memset(&sa, 0, sizeof(sa)); - sigemptyset(&sa.sa_mask); - sa.sa_flags = 0; -#ifdef SA_INTERRUPT - if (sig == SIGALRM) - sa.sa_flags |= SA_INTERRUPT; -#endif - sa.sa_handler = act; - if (sigaction(sig, &sa, NULL) == -1) - return (mysig_t) -1; - } - return (osa.sa_handler); -#else - #undef signal - return (signal(sig, act)); -#endif -} - #ifndef HAVE_STRDUP char * strdup(const char *str) @@ -275,7 +238,7 @@ isblank(int c) pid_t getpgid(pid_t pid) { -#if defined(HAVE_GETPGRP) && !defined(GETPGRP_VOID) +#if defined(HAVE_GETPGRP) && !defined(GETPGRP_VOID) && GETPGRP_VOID == 0 return getpgrp(pid); #elif defined(HAVE_GETPGRP) if (pid == 0) @@ -319,3 +282,45 @@ llabs(long long j) return (j < 0 ? -j : j); } #endif + +#ifndef HAVE_BZERO +void +bzero(void *b, size_t n) +{ + (void)memset(b, 0, n); +} +#endif + +#ifndef HAVE_RAISE +int +raise(int sig) +{ + kill(getpid(), sig); +} +#endif + +#ifndef HAVE_GETSID +pid_t +getsid(pid_t pid) +{ + errno = ENOSYS; + return -1; +} +#endif + +#ifdef FFLUSH_NULL_BUG +#undef fflush +int _ssh_compat_fflush(FILE *f) +{ + int r1, r2, r3; + + if (f == NULL) { + r2 = fflush(stdout); + r3 = fflush(stderr); + if (r1 == -1 || r2 == -1 || r3 == -1) + return -1; + return 0; + } + return fflush(f); +} +#endif diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index 0b1a3504f2cc..52ec528538b5 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -49,10 +49,6 @@ int setegid(uid_t); const char *strerror(int); #endif -#if !defined(HAVE_STRSIGNAL) -char *strsignal(int); -#endif - #if !defined(HAVE_SETLINEBUF) #define setlinebuf(a) (setvbuf((a), NULL, _IOLBF, 0)) #endif @@ -98,12 +94,6 @@ int tcsendbreak(int, int); int unsetenv(const char *); #endif -/* wrapper for signal interface */ -typedef void (*mysig_t)(int); -mysig_t mysignal(int sig, mysig_t act); - -#define signal(a,b) mysignal(a,b) - #ifndef HAVE_ISBLANK int isblank(int); #endif @@ -143,4 +133,28 @@ void warn(const char *, ...) __attribute__((format(printf, 1, 2))); long long llabs(long long); #endif +#if defined(HAVE_DECL_BZERO) && HAVE_DECL_BZERO == 0 +void bzero(void *, size_t); +#endif + +#ifndef HAVE_RAISE +int raise(int); +#endif + +#ifndef HAVE_GETSID +pid_t getsid(pid_t); +#endif + +#ifndef HAVE_FLOCK +# define LOCK_SH 0x01 +# define LOCK_EX 0x02 +# define LOCK_NB 0x04 +# define LOCK_UN 0x08 +int flock(int, int); +#endif + +#ifdef FFLUSH_NULL_BUG +# define fflush(x) (_ssh_compat_fflush(x)) +#endif + #endif /* _BSD_MISC_H */ diff --git a/openbsd-compat/bsd-openpty.c b/openbsd-compat/bsd-openpty.c index b28235860e7a..e8ad542f8d55 100644 --- a/openbsd-compat/bsd-openpty.c +++ b/openbsd-compat/bsd-openpty.c @@ -147,31 +147,6 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp, } return (0); -#elif defined(_UNICOS) - char ptbuf[64], ttbuf[64]; - int i; - int highpty; - - highpty = 128; -#ifdef _SC_CRAY_NPTY - if ((highpty = sysconf(_SC_CRAY_NPTY)) == -1) - highpty = 128; -#endif /* _SC_CRAY_NPTY */ - - for (i = 0; i < highpty; i++) { - snprintf(ptbuf, sizeof(ptbuf), "/dev/pty/%03d", i); - snprintf(ttbuf, sizeof(ttbuf), "/dev/ttyp%03d", i); - if ((*amaster = open(ptbuf, O_RDWR|O_NOCTTY)) == -1) - continue; - /* Open the slave side. */ - if ((*aslave = open(ttbuf, O_RDWR|O_NOCTTY)) == -1) { - close(*amaster); - return (-1); - } - return (0); - } - return (-1); - #else /* BSD-style pty code. */ char ptbuf[64], ttbuf[64]; diff --git a/openbsd-compat/bsd-signal.c b/openbsd-compat/bsd-signal.c new file mode 100644 index 000000000000..979010e84b5f --- /dev/null +++ b/openbsd-compat/bsd-signal.c @@ -0,0 +1,62 @@ +/* + * Copyright (c) 1999-2004 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include +#include +#include + +#include "openbsd-compat/bsd-signal.h" + +#undef signal + +mysig_t +mysignal(int sig, mysig_t act) +{ +#ifdef HAVE_SIGACTION + struct sigaction sa, osa; + + if (sigaction(sig, NULL, &osa) == -1) + return (mysig_t) -1; + if (osa.sa_handler != act) { + memset(&sa, 0, sizeof(sa)); + sigemptyset(&sa.sa_mask); + sa.sa_flags = 0; +#ifdef SA_INTERRUPT + if (sig == SIGALRM) + sa.sa_flags |= SA_INTERRUPT; +#endif + sa.sa_handler = act; + if (sigaction(sig, &sa, NULL) == -1) + return (mysig_t) -1; + } + return (osa.sa_handler); +#else + return (signal(sig, act)); +#endif +} + +#if !defined(HAVE_STRSIGNAL) +char *strsignal(int sig) +{ + static char buf[16]; + + (void)snprintf(buf, sizeof(buf), "%d", sig); + return buf; +} +#endif + diff --git a/openbsd-compat/bsd-signal.h b/openbsd-compat/bsd-signal.h new file mode 100644 index 000000000000..4cb8cb7a0b92 --- /dev/null +++ b/openbsd-compat/bsd-signal.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 1999-2004 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _BSD_SIGNAL_H +#define _BSD_SIGNAL_H + +#include "includes.h" + +#ifndef _NSIG +# ifdef NSIG +# define _NSIG NSIG +# else +# define _NSIG 128 +# endif +#endif + +/* wrapper for signal interface */ +typedef void (*mysig_t)(int); +mysig_t mysignal(int sig, mysig_t act); +#define signal(a,b) mysignal(a,b) + +#if !defined(HAVE_STRSIGNAL) +char *strsignal(int); +#endif + +#endif /* _BSD_SIGNAL_H */ diff --git a/openbsd-compat/bsd-statvfs.c b/openbsd-compat/bsd-statvfs.c index 458dbe89c16c..e3bd87d985a3 100644 --- a/openbsd-compat/bsd-statvfs.c +++ b/openbsd-compat/bsd-statvfs.c @@ -25,6 +25,10 @@ #include +#ifndef MNAMELEN +# define MNAMELEN 32 +#endif + static void copy_statfs_to_statvfs(struct statvfs *to, struct statfs *from) { @@ -37,7 +41,11 @@ copy_statfs_to_statvfs(struct statvfs *to, struct statfs *from) to->f_ffree = from->f_ffree; to->f_favail = from->f_ffree; /* no exact equivalent */ to->f_fsid = 0; /* XXX fix me */ +#ifdef HAVE_STRUCT_STATFS_F_FLAGS to->f_flag = from->f_flags; +#else + to->f_flag = 0; +#endif to->f_namemax = MNAMELEN; } diff --git a/openbsd-compat/bsd-statvfs.h b/openbsd-compat/bsd-statvfs.h index 815ec03b280d..e2a4c15f7039 100644 --- a/openbsd-compat/bsd-statvfs.h +++ b/openbsd-compat/bsd-statvfs.h @@ -26,6 +26,9 @@ #ifdef HAVE_SYS_STATFS_H #include #endif +#ifdef HAVE_SYS_VFS_H +#include +#endif #ifndef HAVE_FSBLKCNT_T typedef unsigned long fsblkcnt_t; diff --git a/openbsd-compat/freezero.c b/openbsd-compat/freezero.c index 3af8f4a733e9..90b9d3813566 100644 --- a/openbsd-compat/freezero.c +++ b/openbsd-compat/freezero.c @@ -16,11 +16,15 @@ #include "includes.h" +#include + #ifndef HAVE_FREEZERO void freezero(void *ptr, size_t sz) { + if (ptr == NULL) + return; explicit_bzero(ptr, sz); free(ptr); } diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index cac799e8446f..b48fb9342d19 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -170,15 +170,24 @@ int BSDgetopt(int argc, char * const *argv, const char *opts); #include "openbsd-compat/getopt.h" #endif -#if defined(HAVE_DECL_WRITEV) && HAVE_DECL_WRITEV == 0 +#if ((defined(HAVE_DECL_READV) && HAVE_DECL_READV == 0) || \ + (defined(HAVE_DECL_WRITEV) && HAVE_DECL_WRITEV == 0)) # include # include + +# if defined(HAVE_DECL_READV) && HAVE_DECL_READV == 0 +int readv(int, struct iovec *, int); +# endif + +# if defined(HAVE_DECL_WRITEV) && HAVE_DECL_WRITEV == 0 int writev(int, struct iovec *, int); +# endif #endif /* Home grown routines */ #include "bsd-misc.h" #include "bsd-setres_id.h" +#include "bsd-signal.h" #include "bsd-statvfs.h" #include "bsd-waitpid.h" #include "bsd-poll.h" @@ -315,14 +324,13 @@ char *shadow_pw(struct passwd *pw); #include "fake-rfc2553.h" /* Routines for a single OS platform */ -#include "bsd-cray.h" #include "bsd-cygwin_util.h" #include "port-aix.h" #include "port-irix.h" #include "port-linux.h" #include "port-solaris.h" -#include "port-tun.h" +#include "port-net.h" #include "port-uw.h" /* _FORTIFY_SOURCE breaks FD_ISSET(n)/FD_SET(n) for n > FD_SETSIZE. Avoid. */ diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index c2970c4db8c7..79c868966996 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -32,6 +32,7 @@ #include "hostfile.h" #include "auth.h" #include "ssh.h" +#include "ssh_api.h" #include "log.h" #ifdef _AIX @@ -171,8 +172,9 @@ aix_valid_authentications(const char *user) * returns 0. */ int -sys_auth_passwd(Authctxt *ctxt, const char *password) +sys_auth_passwd(struct ssh *ssh, const char *password) { + Authctxt *ctxt = ssh->authctxt; char *authmsg = NULL, *msg = NULL, *name = ctxt->pw->pw_name; int authsuccess = 0, expired, reenter, result; diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index e4c5d1b7c089..8c5325cc3ed5 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -33,7 +33,6 @@ #ifdef WITH_SELINUX #include -#include #include #ifndef SSH_SELINUX_UNCONFINED_TYPE @@ -139,6 +138,7 @@ ssh_selinux_setup_pty(char *pwname, const char *tty) security_context_t new_tty_ctx = NULL; security_context_t user_ctx = NULL; security_context_t old_tty_ctx = NULL; + security_class_t chrclass; if (!ssh_selinux_enabled()) return; @@ -153,9 +153,12 @@ ssh_selinux_setup_pty(char *pwname, const char *tty) error("%s: getfilecon: %s", __func__, strerror(errno)); goto out; } - + if ((chrclass = string_to_security_class("chr_file")) == 0) { + error("%s: couldn't get security class for chr_file", __func__); + goto out; + } if (security_compute_relabel(user_ctx, old_tty_ctx, - SECCLASS_CHR_FILE, &new_tty_ctx) != 0) { + chrclass, &new_tty_ctx) != 0) { error("%s: security_compute_relabel: %s", __func__, strerror(errno)); goto out; diff --git a/openbsd-compat/port-net.c b/openbsd-compat/port-net.c new file mode 100644 index 000000000000..7050629c31f7 --- /dev/null +++ b/openbsd-compat/port-net.c @@ -0,0 +1,374 @@ +/* + * Copyright (c) 2005 Reyk Floeter + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include +#include + +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "openbsd-compat/sys-queue.h" +#include "log.h" +#include "misc.h" +#include "sshbuf.h" +#include "channels.h" +#include "ssherr.h" + +/* + * This file contains various portability code for network support, + * including tun/tap forwarding and routing domains. + */ + +#if defined(SYS_RDOMAIN_LINUX) || defined(SSH_TUN_LINUX) +#include +#endif + +#if defined(SYS_RDOMAIN_LINUX) +char * +sys_get_rdomain(int fd) +{ + char dev[IFNAMSIZ + 1]; + socklen_t len = sizeof(dev) - 1; + + if (getsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, dev, &len) == -1) { + error("%s: cannot determine VRF for fd=%d : %s", + __func__, fd, strerror(errno)); + return NULL; + } + dev[len] = '\0'; + return strdup(dev); +} + +int +sys_set_rdomain(int fd, const char *name) +{ + if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, + name, strlen(name)) == -1) { + error("%s: setsockopt(%d, SO_BINDTODEVICE, %s): %s", + __func__, fd, name, strerror(errno)); + return -1; + } + return 0; +} + +int +sys_valid_rdomain(const char *name) +{ + int fd; + + /* + * This is a pretty crappy way to test. It would be better to + * check whether "name" represents a VRF device, but apparently + * that requires an rtnetlink transaction. + */ + if ((fd = socket(AF_INET, SOCK_STREAM, 0)) == -1) + return 0; + if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, + name, strlen(name)) == -1) { + close(fd); + return 0; + } + close(fd); + return 1; +} +#elif defined(SYS_RDOMAIN_XXX) +/* XXX examples */ +char * +sys_get_rdomain(int fd) +{ + return NULL; +} + +int +sys_set_rdomain(int fd, const char *name) +{ + return -1; +} + +int +valid_rdomain(const char *name) +{ + return 0; +} + +void +sys_set_process_rdomain(const char *name) +{ + fatal("%s: not supported", __func__); +} +#endif /* defined(SYS_RDOMAIN_XXX) */ + +/* + * This is the portable version of the SSH tunnel forwarding, it + * uses some preprocessor definitions for various platform-specific + * settings. + * + * SSH_TUN_LINUX Use the (newer) Linux tun/tap device + * SSH_TUN_FREEBSD Use the FreeBSD tun/tap device + * SSH_TUN_COMPAT_AF Translate the OpenBSD address family + * SSH_TUN_PREPEND_AF Prepend/remove the address family + */ + +/* + * System-specific tunnel open function + */ + +#if defined(SSH_TUN_LINUX) +#include + +int +sys_tun_open(int tun, int mode, char **ifname) +{ + struct ifreq ifr; + int fd = -1; + const char *name = NULL; + + if (ifname != NULL) + *ifname = NULL; + + if ((fd = open("/dev/net/tun", O_RDWR)) == -1) { + debug("%s: failed to open tunnel control interface: %s", + __func__, strerror(errno)); + return (-1); + } + + bzero(&ifr, sizeof(ifr)); + + if (mode == SSH_TUNMODE_ETHERNET) { + ifr.ifr_flags = IFF_TAP; + name = "tap%d"; + } else { + ifr.ifr_flags = IFF_TUN; + name = "tun%d"; + } + ifr.ifr_flags |= IFF_NO_PI; + + if (tun != SSH_TUNID_ANY) { + if (tun > SSH_TUNID_MAX) { + debug("%s: invalid tunnel id %x: %s", __func__, + tun, strerror(errno)); + goto failed; + } + snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), name, tun); + } + + if (ioctl(fd, TUNSETIFF, &ifr) == -1) { + debug("%s: failed to configure tunnel (mode %d): %s", __func__, + mode, strerror(errno)); + goto failed; + } + + if (tun == SSH_TUNID_ANY) + debug("%s: tunnel mode %d fd %d", __func__, mode, fd); + else + debug("%s: %s mode %d fd %d", __func__, ifr.ifr_name, mode, fd); + + if (ifname != NULL && (*ifname = strdup(ifr.ifr_name))) + goto failed; + + return (fd); + + failed: + close(fd); + return (-1); +} +#endif /* SSH_TUN_LINUX */ + +#ifdef SSH_TUN_FREEBSD +#include +#include + +#ifdef HAVE_NET_IF_TUN_H +#include +#endif + +int +sys_tun_open(int tun, int mode, char **ifname) +{ + struct ifreq ifr; + char name[100]; + int fd = -1, sock, flag; + const char *tunbase = "tun"; + + if (ifname != NULL) + *ifname = NULL; + + if (mode == SSH_TUNMODE_ETHERNET) { +#ifdef SSH_TUN_NO_L2 + debug("%s: no layer 2 tunnelling support", __func__); + return (-1); +#else + tunbase = "tap"; +#endif + } + + /* Open the tunnel device */ + if (tun <= SSH_TUNID_MAX) { + snprintf(name, sizeof(name), "/dev/%s%d", tunbase, tun); + fd = open(name, O_RDWR); + } else if (tun == SSH_TUNID_ANY) { + for (tun = 100; tun >= 0; tun--) { + snprintf(name, sizeof(name), "/dev/%s%d", + tunbase, tun); + if ((fd = open(name, O_RDWR)) >= 0) + break; + } + } else { + debug("%s: invalid tunnel %u\n", __func__, tun); + return (-1); + } + + if (fd < 0) { + debug("%s: %s open failed: %s", __func__, name, + strerror(errno)); + return (-1); + } + + /* Turn on tunnel headers */ + flag = 1; +#if defined(TUNSIFHEAD) && !defined(SSH_TUN_PREPEND_AF) + if (mode != SSH_TUNMODE_ETHERNET && + ioctl(fd, TUNSIFHEAD, &flag) == -1) { + debug("%s: ioctl(%d, TUNSIFHEAD, 1): %s", __func__, fd, + strerror(errno)); + close(fd); + } +#endif + + debug("%s: %s mode %d fd %d", __func__, name, mode, fd); + + /* Set the tunnel device operation mode */ + snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", tunbase, tun); + if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) + goto failed; + + if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) + goto failed; + if ((ifr.ifr_flags & IFF_UP) == 0) { + ifr.ifr_flags |= IFF_UP; + if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) + goto failed; + } + + if (ifname != NULL && (*ifname = strdup(ifr.ifr_name))) + goto failed; + + close(sock); + return (fd); + + failed: + if (fd >= 0) + close(fd); + if (sock >= 0) + close(sock); + debug("%s: failed to set %s mode %d: %s", __func__, name, + mode, strerror(errno)); + return (-1); +} +#endif /* SSH_TUN_FREEBSD */ + +/* + * System-specific channel filters + */ + +#if defined(SSH_TUN_FILTER) +/* + * The tunnel forwarding protocol prepends the address family of forwarded + * IP packets using OpenBSD's numbers. + */ +#define OPENBSD_AF_INET 2 +#define OPENBSD_AF_INET6 24 + +int +sys_tun_infilter(struct ssh *ssh, struct Channel *c, char *buf, int _len) +{ + int r; + size_t len; + char *ptr = buf; +#if defined(SSH_TUN_PREPEND_AF) + char rbuf[CHAN_RBUF]; + struct ip iph; +#endif +#if defined(SSH_TUN_PREPEND_AF) || defined(SSH_TUN_COMPAT_AF) + u_int32_t af; +#endif + + /* XXX update channel input filter API to use unsigned length */ + if (_len < 0) + return -1; + len = _len; + +#if defined(SSH_TUN_PREPEND_AF) + if (len <= sizeof(iph) || len > sizeof(rbuf) - 4) + return -1; + /* Determine address family from packet IP header. */ + memcpy(&iph, buf, sizeof(iph)); + af = iph.ip_v == 6 ? OPENBSD_AF_INET6 : OPENBSD_AF_INET; + /* Prepend address family to packet using OpenBSD constants */ + memcpy(rbuf + 4, buf, len); + len += 4; + POKE_U32(rbuf, af); + ptr = rbuf; +#elif defined(SSH_TUN_COMPAT_AF) + /* Convert existing address family header to OpenBSD value */ + if (len <= 4) + return -1; + af = PEEK_U32(buf); + /* Put it back */ + POKE_U32(buf, af == AF_INET6 ? OPENBSD_AF_INET6 : OPENBSD_AF_INET); +#endif + + if ((r = sshbuf_put_string(c->input, ptr, len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + return (0); +} + +u_char * +sys_tun_outfilter(struct ssh *ssh, struct Channel *c, + u_char **data, size_t *dlen) +{ + u_char *buf; + u_int32_t af; + int r; + + /* XXX new API is incompatible with this signature. */ + if ((r = sshbuf_get_string(c->output, data, dlen)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (*dlen < sizeof(af)) + return (NULL); + buf = *data; + +#if defined(SSH_TUN_PREPEND_AF) + /* skip address family */ + *dlen -= sizeof(af); + buf = *data + sizeof(af); +#elif defined(SSH_TUN_COMPAT_AF) + /* translate address family */ + af = (PEEK_U32(buf) == OPENBSD_AF_INET6) ? AF_INET6 : AF_INET; + POKE_U32(buf, af); +#endif + return (buf); +} +#endif /* SSH_TUN_FILTER */ diff --git a/openbsd-compat/port-net.h b/openbsd-compat/port-net.h new file mode 100644 index 000000000000..3a0d1104bf6d --- /dev/null +++ b/openbsd-compat/port-net.h @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2005 Reyk Floeter + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _PORT_TUN_H +#define _PORT_TUN_H + +struct Channel; +struct ssh; + +#if defined(SSH_TUN_LINUX) || defined(SSH_TUN_FREEBSD) +# define CUSTOM_SYS_TUN_OPEN +int sys_tun_open(int, int, char **); +#endif + +#if defined(SSH_TUN_COMPAT_AF) || defined(SSH_TUN_PREPEND_AF) +# define SSH_TUN_FILTER +int sys_tun_infilter(struct ssh *, struct Channel *, char *, int); +u_char *sys_tun_outfilter(struct ssh *, struct Channel *, u_char **, size_t *); +#endif + +#if defined(SYS_RDOMAIN_LINUX) +# define HAVE_SYS_GET_RDOMAIN +# define HAVE_SYS_SET_RDOMAIN +# define HAVE_SYS_VALID_RDOMAIN +char *sys_get_rdomain(int fd); +int sys_set_rdomain(int fd, const char *name); +int sys_valid_rdomain(const char *name); +#endif + +#if defined(SYS_RDOMAIN_XXX) +# define HAVE_SYS_SET_PROCESS_RDOMAIN +void sys_set_process_rdomain(const char *name); +#endif + +#endif diff --git a/openbsd-compat/port-tun.c b/openbsd-compat/port-tun.c deleted file mode 100644 index 7579c6084a1f..000000000000 --- a/openbsd-compat/port-tun.c +++ /dev/null @@ -1,279 +0,0 @@ -/* - * Copyright (c) 2005 Reyk Floeter - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include -#include - -#include -#include -#include - -#include -#include -#include -#include -#include - -#include "openbsd-compat/sys-queue.h" -#include "log.h" -#include "misc.h" -#include "sshbuf.h" -#include "channels.h" -#include "ssherr.h" - -/* - * This is the portable version of the SSH tunnel forwarding, it - * uses some preprocessor definitions for various platform-specific - * settings. - * - * SSH_TUN_LINUX Use the (newer) Linux tun/tap device - * SSH_TUN_FREEBSD Use the FreeBSD tun/tap device - * SSH_TUN_COMPAT_AF Translate the OpenBSD address family - * SSH_TUN_PREPEND_AF Prepend/remove the address family - */ - -/* - * System-specific tunnel open function - */ - -#if defined(SSH_TUN_LINUX) -#include -#include - -int -sys_tun_open(int tun, int mode) -{ - struct ifreq ifr; - int fd = -1; - const char *name = NULL; - - if ((fd = open("/dev/net/tun", O_RDWR)) == -1) { - debug("%s: failed to open tunnel control interface: %s", - __func__, strerror(errno)); - return (-1); - } - - bzero(&ifr, sizeof(ifr)); - - if (mode == SSH_TUNMODE_ETHERNET) { - ifr.ifr_flags = IFF_TAP; - name = "tap%d"; - } else { - ifr.ifr_flags = IFF_TUN; - name = "tun%d"; - } - ifr.ifr_flags |= IFF_NO_PI; - - if (tun != SSH_TUNID_ANY) { - if (tun > SSH_TUNID_MAX) { - debug("%s: invalid tunnel id %x: %s", __func__, - tun, strerror(errno)); - goto failed; - } - snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), name, tun); - } - - if (ioctl(fd, TUNSETIFF, &ifr) == -1) { - debug("%s: failed to configure tunnel (mode %d): %s", __func__, - mode, strerror(errno)); - goto failed; - } - - if (tun == SSH_TUNID_ANY) - debug("%s: tunnel mode %d fd %d", __func__, mode, fd); - else - debug("%s: %s mode %d fd %d", __func__, ifr.ifr_name, mode, fd); - - return (fd); - - failed: - close(fd); - return (-1); -} -#endif /* SSH_TUN_LINUX */ - -#ifdef SSH_TUN_FREEBSD -#include -#include - -#ifdef HAVE_NET_IF_TUN_H -#include -#endif - -int -sys_tun_open(int tun, int mode) -{ - struct ifreq ifr; - char name[100]; - int fd = -1, sock, flag; - const char *tunbase = "tun"; - - if (mode == SSH_TUNMODE_ETHERNET) { -#ifdef SSH_TUN_NO_L2 - debug("%s: no layer 2 tunnelling support", __func__); - return (-1); -#else - tunbase = "tap"; -#endif - } - - /* Open the tunnel device */ - if (tun <= SSH_TUNID_MAX) { - snprintf(name, sizeof(name), "/dev/%s%d", tunbase, tun); - fd = open(name, O_RDWR); - } else if (tun == SSH_TUNID_ANY) { - for (tun = 100; tun >= 0; tun--) { - snprintf(name, sizeof(name), "/dev/%s%d", - tunbase, tun); - if ((fd = open(name, O_RDWR)) >= 0) - break; - } - } else { - debug("%s: invalid tunnel %u\n", __func__, tun); - return (-1); - } - - if (fd < 0) { - debug("%s: %s open failed: %s", __func__, name, - strerror(errno)); - return (-1); - } - - /* Turn on tunnel headers */ - flag = 1; -#if defined(TUNSIFHEAD) && !defined(SSH_TUN_PREPEND_AF) - if (mode != SSH_TUNMODE_ETHERNET && - ioctl(fd, TUNSIFHEAD, &flag) == -1) { - debug("%s: ioctl(%d, TUNSIFHEAD, 1): %s", __func__, fd, - strerror(errno)); - close(fd); - } -#endif - - debug("%s: %s mode %d fd %d", __func__, name, mode, fd); - - /* Set the tunnel device operation mode */ - snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", tunbase, tun); - if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) - goto failed; - - if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) - goto failed; - if ((ifr.ifr_flags & IFF_UP) == 0) { - ifr.ifr_flags |= IFF_UP; - if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) - goto failed; - } - - close(sock); - return (fd); - - failed: - if (fd >= 0) - close(fd); - if (sock >= 0) - close(sock); - debug("%s: failed to set %s mode %d: %s", __func__, name, - mode, strerror(errno)); - return (-1); -} -#endif /* SSH_TUN_FREEBSD */ - -/* - * System-specific channel filters - */ - -#if defined(SSH_TUN_FILTER) -/* - * The tunnel forwarding protocol prepends the address family of forwarded - * IP packets using OpenBSD's numbers. - */ -#define OPENBSD_AF_INET 2 -#define OPENBSD_AF_INET6 24 - -int -sys_tun_infilter(struct ssh *ssh, struct Channel *c, char *buf, int _len) -{ - int r; - size_t len; - char *ptr = buf; -#if defined(SSH_TUN_PREPEND_AF) - char rbuf[CHAN_RBUF]; - struct ip iph; -#endif -#if defined(SSH_TUN_PREPEND_AF) || defined(SSH_TUN_COMPAT_AF) - u_int32_t af; -#endif - - /* XXX update channel input filter API to use unsigned length */ - if (_len < 0) - return -1; - len = _len; - -#if defined(SSH_TUN_PREPEND_AF) - if (len <= sizeof(iph) || len > sizeof(rbuf) - 4) - return -1; - /* Determine address family from packet IP header. */ - memcpy(&iph, buf, sizeof(iph)); - af = iph.ip_v == 6 ? OPENBSD_AF_INET6 : OPENBSD_AF_INET; - /* Prepend address family to packet using OpenBSD constants */ - memcpy(rbuf + 4, buf, len); - len += 4; - POKE_U32(rbuf, af); - ptr = rbuf; -#elif defined(SSH_TUN_COMPAT_AF) - /* Convert existing address family header to OpenBSD value */ - if (len <= 4) - return -1; - af = PEEK_U32(buf); - /* Put it back */ - POKE_U32(buf, af == AF_INET6 ? OPENBSD_AF_INET6 : OPENBSD_AF_INET); -#endif - - if ((r = sshbuf_put_string(c->input, ptr, len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - return (0); -} - -u_char * -sys_tun_outfilter(struct ssh *ssh, struct Channel *c, - u_char **data, size_t *dlen) -{ - u_char *buf; - u_int32_t af; - int r; - - /* XXX new API is incompatible with this signature. */ - if ((r = sshbuf_get_string(c->output, data, dlen)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - if (*dlen < sizeof(af)) - return (NULL); - buf = *data; - -#if defined(SSH_TUN_PREPEND_AF) - /* skip address family */ - *dlen -= sizeof(af); - buf = *data + sizeof(af); -#elif defined(SSH_TUN_COMPAT_AF) - /* translate address family */ - af = (PEEK_U32(buf) == OPENBSD_AF_INET6) ? AF_INET6 : AF_INET; - POKE_U32(buf, af); -#endif - return (buf); -} -#endif /* SSH_TUN_FILTER */ diff --git a/openbsd-compat/port-tun.h b/openbsd-compat/port-tun.h deleted file mode 100644 index 103514370fd3..000000000000 --- a/openbsd-compat/port-tun.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (c) 2005 Reyk Floeter - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _PORT_TUN_H -#define _PORT_TUN_H - -struct Channel; -struct ssh; - -#if defined(SSH_TUN_LINUX) || defined(SSH_TUN_FREEBSD) -# define CUSTOM_SYS_TUN_OPEN -int sys_tun_open(int, int); -#endif - -#if defined(SSH_TUN_COMPAT_AF) || defined(SSH_TUN_PREPEND_AF) -# define SSH_TUN_FILTER -int sys_tun_infilter(struct ssh *, struct Channel *, char *, int); -u_char *sys_tun_outfilter(struct ssh *, struct Channel *, u_char **, size_t *); -#endif - -#endif diff --git a/openbsd-compat/port-uw.c b/openbsd-compat/port-uw.c index db24dbb94414..014cac264b15 100644 --- a/openbsd-compat/port-uw.c +++ b/openbsd-compat/port-uw.c @@ -47,12 +47,14 @@ #include "hostfile.h" #include "auth.h" #include "ssh.h" +#include "ssh_api.h" int nischeck(char *); int -sys_auth_passwd(Authctxt *authctxt, const char *password) +sys_auth_passwd(struct ssh *ssh, const char *password) { + Authctxt *authctxt = ssh->authctxt; struct passwd *pw = authctxt->pw; char *salt; int result; diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c index 24aed6e46778..ff8ff3dec77f 100644 --- a/openbsd-compat/readpassphrase.c +++ b/openbsd-compat/readpassphrase.c @@ -46,14 +46,6 @@ # define _POSIX_VDISABLE VDISABLE #endif -#ifndef _NSIG -# ifdef NSIG -# define _NSIG NSIG -# else -# define _NSIG 128 -# endif -#endif - static volatile sig_atomic_t signo[_NSIG]; static void handler(int); diff --git a/openbsd-compat/regress/Makefile.in b/openbsd-compat/regress/Makefile.in index dabdb091211d..529331be5c26 100644 --- a/openbsd-compat/regress/Makefile.in +++ b/openbsd-compat/regress/Makefile.in @@ -1,5 +1,3 @@ -# $Id: Makefile.in,v 1.5 2014/06/17 13:06:08 dtucker Exp $ - sysconfdir=@sysconfdir@ piddir=@piddir@ srcdir=@srcdir@ diff --git a/openbsd-compat/strndup.c b/openbsd-compat/strndup.c new file mode 100644 index 000000000000..ebb4eccfb819 --- /dev/null +++ b/openbsd-compat/strndup.c @@ -0,0 +1,43 @@ +/* $OpenBSD: strndup.c,v 1.2 2015/08/31 02:53:57 guenther Exp $ */ + +/* + * Copyright (c) 2010 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "config.h" +#if !defined(HAVE_STRNDUP) || defined(BROKEN_STRNDUP) +#include + +#include +#include +#include + +char * +strndup(const char *str, size_t maxlen) +{ + char *copy; + size_t len; + + len = strnlen(str, maxlen); + copy = malloc(len + 1); + if (copy != NULL) { + (void)memcpy(copy, str, len); + copy[len] = '\0'; + } + + return copy; +} +DEF_WEAK(strndup); +#endif /* HAVE_STRNDUP */ diff --git a/openbsd-compat/strnlen.c b/openbsd-compat/strnlen.c index 93d515595c97..8cc6b96b59ce 100644 --- a/openbsd-compat/strnlen.c +++ b/openbsd-compat/strnlen.c @@ -19,7 +19,7 @@ /* OPENBSD ORIGINAL: lib/libc/string/strnlen.c */ #include "config.h" -#ifndef HAVE_STRNLEN +#if !defined(HAVE_STRNLEN) || defined(BROKEN_STRNLEN) #include #include diff --git a/opensshd.init.in b/opensshd.init.in index 3908566b793b..99e5a51ab8b7 100755 --- a/opensshd.init.in +++ b/opensshd.init.in @@ -17,7 +17,6 @@ PIDFILE=$piddir/sshd.pid PidFile=`grep "^PidFile" ${sysconfdir}/sshd_config | tr "=" " " | awk '{print $2}'` [ X$PidFile = X ] || PIDFILE=$PidFile SSH_KEYGEN=$prefix/bin/ssh-keygen -HOST_KEY_RSA1=$sysconfdir/ssh_host_key HOST_KEY_DSA=$sysconfdir/ssh_host_dsa_key HOST_KEY_RSA=$sysconfdir/ssh_host_rsa_key @COMMENT_OUT_ECC@HOST_KEY_ECDSA=$sysconfdir/ssh_host_ecdsa_key @@ -25,9 +24,6 @@ HOST_KEY_ED25519=$sysconfdir/ssh_host_ed25519_key checkkeys() { -@COMMENT_OUT_RSA1@ if [ ! -f $HOST_KEY_RSA1 ]; then -@COMMENT_OUT_RSA1@ ${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N "" -@COMMENT_OUT_RSA1@ fi if [ ! -f $HOST_KEY_DSA ]; then ${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N "" fi diff --git a/packet.c b/packet.c index f114ea52c648..4bfb507261a3 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.264 2017/09/12 06:32:07 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.269 2017/12/18 23:13:42 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -557,6 +557,18 @@ ssh_local_port(struct ssh *ssh) return ssh->local_port; } +/* Returns the routing domain of the input socket, or NULL if unavailable */ +const char * +ssh_packet_rdomain_in(struct ssh *ssh) +{ + if (ssh->rdomain_in != NULL) + return ssh->rdomain_in; + if (!ssh_packet_connection_is_on_socket(ssh)) + return NULL; + ssh->rdomain_in = get_rdomain(ssh->state->connection_in); + return ssh->rdomain_in; +} + /* Closes the connection and clears and frees internal data structures. */ static void @@ -1320,7 +1332,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) for (;;) { if (state->packet_timeout_ms != -1) { ms_to_timeval(&timeout, ms_remain); - gettimeofday(&start, NULL); + monotime_tv(&start); } if ((r = select(state->connection_in + 1, setp, NULL, NULL, timeoutp)) >= 0) @@ -1774,6 +1786,8 @@ ssh_packet_send_debug(struct ssh *ssh, const char *fmt,...) vsnprintf(buf, sizeof(buf), fmt, args); va_end(args); + debug3("sending debug message: %s", buf); + if ((r = sshpkt_start(ssh, SSH2_MSG_DEBUG)) != 0 || (r = sshpkt_put_u8(ssh, 0)) != 0 || /* always display */ (r = sshpkt_put_cstring(ssh, buf)) != 0 || @@ -1783,8 +1797,8 @@ ssh_packet_send_debug(struct ssh *ssh, const char *fmt,...) fatal("%s: %s", __func__, ssh_err(r)); } -static void -fmt_connection_id(struct ssh *ssh, char *s, size_t l) +void +sshpkt_fmt_connection_id(struct ssh *ssh, char *s, size_t l) { snprintf(s, l, "%.200s%s%s port %d", ssh->log_preamble ? ssh->log_preamble : "", @@ -1800,7 +1814,7 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r) { char remote_id[512]; - fmt_connection_id(ssh, remote_id, sizeof(remote_id)); + sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id)); switch (r) { case SSH_ERR_CONN_CLOSED: @@ -1862,7 +1876,7 @@ ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...) * Format the message. Note that the caller must make sure the * message is of limited size. */ - fmt_connection_id(ssh, remote_id, sizeof(remote_id)); + sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id)); va_start(args, fmt); vsnprintf(buf, sizeof(buf), fmt, args); va_end(args); @@ -1945,7 +1959,7 @@ ssh_packet_write_wait(struct ssh *ssh) for (;;) { if (state->packet_timeout_ms != -1) { ms_to_timeval(&timeout, ms_remain); - gettimeofday(&start, NULL); + monotime_tv(&start); } if ((ret = select(state->connection_out + 1, NULL, setp, NULL, timeoutp)) >= 0) @@ -2159,7 +2173,9 @@ kex_to_blob(struct sshbuf *m, struct kex *kex) if ((r = sshbuf_put_string(m, kex->session_id, kex->session_id_len)) != 0 || (r = sshbuf_put_u32(m, kex->we_need)) != 0 || + (r = sshbuf_put_cstring(m, kex->hostkey_alg)) != 0 || (r = sshbuf_put_u32(m, kex->hostkey_type)) != 0 || + (r = sshbuf_put_u32(m, kex->hostkey_nid)) != 0 || (r = sshbuf_put_u32(m, kex->kex_type)) != 0 || (r = sshbuf_put_stringb(m, kex->my)) != 0 || (r = sshbuf_put_stringb(m, kex->peer)) != 0 || @@ -2323,7 +2339,9 @@ kex_from_blob(struct sshbuf *m, struct kex **kexp) } if ((r = sshbuf_get_string(m, &kex->session_id, &kex->session_id_len)) != 0 || (r = sshbuf_get_u32(m, &kex->we_need)) != 0 || + (r = sshbuf_get_cstring(m, &kex->hostkey_alg, NULL)) != 0 || (r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_type)) != 0 || + (r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_nid)) != 0 || (r = sshbuf_get_u32(m, &kex->kex_type)) != 0 || (r = sshbuf_get_stringb(m, kex->my)) != 0 || (r = sshbuf_get_stringb(m, kex->peer)) != 0 || diff --git a/packet.h b/packet.h index 40837e9dbceb..a2ece67863a8 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.82 2017/09/12 06:32:07 djm Exp $ */ +/* $OpenBSD: packet.h,v 1.84 2017/12/10 05:55:29 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -61,6 +61,7 @@ struct ssh { int remote_port; char *local_ipaddr; int local_port; + char *rdomain_in; /* Optional preamble for log messages (e.g. username) */ char *log_preamble; @@ -162,6 +163,7 @@ const char *ssh_remote_ipaddr(struct ssh *); int ssh_remote_port(struct ssh *); const char *ssh_local_ipaddr(struct ssh *); int ssh_local_port(struct ssh *); +const char *ssh_packet_rdomain_in(struct ssh *); void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, u_int32_t); time_t ssh_packet_get_rekey_timeout(struct ssh *); @@ -200,6 +202,7 @@ int sshpkt_get_cstring(struct ssh *ssh, char **valp, size_t *lenp); int sshpkt_get_ec(struct ssh *ssh, EC_POINT *v, const EC_GROUP *g); int sshpkt_get_bignum2(struct ssh *ssh, BIGNUM *v); int sshpkt_get_end(struct ssh *ssh); +void sshpkt_fmt_connection_id(struct ssh *ssh, char *s, size_t l); const u_char *sshpkt_ptr(struct ssh *, size_t *lenp); /* OLD API */ diff --git a/pathnames.h b/pathnames.h index 1c221b01b47f..cb44caa4d384 100644 --- a/pathnames.h +++ b/pathnames.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pathnames.h,v 1.27 2017/05/05 10:42:49 naddy Exp $ */ +/* $OpenBSD: pathnames.h,v 1.28 2018/02/23 15:58:37 markus Exp $ */ /* * Author: Tatu Ylonen @@ -39,6 +39,7 @@ #define _PATH_HOST_DSA_KEY_FILE SSHDIR "/ssh_host_dsa_key" #define _PATH_HOST_ECDSA_KEY_FILE SSHDIR "/ssh_host_ecdsa_key" #define _PATH_HOST_ED25519_KEY_FILE SSHDIR "/ssh_host_ed25519_key" +#define _PATH_HOST_XMSS_KEY_FILE SSHDIR "/ssh_host_xmss_key" #define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key" #define _PATH_DH_MODULI SSHDIR "/moduli" @@ -75,6 +76,7 @@ #define _PATH_SSH_CLIENT_ID_ECDSA _PATH_SSH_USER_DIR "/id_ecdsa" #define _PATH_SSH_CLIENT_ID_RSA _PATH_SSH_USER_DIR "/id_rsa" #define _PATH_SSH_CLIENT_ID_ED25519 _PATH_SSH_USER_DIR "/id_ed25519" +#define _PATH_SSH_CLIENT_ID_XMSS _PATH_SSH_USER_DIR "/id_xmss" /* * Configuration file in user's home directory. This file need not be diff --git a/readconf.c b/readconf.c index f63894f9ca15..88051db5789b 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.279 2017/09/21 19:16:53 markus Exp $ */ +/* $OpenBSD: readconf.c,v 1.283 2018/02/23 15:58:37 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -156,7 +156,7 @@ typedef enum { oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, - oHostKeyAlgorithms, oBindAddress, oPKCS11Provider, + oHostKeyAlgorithms, oBindAddress, oBindInterface, oPKCS11Provider, oClearAllForwardings, oNoHostAuthenticationForLocalhost, oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, oAddressFamily, oGssAuthentication, oGssDelegateCreds, @@ -266,6 +266,7 @@ static struct { { "preferredauthentications", oPreferredAuthentications }, { "hostkeyalgorithms", oHostKeyAlgorithms }, { "bindaddress", oBindAddress }, + { "bindinterface", oBindInterface }, { "clearallforwardings", oClearAllForwardings }, { "enablesshkeysign", oEnableSSHKeysign }, { "verifyhostkeydns", oVerifyHostKeyDNS }, @@ -683,34 +684,6 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, return result; } -/* Check and prepare a domain name: removes trailing '.' and lowercases */ -static void -valid_domain(char *name, const char *filename, int linenum) -{ - size_t i, l = strlen(name); - u_char c, last = '\0'; - - if (l == 0) - fatal("%s line %d: empty hostname suffix", filename, linenum); - if (!isalpha((u_char)name[0]) && !isdigit((u_char)name[0])) - fatal("%s line %d: hostname suffix \"%.100s\" " - "starts with invalid character", filename, linenum, name); - for (i = 0; i < l; i++) { - c = tolower((u_char)name[i]); - name[i] = (char)c; - if (last == '.' && c == '.') - fatal("%s line %d: hostname suffix \"%.100s\" contains " - "consecutive separators", filename, linenum, name); - if (c != '.' && c != '-' && !isalnum(c) && - c != '_') /* technically invalid, but common */ - fatal("%s line %d: hostname suffix \"%.100s\" contains " - "invalid characters", filename, linenum, name); - last = c; - } - if (name[l - 1] == '.') - name[l - 1] = '\0'; -} - /* * Returns the number of the token pointed to by cp or oBadOption. */ @@ -845,6 +818,7 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host, const struct multistate *multistate_ptr; struct allowed_cname *cname; glob_t gl; + const char *errstr; if (activep == NULL) { /* We are processing a command line directive */ cmdline = 1; @@ -1126,6 +1100,10 @@ parse_char_array: charptr = &options->bind_address; goto parse_string; + case oBindInterface: + charptr = &options->bind_interface; + goto parse_string; + case oPKCS11Provider: charptr = &options->pkcs11_provider; goto parse_string; @@ -1159,15 +1137,9 @@ parse_command: intptr = &options->port; parse_int: arg = strdelim(&s); - if (!arg || *arg == '\0') - fatal("%.200s line %d: Missing argument.", filename, linenum); - if (arg[0] < '0' || arg[0] > '9') - fatal("%.200s line %d: Bad number.", filename, linenum); - - /* Octal, decimal, or hex format? */ - value = strtol(arg, &endofnumber, 0); - if (arg == endofnumber) - fatal("%.200s line %d: Bad number.", filename, linenum); + if ((errstr = atoi_err(arg, &value)) != NULL) + fatal("%s line %d: integer value %s.", + filename, linenum, errstr); if (*activep && *intptr == -1) *intptr = value; break; @@ -1562,7 +1534,10 @@ parse_keytypes: case oCanonicalDomains: value = options->num_canonical_domains != 0; while ((arg = strdelim(&s)) != NULL && *arg != '\0') { - valid_domain(arg, filename, linenum); + if (!valid_domain(arg, 1, &errstr)) { + fatal("%s line %d: %s", filename, linenum, + errstr); + } if (!*activep || value) continue; if (options->num_canonical_domains >= MAX_CANON_DOMAINS) @@ -1830,6 +1805,7 @@ initialize_options(Options * options) options->log_level = SYSLOG_LEVEL_NOT_SET; options->preferred_authentications = NULL; options->bind_address = NULL; + options->bind_interface = NULL; options->pkcs11_provider = NULL; options->enable_ssh_keysign = - 1; options->no_host_authentication_for_localhost = - 1; @@ -1967,6 +1943,7 @@ fill_default_options(Options * options) #endif add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ED25519, 0); + add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_XMSS, 0); } if (options->escape_char == -1) options->escape_char = '~'; @@ -2294,11 +2271,13 @@ parse_jump(const char *s, Options *o, int active) if (first) { /* First argument and configuration is active */ - if (parse_user_host_port(cp, &user, &host, &port) != 0) + if (parse_ssh_uri(cp, &user, &host, &port) == -1 || + parse_user_host_port(cp, &user, &host, &port) != 0) goto out; } else { /* Subsequent argument or inactive configuration */ - if (parse_user_host_port(cp, NULL, NULL, NULL) != 0) + if (parse_ssh_uri(cp, NULL, NULL, NULL) == -1 || + parse_user_host_port(cp, NULL, NULL, NULL) != 0) goto out; } first = 0; /* only check syntax for subsequent hosts */ @@ -2323,6 +2302,18 @@ parse_jump(const char *s, Options *o, int active) return ret; } +int +parse_ssh_uri(const char *uri, char **userp, char **hostp, int *portp) +{ + char *path; + int r; + + r = parse_uri("ssh", uri, userp, hostp, portp, &path); + if (r == 0 && path != NULL) + r = -1; /* path not allowed */ + return r; +} + /* XXX the following is a near-vebatim copy from servconf.c; refactor */ static const char * fmt_multistate_int(int val, const struct multistate *m) @@ -2525,6 +2516,7 @@ dump_client_config(Options *o, const char *host) /* String options */ dump_cfg_string(oBindAddress, o->bind_address); + dump_cfg_string(oBindInterface, o->bind_interface); dump_cfg_string(oCiphers, o->ciphers ? o->ciphers : KEX_CLIENT_ENCRYPT); dump_cfg_string(oControlPath, o->control_path); dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms); diff --git a/readconf.h b/readconf.h index 22fe5c1873c3..f4d9e2b26576 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.123 2017/09/03 23:33:13 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.125 2018/02/23 02:34:33 djm Exp $ */ /* * Author: Tatu Ylonen @@ -81,6 +81,7 @@ typedef struct { char *user_hostfiles[SSH_MAX_HOSTS_FILES]; char *preferred_authentications; char *bind_address; /* local socket address for connection to sshd */ + char *bind_interface; /* local interface for bind address */ char *pkcs11_provider; /* PKCS#11 provider */ int verify_host_key_dns; /* Verify host key using DNS */ @@ -204,6 +205,7 @@ int read_config_file(const char *, struct passwd *, const char *, const char *, Options *, int); int parse_forward(struct Forward *, const char *, int, int); int parse_jump(const char *, Options *, int); +int parse_ssh_uri(const char *, char **, char **, int *); int default_ssh_port(void); int option_clear_or_none(const char *); void dump_client_config(Options *o, const char *host); diff --git a/regress/Makefile b/regress/Makefile index 7d50f9cfa437..d15898ad0ba1 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.95 2017/06/24 06:35:24 djm Exp $ +# $OpenBSD: Makefile,v 1.96 2017/10/24 19:33:32 millert Exp $ REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec tests: prep $(REGRESS_TARGETS) @@ -19,6 +19,7 @@ distclean: clean LTESTS= connect \ proxy-connect \ connect-privsep \ + connect-uri \ proto-version \ proto-mismatch \ exit-status \ @@ -42,6 +43,7 @@ LTESTS= connect \ keygen-moduli \ key-options \ scp \ + scp-uri \ sftp \ sftp-chroot \ sftp-cmds \ @@ -49,6 +51,7 @@ LTESTS= connect \ sftp-batch \ sftp-glob \ sftp-perm \ + sftp-uri \ reconfigure \ dynamic-forward \ forwarding \ diff --git a/regress/README.regress b/regress/README.regress index 9b99bdacb6cf..867855017894 100644 --- a/regress/README.regress +++ b/regress/README.regress @@ -100,5 +100,3 @@ Known Issues. - Recent GNU coreutils deprecate "head -[n]": this will cause the yes-head test to fail. The old behaviour can be restored by setting (and exporting) _POSIX2_VERSION=199209 before running the tests. - -$Id: README.regress,v 1.12 2011/05/05 03:48:42 djm Exp $ diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh index 037a5091493a..769c29e8da47 100644 --- a/regress/agent-getpeereid.sh +++ b/regress/agent-getpeereid.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent-getpeereid.sh,v 1.9 2017/09/13 14:58:26 bluhm Exp $ +# $OpenBSD: agent-getpeereid.sh,v 1.10 2018/02/09 03:40:22 dtucker Exp $ # Placed in the Public Domain. tid="disallow agent attach from other uid" @@ -18,6 +18,7 @@ case "x$SUDO" in xdoas) ;; x) echo "need SUDO to switch to uid $UNPRIV" + echo SKIPPED exit 0 ;; *) echo "unsupported $SUDO - "doas" and "sudo" are allowed" diff --git a/regress/agent-ptrace.sh b/regress/agent-ptrace.sh index bb676d631574..2d795ee32043 100644 --- a/regress/agent-ptrace.sh +++ b/regress/agent-ptrace.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent-ptrace.sh,v 1.2 2014/02/27 21:21:25 djm Exp $ +# $OpenBSD: agent-ptrace.sh,v 1.3 2015/09/11 04:55:01 djm Exp $ # Placed in the Public Domain. tid="disallow agent ptrace attach" diff --git a/regress/agent.sh b/regress/agent.sh index 0baf0c74a288..7111056c9be4 100644 --- a/regress/agent.sh +++ b/regress/agent.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent.sh,v 1.12 2017/04/30 23:34:55 djm Exp $ +# $OpenBSD: agent.sh,v 1.13 2017/12/19 00:49:30 djm Exp $ # Placed in the Public Domain. tid="simple agent test" @@ -12,66 +12,106 @@ trace "start agent" eval `${SSHAGENT} -s` > /dev/null r=$? if [ $r -ne 0 ]; then - fail "could not start ssh-agent: exit code $r" -else - ${SSHADD} -l > /dev/null 2>&1 - if [ $? -ne 1 ]; then - fail "ssh-add -l did not fail with exit code 1" - fi - trace "overwrite authorized keys" - printf '' > $OBJ/authorized_keys_$USER - for t in ${SSH_KEYTYPES}; do - # generate user key for agent - rm -f $OBJ/$t-agent - ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t-agent ||\ - fail "ssh-keygen for $t-agent failed" - # add to authorized keys - cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER - # add privat key to agent - ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1 - if [ $? -ne 0 ]; then - fail "ssh-add did succeed exit code 0" - fi - done - ${SSHADD} -l > /dev/null 2>&1 - r=$? - if [ $r -ne 0 ]; then - fail "ssh-add -l failed: exit code $r" - fi - # the same for full pubkey output - ${SSHADD} -L > /dev/null 2>&1 - r=$? - if [ $r -ne 0 ]; then - fail "ssh-add -L failed: exit code $r" + fatal "could not start ssh-agent: exit code $r" +fi + +${SSHADD} -l > /dev/null 2>&1 +if [ $? -ne 1 ]; then + fail "ssh-add -l did not fail with exit code 1" +fi + +rm -f $OBJ/user_ca_key $OBJ/user_ca_key.pub +${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key \ + || fatal "ssh-keygen failed" + +trace "overwrite authorized keys" +printf '' > $OBJ/authorized_keys_$USER + +for t in ${SSH_KEYTYPES}; do + # generate user key for agent + rm -f $OBJ/$t-agent $OBJ/$t-agent.pub* + ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t-agent ||\ + fatal "ssh-keygen for $t-agent failed" + # Make a certificate for each too. + ${SSHKEYGEN} -qs $OBJ/user_ca_key -I "$t cert" \ + -n estragon $OBJ/$t-agent.pub || fatal "ca sign failed" + + # add to authorized keys + cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER + # add privat key to agent + ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1 + if [ $? -ne 0 ]; then + fail "ssh-add did succeed exit code 0" fi + # Remove private key to ensure that we aren't accidentally using it. + rm -f $OBJ/$t-agent +done + +# Remove explicit identity directives from ssh_proxy +mv $OBJ/ssh_proxy $OBJ/ssh_proxy_bak +grep -vi identityfile $OBJ/ssh_proxy_bak > $OBJ/ssh_proxy + +${SSHADD} -l > /dev/null 2>&1 +r=$? +if [ $r -ne 0 ]; then + fail "ssh-add -l failed: exit code $r" +fi +# the same for full pubkey output +${SSHADD} -L > /dev/null 2>&1 +r=$? +if [ $r -ne 0 ]; then + fail "ssh-add -L failed: exit code $r" +fi - trace "simple connect via agent" - ${SSH} -F $OBJ/ssh_proxy somehost exit 52 +trace "simple connect via agent" +${SSH} -F $OBJ/ssh_proxy somehost exit 52 +r=$? +if [ $r -ne 52 ]; then + fail "ssh connect with failed (exit code $r)" +fi + +for t in ${SSH_KEYTYPES}; do + trace "connect via agent using $t key" + ${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub -oIdentitiesOnly=yes \ + somehost exit 52 r=$? if [ $r -ne 52 ]; then fail "ssh connect with failed (exit code $r)" fi +done - trace "agent forwarding" - ${SSH} -A -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 - r=$? - if [ $r -ne 0 ]; then - fail "ssh-add -l via agent fwd failed (exit code $r)" - fi - ${SSH} -A -F $OBJ/ssh_proxy somehost \ - "${SSH} -F $OBJ/ssh_proxy somehost exit 52" - r=$? - if [ $r -ne 52 ]; then - fail "agent fwd failed (exit code $r)" - fi +trace "agent forwarding" +${SSH} -A -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 +r=$? +if [ $r -ne 0 ]; then + fail "ssh-add -l via agent fwd failed (exit code $r)" +fi +${SSH} -A -F $OBJ/ssh_proxy somehost \ + "${SSH} -F $OBJ/ssh_proxy somehost exit 52" +r=$? +if [ $r -ne 52 ]; then + fail "agent fwd failed (exit code $r)" +fi - trace "delete all agent keys" - ${SSHADD} -D > /dev/null 2>&1 +(printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \ + > $OBJ/authorized_keys_$USER +for t in ${SSH_KEYTYPES}; do + trace "connect via agent using $t key" + ${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub \ + -oCertificateFile=$OBJ/$t-agent-cert.pub \ + -oIdentitiesOnly=yes somehost exit 52 r=$? - if [ $r -ne 0 ]; then - fail "ssh-add -D failed: exit code $r" + if [ $r -ne 52 ]; then + fail "ssh connect with failed (exit code $r)" fi +done - trace "kill agent" - ${SSHAGENT} -k > /dev/null +trace "delete all agent keys" +${SSHADD} -D > /dev/null 2>&1 +r=$? +if [ $r -ne 0 ]; then + fail "ssh-add -D failed: exit code $r" fi + +trace "kill agent" +${SSHAGENT} -k > /dev/null diff --git a/regress/allow-deny-users.sh b/regress/allow-deny-users.sh index 86805e19322b..4165111e0da1 100644 --- a/regress/allow-deny-users.sh +++ b/regress/allow-deny-users.sh @@ -1,5 +1,6 @@ # Public Domain # Zev Weiss, 2016 +# $OpenBSD: allow-deny-users.sh,v 1.4 2017/10/20 02:13:41 djm Exp $ tid="AllowUsers/DenyUsers" diff --git a/regress/authinfo.sh b/regress/authinfo.sh index e725296c90aa..3caf89478c1b 100644 --- a/regress/authinfo.sh +++ b/regress/authinfo.sh @@ -1,4 +1,4 @@ -# $OpenBSD: authinfo.sh,v 1.1 2017/06/24 06:35:24 djm Exp $ +# $OpenBSD: authinfo.sh,v 1.2 2017/10/25 20:08:36 millert Exp $ # Placed in the Public Domain. tid="authinfo" @@ -6,7 +6,7 @@ tid="authinfo" # Ensure the environment variable doesn't leak when ExposeAuthInfo=no. verbose "ExposeAuthInfo=no" env SSH_USER_AUTH=blah ${SSH} -F $OBJ/ssh_proxy x \ - 'test -z "$SSH_USER_AUTH"' || fail "SSH_USER_AUTH present" + 'env | grep SSH_USER_AUTH >/dev/null' && fail "SSH_USER_AUTH present" verbose "ExposeAuthInfo=yes" echo ExposeAuthInfo=yes >> $OBJ/sshd_proxy diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index 6a23fe300bf7..30c2c156d2f1 100755 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-userkey.sh,v 1.18 2017/04/30 23:34:55 djm Exp $ +# $OpenBSD: cert-userkey.sh,v 1.19 2018/03/12 00:54:04 djm Exp $ # Placed in the Public Domain. tid="certified user keys" @@ -8,6 +8,7 @@ cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'` +EXTRA_TYPES="" if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512" @@ -15,7 +16,7 @@ fi kname() { case $ktype in - rsa-sha2-*) ;; + rsa-sha2-*) n="$ktype" ;; # subshell because some seds will add a newline *) n=$(echo $1 | sed 's/^dsa/ssh-dss/;s/^rsa/ssh-rsa/;s/^ed/ssh-ed/') ;; esac diff --git a/regress/cfgmatch.sh b/regress/cfgmatch.sh index 2504d04f4c51..dd11e404dc4f 100644 --- a/regress/cfgmatch.sh +++ b/regress/cfgmatch.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cfgmatch.sh,v 1.10 2017/04/30 23:34:55 djm Exp $ +# $OpenBSD: cfgmatch.sh,v 1.11 2017/10/04 18:50:23 djm Exp $ # Placed in the Public Domain. tid="sshd_config match" @@ -41,7 +41,7 @@ stop_client() cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_config echo "Match Address 127.0.0.1" >>$OBJ/sshd_config -echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_config +echo "PermitOpen 127.0.0.1:2 127.0.0.1:3 127.0.0.1:$PORT" >>$OBJ/sshd_config grep -v AuthorizedKeysFile $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy echo "AuthorizedKeysFile /dev/null" >>$OBJ/sshd_proxy @@ -49,7 +49,7 @@ echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_proxy echo "Match user $USER" >>$OBJ/sshd_proxy echo "AuthorizedKeysFile /dev/null $OBJ/authorized_keys_%u" >>$OBJ/sshd_proxy echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy -echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_proxy +echo "PermitOpen 127.0.0.1:2 127.0.0.1:3 127.0.0.1:$PORT" >>$OBJ/sshd_proxy start_sshd diff --git a/regress/connect-uri.sh b/regress/connect-uri.sh new file mode 100644 index 000000000000..f13f15e660df --- /dev/null +++ b/regress/connect-uri.sh @@ -0,0 +1,29 @@ +# $OpenBSD: connect-uri.sh,v 1.1 2017/10/24 19:33:32 millert Exp $ +# Placed in the Public Domain. + +tid="uri connect" + +# Remove Port and User from ssh_config, we want to rely on the URI +cp $OBJ/ssh_config $OBJ/ssh_config.orig +egrep -v '^ +(Port|User) +.*$' $OBJ/ssh_config.orig > $OBJ/ssh_config + +start_sshd + +verbose "$tid: no trailing slash" +${SSH} -F $OBJ/ssh_config "ssh://${USER}@somehost:${PORT}" true +if [ $? -ne 0 ]; then + fail "ssh connection failed" +fi + +verbose "$tid: trailing slash" +${SSH} -F $OBJ/ssh_config "ssh://${USER}@somehost:${PORT}/" true +if [ $? -ne 0 ]; then + fail "ssh connection failed" +fi + +verbose "$tid: with path name" +${SSH} -F $OBJ/ssh_config "ssh://${USER}@somehost:${PORT}/${DATA}" true \ + > /dev/null 2>&1 +if [ $? -eq 0 ]; then + fail "ssh connection succeeded, expected failure" +fi diff --git a/regress/forward-control.sh b/regress/forward-control.sh index 2e9dbb53aa6b..93d05cf6393b 100755 --- a/regress/forward-control.sh +++ b/regress/forward-control.sh @@ -1,4 +1,4 @@ -# $OpenBSD: forward-control.sh,v 1.4 2017/04/30 23:34:55 djm Exp $ +# $OpenBSD: forward-control.sh,v 1.5 2018/03/02 02:51:55 djm Exp $ # Placed in the Public Domain. tid="sshd control of local and remote forwarding" @@ -151,6 +151,33 @@ all_tests() { > ${OBJ}/sshd_proxy check_lfwd $_permit_lfwd "$_prefix, permitopen" check_rfwd $_permit_rfwd "$_prefix, permitopen" + # Check port-forwarding flags in authorized_keys. + # These two should refuse all. + sed "s/^/no-port-forwarding /" \ + < ${OBJ}/authorized_keys_${USER}.bak \ + > ${OBJ}/authorized_keys_${USER} || fatal "sed 3 fail" + ( cat ${OBJ}/sshd_proxy.bak ; + echo "AllowTcpForwarding $_tcpfwd" ) \ + > ${OBJ}/sshd_proxy + check_lfwd N "$_prefix, no-port-forwarding" + check_rfwd N "$_prefix, no-port-forwarding" + sed "s/^/restrict /" \ + < ${OBJ}/authorized_keys_${USER}.bak \ + > ${OBJ}/authorized_keys_${USER} || fatal "sed 4 fail" + ( cat ${OBJ}/sshd_proxy.bak ; + echo "AllowTcpForwarding $_tcpfwd" ) \ + > ${OBJ}/sshd_proxy + check_lfwd N "$_prefix, restrict" + check_rfwd N "$_prefix, restrict" + # This should pass the same cases as _nopermit* + sed "s/^/restrict,port-forwarding /" \ + < ${OBJ}/authorized_keys_${USER}.bak \ + > ${OBJ}/authorized_keys_${USER} || fatal "sed 5 fail" + ( cat ${OBJ}/sshd_proxy.bak ; + echo "AllowTcpForwarding $_tcpfwd" ) \ + > ${OBJ}/sshd_proxy + check_lfwd $_plain_lfwd "$_prefix, restrict,port-forwarding" + check_rfwd $_plain_rfwd "$_prefix, restrict,port-forwarding" } # no-permitopen mismatch-permitopen match-permitopen diff --git a/regress/key-options.sh b/regress/key-options.sh index 2adee6833475..d680737c168b 100755 --- a/regress/key-options.sh +++ b/regress/key-options.sh @@ -1,4 +1,4 @@ -# $OpenBSD: key-options.sh,v 1.4 2017/04/30 23:34:55 djm Exp $ +# $OpenBSD: key-options.sh,v 1.8 2018/03/14 05:35:40 djm Exp $ # Placed in the Public Domain. tid="key options" @@ -21,12 +21,46 @@ for c in 'command="echo bar"' 'no-pty,command="echo bar"'; do done # Test no-pty -sed 's/.*/no-pty &/' $origkeys >$authkeys -verbose "key option proto no-pty" -r=`${SSH} -q -F $OBJ/ssh_proxy somehost tty` -if [ -f "$r" ]; then - fail "key option failed no-pty (pty $r)" -fi +expect_pty_succeed() { + which=$1 + opts=$2 + rm -f $OBJ/data + sed "s/.*/$opts &/" $origkeys >$authkeys + verbose "key option pty $which" + ${SSH} -ttq -F $OBJ/ssh_proxy somehost "tty > $OBJ/data; exit 0" + if [ $? -ne 0 ] ; then + fail "key option failed $which" + else + r=`cat $OBJ/data` + case "$r" in + /dev/*) ;; + *) fail "key option failed $which (pty $r)" ;; + esac + fi +} +expect_pty_fail() { + which=$1 + opts=$2 + rm -f $OBJ/data + sed "s/.*/$opts &/" $origkeys >$authkeys + verbose "key option pty $which" + ${SSH} -ttq -F $OBJ/ssh_proxy somehost "tty > $OBJ/data; exit 0" + if [ $? -eq 0 ]; then + r=`cat $OBJ/data` + if [ -e "$r" ]; then + fail "key option failed $which (pty $r)" + fi + case "$r" in + /dev/*) fail "key option failed $which (pty $r)" ;; + *) ;; + esac + fi +} +# First ensure that we can allocate a pty by default. +expect_pty_succeed "default" "" +expect_pty_fail "no-pty" "no-pty" +expect_pty_fail "restrict" "restrict" +expect_pty_succeed "restrict,pty" "restrict,pty" # Test environment= echo 'PermitUserEnvironment yes' >> $OBJ/sshd_proxy @@ -60,4 +94,22 @@ for f in 127.0.0.1 '127.0.0.0\/8'; do fi done -rm -f "$origkeys" +check_valid_before() { + which=$1 + opts=$2 + expect=$3 + sed "s/.*/$opts &/" $origkeys >$authkeys + verbose "key option expiry-time $which" + ${SSH} -q -F $OBJ/ssh_proxy somehost true + r=$? + case "$expect" in + fail) test $r -eq 0 && fail "key option succeeded $which" ;; + pass) test $r -ne 0 && fail "key option failed $which" ;; + *) fatal "unknown expectation $expect" ;; + esac +} +check_valid_before "default" "" "pass" +check_valid_before "invalid" 'expiry-time="INVALID"' "fail" +check_valid_before "expired" 'expiry-time="19990101"' "fail" +check_valid_before "valid" 'expiry-time="20380101"' "pass" + diff --git a/regress/keys-command.sh b/regress/keys-command.sh index 9c9ada7c7631..4029e2c78637 100755 --- a/regress/keys-command.sh +++ b/regress/keys-command.sh @@ -1,4 +1,4 @@ -# $OpenBSD: keys-command.sh,v 1.3 2015/05/21 06:40:02 djm Exp $ +# $OpenBSD: keys-command.sh,v 1.4 2016/09/26 21:34:38 bluhm Exp $ # Placed in the Public Domain. tid="authorized keys from command" diff --git a/regress/keytype.sh b/regress/keytype.sh index 88b022de4adb..f78a2c171fa5 100755 --- a/regress/keytype.sh +++ b/regress/keytype.sh @@ -1,4 +1,4 @@ -# $OpenBSD: keytype.sh,v 1.5 2017/03/20 22:08:06 djm Exp $ +# $OpenBSD: keytype.sh,v 1.7 2018/03/12 00:54:04 djm Exp $ # Placed in the Public Domain. tid="login with different key types" @@ -17,7 +17,7 @@ for i in `$SSH -Q key`; do esac done -for kt in $ktypes; do +for kt in $ktypes; do rm -f $OBJ/key.$kt bits=`echo ${kt} | awk -F- '{print $2}'` type=`echo ${kt} | awk -F- '{print $1}'` @@ -27,28 +27,28 @@ for kt in $ktypes; do done tries="1 2 3" -for ut in $ktypes; do +for ut in $ktypes; do htypes=$ut #htypes=$ktypes - for ht in $htypes; do + for ht in $htypes; do case $ht in dsa-1024) t=ssh-dss;; ecdsa-256) t=ecdsa-sha2-nistp256;; ecdsa-384) t=ecdsa-sha2-nistp384;; ecdsa-521) t=ecdsa-sha2-nistp521;; ed25519-512) t=ssh-ed25519;; - rsa-*) t=ssh-rsa;; + rsa-*) t=rsa-sha2-512,rsa-sha2-256,ssh-rsa;; esac trace "ssh connect, userkey $ut, hostkey $ht" ( grep -v HostKey $OBJ/sshd_proxy_bak - echo HostKey $OBJ/key.$ht + echo HostKey $OBJ/key.$ht echo PubkeyAcceptedKeyTypes $t echo HostKeyAlgorithms $t ) > $OBJ/sshd_proxy ( grep -v IdentityFile $OBJ/ssh_proxy_bak - echo IdentityFile $OBJ/key.$ut + echo IdentityFile $OBJ/key.$ut echo PubkeyAcceptedKeyTypes $t echo HostKeyAlgorithms $t ) > $OBJ/ssh_proxy diff --git a/regress/limit-keytype.sh b/regress/limit-keytype.sh index c0cf2fed6d86..04f11977e140 100755 --- a/regress/limit-keytype.sh +++ b/regress/limit-keytype.sh @@ -1,4 +1,4 @@ -# $OpenBSD: limit-keytype.sh,v 1.4 2015/10/29 08:05:17 djm Exp $ +# $OpenBSD: limit-keytype.sh,v 1.5 2018/03/12 00:52:57 djm Exp $ # Placed in the Public Domain. tid="restrict pubkey type" @@ -60,7 +60,8 @@ ${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed" # Allow plain Ed25519 and RSA. The certificate should fail. verbose "allow rsa,ed25519" -prepare_config "PubkeyAcceptedKeyTypes ssh-rsa,ssh-ed25519" +prepare_config \ + "PubkeyAcceptedKeyTypes rsa-sha2-256,rsa-sha2-512,ssh-rsa,ssh-ed25519" ${SSH} $certopts proxy true && fatal "cert succeeded" ${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed" ${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed" @@ -74,14 +75,14 @@ ${SSH} $opts -i $OBJ/user_key2 proxy true && fatal "key2 succeeded" # Allow all certs. Plain keys should fail. verbose "allow cert only" -prepare_config "PubkeyAcceptedKeyTypes ssh-*-cert-v01@openssh.com" +prepare_config "PubkeyAcceptedKeyTypes *-cert-v01@openssh.com" ${SSH} $certopts proxy true || fatal "cert failed" ${SSH} $opts -i $OBJ/user_key1 proxy true && fatal "key1 succeeded" ${SSH} $opts -i $OBJ/user_key2 proxy true && fatal "key2 succeeded" # Allow RSA in main config, Ed25519 for non-existent user. verbose "match w/ no match" -prepare_config "PubkeyAcceptedKeyTypes ssh-rsa" \ +prepare_config "PubkeyAcceptedKeyTypes rsa-sha2-256,rsa-sha2-512,ssh-rsa" \ "Match user x$USER" "PubkeyAcceptedKeyTypes +ssh-ed25519" ${SSH} $certopts proxy true && fatal "cert succeeded" ${SSH} $opts -i $OBJ/user_key1 proxy true && fatal "key1 succeeded" diff --git a/regress/misc/fuzz-harness/sig_fuzz.cc b/regress/misc/fuzz-harness/sig_fuzz.cc index 0e535b49a5af..dd1fda091f49 100644 --- a/regress/misc/fuzz-harness/sig_fuzz.cc +++ b/regress/misc/fuzz-harness/sig_fuzz.cc @@ -37,13 +37,13 @@ int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen) static const size_t dlen = strlen(data); #ifdef WITH_OPENSSL - sshkey_verify(rsa, sig, slen, (const u_char *)data, dlen, 0); - sshkey_verify(dsa, sig, slen, (const u_char *)data, dlen, 0); - sshkey_verify(ecdsa256, sig, slen, (const u_char *)data, dlen, 0); - sshkey_verify(ecdsa384, sig, slen, (const u_char *)data, dlen, 0); - sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, 0); + sshkey_verify(rsa, sig, slen, (const u_char *)data, dlen, NULL, 0); + sshkey_verify(dsa, sig, slen, (const u_char *)data, dlen, NULL, 0); + sshkey_verify(ecdsa256, sig, slen, (const u_char *)data, dlen, NULL, 0); + sshkey_verify(ecdsa384, sig, slen, (const u_char *)data, dlen, NULL, 0); + sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, NULL, 0); #endif - sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, 0); + sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, NULL, 0); return 0; } diff --git a/regress/misc/kexfuzz/Makefile b/regress/misc/kexfuzz/Makefile index d0aca8dfe7e7..a7bb6b70d211 100644 --- a/regress/misc/kexfuzz/Makefile +++ b/regress/misc/kexfuzz/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.2 2017/04/17 11:02:31 jsg Exp $ +# $OpenBSD: Makefile,v 1.3 2017/12/21 05:46:35 djm Exp $ .include .include @@ -9,6 +9,25 @@ OPENSSL?= yes PROG= kexfuzz SRCS= kexfuzz.c + +SSHREL=../../../../../usr.bin/ssh +.PATH: ${.CURDIR}/${SSHREL} +# From usr.bin/ssh +SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c +SRCS+=atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c ssh-dss.c +SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c +SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c +SRCS+=addrmatch.c bitmap.c packet.c dispatch.c canohost.c ssh_api.c +SRCS+=kex.c kexc25519.c kexc25519c.c kexc25519s.c kexdh.c kexdhc.c kexdhs.c +SRCS+=kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c kexgexs.c +SRCS+=dh.c compat.c +SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c +SRCS+=cipher-chachapoly.c chacha.c poly1305.c +SRCS+=smult_curve25519_ref.c + +SRCS+=digest-openssl.c +#SRCS+=digest-libc.c + NOMAN= 1 .if (${OPENSSL:L} == "yes") @@ -49,23 +68,14 @@ CDIAGFLAGS+= -Wswitch CDIAGFLAGS+= -Wtrigraphs CDIAGFLAGS+= -Wuninitialized CDIAGFLAGS+= -Wunused +CDIAGFLAGS+= -Wno-unused-parameter .if ${COMPILER_VERSION:L} != "gcc3" -CDIAGFLAGS+= -Wpointer-sign CDIAGFLAGS+= -Wold-style-definition .endif -SSHREL=../../../../../usr.bin/ssh CFLAGS+=-I${.CURDIR}/${SSHREL} -.if exists(${.CURDIR}/${SSHREL}/lib/${__objdir}) -LDADD+=-L${.CURDIR}/${SSHREL}/lib/${__objdir} -lssh -DPADD+=${.CURDIR}/${SSHREL}/lib/${__objdir}/libssh.a -.else -LDADD+=-L${.CURDIR}/${SSHREL}/lib -lssh -DPADD+=${.CURDIR}/${SSHREL}/lib/libssh.a -.endif - LDADD+= -lutil -lz DPADD+= ${LIBUTIL} ${LIBZ} diff --git a/regress/misc/kexfuzz/README b/regress/misc/kexfuzz/README index abd7b50eeaf2..504c26f3bed3 100644 --- a/regress/misc/kexfuzz/README +++ b/regress/misc/kexfuzz/README @@ -30,3 +30,5 @@ Limitations: kexfuzz can't change the ordering of packets at present. It is limited to replacing individual packets with fuzzed variants with the same type. It really should allow insertion, deletion on replacement of packets too. + +$OpenBSD: README,v 1.3 2017/10/20 02:13:41 djm Exp $ diff --git a/regress/netcat.c b/regress/netcat.c index 98a08b1eceae..56bd09de5485 100644 --- a/regress/netcat.c +++ b/regress/netcat.c @@ -738,7 +738,12 @@ local_listen(char *host, char *port, struct addrinfo hints) #ifdef SO_REUSEPORT ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x)); if (ret == -1) - err(1, "setsockopt"); + err(1, "setsockopt SO_REUSEPORT"); +#endif +#ifdef SO_REUSEADDR + ret = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x)); + if (ret == -1) + err(1, "setsockopt SO_REUSEADDR"); #endif set_common_sockopts(s); diff --git a/regress/proxy-connect.sh b/regress/proxy-connect.sh index f1b9d9f76bd7..39bbd3c96e76 100644 --- a/regress/proxy-connect.sh +++ b/regress/proxy-connect.sh @@ -1,25 +1,19 @@ -# $OpenBSD: proxy-connect.sh,v 1.10 2017/04/30 23:34:55 djm Exp $ +# $OpenBSD: proxy-connect.sh,v 1.11 2017/09/26 22:39:25 dtucker Exp $ # Placed in the Public Domain. tid="proxy connect" -mv $OBJ/sshd_proxy $OBJ/sshd_proxy.orig - -for ps in no yes; do - cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy - echo "UsePrivilegeSeparation $ps" >> $OBJ/sshd_proxy - for c in no yes; do - verbose "plain username privsep=$ps comp=$c" - opts="-oCompression=$c -F $OBJ/ssh_proxy" - SSH_CONNECTION=`${SSH} $opts 999.999.999.999 'echo $SSH_CONNECTION'` - if [ $? -ne 0 ]; then - fail "ssh proxyconnect privsep=$ps comp=$c failed" - fi - if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then - fail "bad SSH_CONNECTION privsep=$ps comp=$c: " \ - "$SSH_CONNECTION" - fi - done +for c in no yes; do + verbose "plain username comp=$c" + opts="-oCompression=$c -F $OBJ/ssh_proxy" + SSH_CONNECTION=`${SSH} $opts 999.999.999.999 'echo $SSH_CONNECTION'` + if [ $? -ne 0 ]; then + fail "ssh proxyconnect comp=$c failed" + fi + if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then + fail "bad SSH_CONNECTION comp=$c: " \ + "$SSH_CONNECTION" + fi done verbose "username with style" diff --git a/regress/putty-ciphers.sh b/regress/putty-ciphers.sh index 419daabbaa75..191a2bda8d35 100755 --- a/regress/putty-ciphers.sh +++ b/regress/putty-ciphers.sh @@ -15,7 +15,7 @@ for c in aes 3des aes128-ctr aes192-ctr aes256-ctr ; do echo "Cipher=$c" >> ${OBJ}/.putty/sessions/cipher_$c rm -f ${COPY} - env HOME=$PWD ${PLINK} -load cipher_$c -batch -i putty.rsa2 \ + env HOME=$PWD ${PLINK} -load cipher_$c -batch -i ${OBJ}/putty.rsa2 \ cat ${DATA} > ${COPY} if [ $? -ne 0 ]; then fail "ssh cat $DATA failed" diff --git a/regress/putty-kex.sh b/regress/putty-kex.sh index 9d3c6a9f0e7b..71c09701b2c8 100755 --- a/regress/putty-kex.sh +++ b/regress/putty-kex.sh @@ -14,7 +14,7 @@ for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ; do ${OBJ}/.putty/sessions/kex_$k echo "KEX=$k" >> ${OBJ}/.putty/sessions/kex_$k - env HOME=$PWD ${PLINK} -load kex_$k -batch -i putty.rsa2 true + env HOME=$PWD ${PLINK} -load kex_$k -batch -i ${OBJ}/putty.rsa2 true if [ $? -ne 0 ]; then fail "KEX $k failed" fi diff --git a/regress/putty-transfer.sh b/regress/putty-transfer.sh index 32c79f9ea4b9..4928d4533f6b 100755 --- a/regress/putty-transfer.sh +++ b/regress/putty-transfer.sh @@ -1,4 +1,4 @@ -# $OpenBSD: putty-transfer.sh,v 1.5 2017/04/30 23:34:55 djm Exp $ +# $OpenBSD: putty-transfer.sh,v 1.6 2018/02/23 03:03:00 djm Exp $ # Placed in the Public Domain. tid="putty transfer data" @@ -15,7 +15,7 @@ for c in 0 1 ; do ${OBJ}/.putty/sessions/compression_$c echo "Compression=$c" >> ${OBJ}/.putty/sessions/kex_$k env HOME=$PWD ${PLINK} -load compression_$c -batch \ - -i putty.rsa cat ${DATA} > ${COPY} + -i ${OBJ}/putty.rsa2 cat ${DATA} > ${COPY} if [ $? -ne 0 ]; then fail "ssh cat $DATA failed" fi @@ -26,7 +26,7 @@ for c in 0 1 ; do rm -f ${COPY} dd if=$DATA obs=${s} 2> /dev/null | \ env HOME=$PWD ${PLINK} -load compression_$c \ - -batch -i putty.rsa \ + -batch -i ${OBJ}/putty.rsa2 \ "cat > ${COPY}" if [ $? -ne 0 ]; then fail "ssh cat $DATA failed" diff --git a/regress/scp-uri.sh b/regress/scp-uri.sh new file mode 100644 index 000000000000..c03d8bbe0761 --- /dev/null +++ b/regress/scp-uri.sh @@ -0,0 +1,70 @@ +# $OpenBSD: scp-uri.sh,v 1.2 2017/12/11 11:41:56 dtucker Exp $ +# Placed in the Public Domain. + +tid="scp-uri" + +#set -x + +COPY2=${OBJ}/copy2 +DIR=${COPY}.dd +DIR2=${COPY}.dd2 + +SRC=`dirname ${SCRIPT}` +cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp +chmod 755 ${OBJ}/scp-ssh-wrapper.scp +scpopts="-q -S ${OBJ}/scp-ssh-wrapper.scp" +export SCP # used in scp-ssh-wrapper.scp + +scpclean() { + rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2} + mkdir ${DIR} ${DIR2} +} + +# Remove Port and User from ssh_config, we want to rely on the URI +cp $OBJ/ssh_config $OBJ/ssh_config.orig +egrep -v '^ +(Port|User) +.*$' $OBJ/ssh_config.orig > $OBJ/ssh_config + +verbose "$tid: simple copy local file to remote file" +scpclean +$SCP $scpopts ${DATA} "scp://${USER}@somehost:${PORT}/${COPY}" || fail "copy failed" +cmp ${DATA} ${COPY} || fail "corrupted copy" + +verbose "$tid: simple copy remote file to local file" +scpclean +$SCP $scpopts "scp://${USER}@somehost:${PORT}/${DATA}" ${COPY} || fail "copy failed" +cmp ${DATA} ${COPY} || fail "corrupted copy" + +verbose "$tid: simple copy local file to remote dir" +scpclean +cp ${DATA} ${COPY} +$SCP $scpopts ${COPY} "scp://${USER}@somehost:${PORT}/${DIR}" || fail "copy failed" +cmp ${COPY} ${DIR}/copy || fail "corrupted copy" + +verbose "$tid: simple copy remote file to local dir" +scpclean +cp ${DATA} ${COPY} +$SCP $scpopts "scp://${USER}@somehost:${PORT}/${COPY}" ${DIR} || fail "copy failed" +cmp ${COPY} ${DIR}/copy || fail "corrupted copy" + +verbose "$tid: recursive local dir to remote dir" +scpclean +rm -rf ${DIR2} +cp ${DATA} ${DIR}/copy +$SCP $scpopts -r ${DIR} "scp://${USER}@somehost:${PORT}/${DIR2}" || fail "copy failed" +for i in $(cd ${DIR} && echo *); do + cmp ${DIR}/$i ${DIR2}/$i || fail "corrupted copy" +done + +verbose "$tid: recursive remote dir to local dir" +scpclean +rm -rf ${DIR2} +cp ${DATA} ${DIR}/copy +$SCP $scpopts -r "scp://${USER}@somehost:${PORT}/${DIR}" ${DIR2} || fail "copy failed" +for i in $(cd ${DIR} && echo *); do + cmp ${DIR}/$i ${DIR2}/$i || fail "corrupted copy" +done + +# TODO: scp -3 + +scpclean +rm -f ${OBJ}/scp-ssh-wrapper.exe diff --git a/regress/sftp-chroot.sh b/regress/sftp-chroot.sh index 4ea2fce8570d..ba5bd1efb30e 100755 --- a/regress/sftp-chroot.sh +++ b/regress/sftp-chroot.sh @@ -1,4 +1,4 @@ -# $OpenBSD: sftp-chroot.sh,v 1.5 2016/09/26 21:34:38 bluhm Exp $ +# $OpenBSD: sftp-chroot.sh,v 1.6 2018/02/09 03:42:57 dtucker Exp $ # Placed in the Public Domain. tid="sftp in chroot" @@ -8,8 +8,9 @@ FILENAME=testdata_${USER} PRIVDATA=${CHROOT}/${FILENAME} if [ -z "$SUDO" -a ! -w /var/run ]; then - echo "skipped: need SUDO to create file in /var/run, test won't work without" - exit 0 + echo "need SUDO to create file in /var/run, test won't work without" + echo SKIPPED + exit 0 fi if ! $OBJ/check-perm -m chroot "$CHROOT" ; then diff --git a/regress/sftp-uri.sh b/regress/sftp-uri.sh new file mode 100644 index 000000000000..7be104dfbb40 --- /dev/null +++ b/regress/sftp-uri.sh @@ -0,0 +1,63 @@ +# $OpenBSD: sftp-uri.sh,v 1.1 2017/10/24 19:33:32 millert Exp $ +# Placed in the Public Domain. + +tid="sftp-uri" + +#set -x + +COPY2=${OBJ}/copy2 +DIR=${COPY}.dd +DIR2=${COPY}.dd2 +SRC=`dirname ${SCRIPT}` + +sftpclean() { + rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2} + mkdir ${DIR} ${DIR2} +} + +start_sshd -oForceCommand="internal-sftp -d /" + +# Remove Port and User from ssh_config, we want to rely on the URI +cp $OBJ/ssh_config $OBJ/ssh_config.orig +egrep -v '^ +(Port|User) +.*$' $OBJ/ssh_config.orig > $OBJ/ssh_config + +verbose "$tid: non-interactive fetch to local file" +sftpclean +${SFTP} -q -S "$SSH" -F $OBJ/ssh_config "sftp://${USER}@somehost:${PORT}/${DATA}" ${COPY} || fail "copy failed" +cmp ${DATA} ${COPY} || fail "corrupted copy" + +verbose "$tid: non-interactive fetch to local dir" +sftpclean +cp ${DATA} ${COPY} +${SFTP} -q -S "$SSH" -F $OBJ/ssh_config "sftp://${USER}@somehost:${PORT}/${COPY}" ${DIR} || fail "copy failed" +cmp ${COPY} ${DIR}/copy || fail "corrupted copy" + +verbose "$tid: put to remote directory (trailing slash)" +sftpclean +${SFTP} -q -S "$SSH" -F $OBJ/ssh_config -b - \ + "sftp://${USER}@somehost:${PORT}/${DIR}/" > /dev/null 2>&1 << EOF + version + put ${DATA} copy +EOF +r=$? +if [ $r -ne 0 ]; then + fail "sftp failed with $r" +else + cmp ${DATA} ${DIR}/copy || fail "corrupted copy" +fi + +verbose "$tid: put to remote directory (no slash)" +sftpclean +${SFTP} -q -S "$SSH" -F $OBJ/ssh_config -b - \ + "sftp://${USER}@somehost:${PORT}/${DIR}" > /dev/null 2>&1 << EOF + version + put ${DATA} copy +EOF +r=$? +if [ $r -ne 0 ]; then + fail "sftp failed with $r" +else + cmp ${DATA} ${DIR}/copy || fail "corrupted copy" +fi + +sftpclean diff --git a/regress/sftp.sh b/regress/sftp.sh index b8e9f752791a..a5c88f584359 100644 --- a/regress/sftp.sh +++ b/regress/sftp.sh @@ -1,4 +1,4 @@ -# $OpenBSD: sftp.sh,v 1.5 2013/05/17 10:28:11 dtucker Exp $ +# $OpenBSD: sftp.sh,v 1.6 2017/10/30 21:59:43 djm Exp $ # Placed in the Public Domain. tid="basic sftp put/get" @@ -22,11 +22,11 @@ for B in ${BUFFERSIZE}; do r=$? if [ $r -ne 0 ]; then fail "sftp failed with $r" - else + else cmp $DATA ${COPY}.1 || fail "corrupted copy after get" cmp $DATA ${COPY}.2 || fail "corrupted copy after put" fi done done -rm -f ${COPY}.1 ${COPY}.2 +rm -f ${COPY}.1 ${COPY}.2 rm -f $SFTPCMDFILE diff --git a/regress/sshd-log-wrapper.sh b/regress/sshd-log-wrapper.sh index c00934c780ba..29dc44aa0b53 100644 --- a/regress/sshd-log-wrapper.sh +++ b/regress/sshd-log-wrapper.sh @@ -1,5 +1,5 @@ #!/bin/sh -# $OpenBSD: sshd-log-wrapper.sh,v 1.3 2013/04/07 02:16:03 dtucker Exp $ +# $OpenBSD: sshd-log-wrapper.sh,v 1.4 2016/11/25 02:56:49 dtucker Exp $ # Placed in the Public Domain. # # simple wrapper for sshd proxy mode to catch stderr output diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 68f010b70ddc..b6169f15703a 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.61 2017/07/28 10:32:08 dtucker Exp $ +# $OpenBSD: test-exec.sh,v 1.62 2018/03/16 09:06:31 dtucker Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -503,6 +503,7 @@ if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then # Add a PuTTY key to authorized_keys rm -f ${OBJ}/putty.rsa2 if ! puttygen -t rsa -o ${OBJ}/putty.rsa2 \ + --random-device=/dev/urandom \ --new-passphrase /dev/null < /dev/null > /dev/null; then echo "Your installed version of PuTTY is too old to support --new-passphrase; trying without (may require manual interaction) ..." >&2 puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null @@ -526,6 +527,9 @@ if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy echo "ProxyLocalhost=1" >> ${OBJ}/.putty/sessions/localhost_proxy + PUTTYDIR=${OBJ}/.putty + export PUTTYDIR + REGRESS_INTEROP_PUTTY=yes fi diff --git a/regress/unittests/Makefile b/regress/unittests/Makefile index e975f6ca4160..e464b085adc8 100644 --- a/regress/unittests/Makefile +++ b/regress/unittests/Makefile @@ -1,6 +1,7 @@ -# $OpenBSD: Makefile,v 1.9 2017/03/14 01:20:29 dtucker Exp $ +# $OpenBSD: Makefile,v 1.10 2018/03/03 03:16:17 djm Exp $ REGRESS_FAIL_EARLY?= yes SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 match conversion +SUBDIR+=authopt .include diff --git a/regress/unittests/Makefile.inc b/regress/unittests/Makefile.inc index 36d1ff42c06e..b509f4452500 100644 --- a/regress/unittests/Makefile.inc +++ b/regress/unittests/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.11 2017/04/30 23:33:48 djm Exp $ +# $OpenBSD: Makefile.inc,v 1.12 2017/12/21 00:41:22 djm Exp $ .include .include @@ -30,8 +30,8 @@ CDIAGFLAGS+= -Wswitch CDIAGFLAGS+= -Wtrigraphs CDIAGFLAGS+= -Wuninitialized CDIAGFLAGS+= -Wunused +CDIAGFLAGS+= -Wno-unused-parameter .if ${COMPILER_VERSION:L} != "gcc3" -CDIAGFLAGS+= -Wpointer-sign CDIAGFLAGS+= -Wold-style-definition .endif @@ -47,17 +47,7 @@ LDADD+=-L${.CURDIR}/../test_helper -ltest_helper DPADD+=${.CURDIR}/../test_helper/libtest_helper.a .endif -.if exists(${.CURDIR}/${SSHREL}/lib/${__objdir}) -LDADD+=-L${.CURDIR}/${SSHREL}/lib/${__objdir} -lssh -LIBSSH=${.CURDIR}/${SSHREL}/lib/${__objdir}/libssh.a -.else -LDADD+=-L${.CURDIR}/${SSHREL}/lib -lssh -LIBSSH=${.CURDIR}/${SSHREL}/lib/libssh.a -.endif -DPADD+=${LIBSSH} -${PROG}: ${LIBSSH} -${LIBSSH}: - cd ${.CURDIR}/${SSHREL} && ${MAKE} lib +.PATH: ${.CURDIR}/${SSHREL} LDADD+= -lcrypto DPADD+= ${LIBCRYPTO} diff --git a/regress/unittests/authopt/testdata/all_permit.cert b/regress/unittests/authopt/testdata/all_permit.cert new file mode 100644 index 000000000000..38ac57318525 --- /dev/null +++ b/regress/unittests/authopt/testdata/all_permit.cert @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIOv/h7mJS1WkRHukSvqPwKDiNVrcib/VqBLpbHW6xjWCAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgKFWCzCzQTh9UkoHphbgwaa86Q16Kern0UjqOr7Q+Jk8AAABTAAAAC3NzaC1lZDI1NTE5AAAAQNe1XDN+J4Eb82TH5J5sYypcabocufjTFRfpU57K+csRP41Yo1FCSEWx95ilUuNvK9Iv3yFDOeVPzdqRqzWoHwE= user key diff --git a/regress/unittests/authopt/testdata/bad_sourceaddr.cert b/regress/unittests/authopt/testdata/bad_sourceaddr.cert new file mode 100644 index 000000000000..9732745ac44f --- /dev/null +++ b/regress/unittests/authopt/testdata/bad_sourceaddr.cert @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAILFEJyunlz9scYU3mwbOEJoSSkeO1z20uNBw13tEn+lJAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAHwAAAA5zb3VyY2UtYWRkcmVzcwAAAAkAAAAFeHh4eHgAAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIChVgsws0E4fVJKB6YW4MGmvOkNeinq59FI6jq+0PiZPAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEA5xY/OEAJ3tgg8/KJqaBR5KMdYYRDiMJ6u4VKS9lQOV1HJQvDDvjj3F5k53BIqTJRVQx242YWs+B3C4db/uLgB user key diff --git a/regress/unittests/authopt/testdata/force_command.cert b/regress/unittests/authopt/testdata/force_command.cert new file mode 100644 index 000000000000..f7af27e43030 --- /dev/null +++ b/regress/unittests/authopt/testdata/force_command.cert @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIJkpCeqaVl6qnp7qa90KehAmHFecx3HW8HZQ22KEqeKBAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAHAAAAA1mb3JjZS1jb21tYW5kAAAABwAAAANmb28AAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIChVgsws0E4fVJKB6YW4MGmvOkNeinq59FI6jq+0PiZPAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEAxbhjgbXvfEumRP1E7VH8nUfuJyVlDChhCxiPg9Nvb9PFK8cHdDUEybDCzKCsIDieRc3mtLTyEu7Kb52va/B4C user key diff --git a/regress/unittests/authopt/testdata/host.cert b/regress/unittests/authopt/testdata/host.cert new file mode 100644 index 000000000000..6326d0453497 --- /dev/null +++ b/regress/unittests/authopt/testdata/host.cert @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIFWMw3ftP29RSefnxQwdvK1KiE2G9Y7rPRrJ7ZsrDiOeAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAACAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAoVYLMLNBOH1SSgemFuDBprzpDXop6ufRSOo6vtD4mTwAAAFMAAAALc3NoLWVkMjU1MTkAAABAKTMqwPkaBg23RS7/aj347dc2kY4bWt/sHwzREYSrKRqZ5RNBnSvZOQ8m5euMCEuf92bZ8VJEdF653jRiW6VoBA== user key diff --git a/regress/unittests/authopt/testdata/mktestdata.sh b/regress/unittests/authopt/testdata/mktestdata.sh new file mode 100644 index 000000000000..06a24e39002c --- /dev/null +++ b/regress/unittests/authopt/testdata/mktestdata.sh @@ -0,0 +1,48 @@ +#/bin/sh + +set -xe + +rm -f ca_key ca_key.pub +rm -f user_key user_key.pub +rm -f *.cert + +ssh-keygen -q -f ca_key -t ed25519 -C CA -N '' +ssh-keygen -q -f user_key -t ed25519 -C "user key" -N '' + +sign() { + output=$1 + shift + set -xe + ssh-keygen -q -s ca_key -I user -n user \ + -V 19990101:19991231 -z 1 "$@" user_key.pub + mv user_key-cert.pub "$output" +} + +sign all_permit.cert -Opermit-agent-forwarding -Opermit-port-forwarding \ + -Opermit-pty -Opermit-user-rc -Opermit-X11-forwarding +sign no_permit.cert -Oclear + +sign no_agentfwd.cert -Ono-agent-forwarding +sign no_portfwd.cert -Ono-port-forwarding +sign no_pty.cert -Ono-pty +sign no_user_rc.cert -Ono-user-rc +sign no_x11fwd.cert -Ono-X11-forwarding + +sign only_agentfwd.cert -Oclear -Opermit-agent-forwarding +sign only_portfwd.cert -Oclear -Opermit-port-forwarding +sign only_pty.cert -Oclear -Opermit-pty +sign only_user_rc.cert -Oclear -Opermit-user-rc +sign only_x11fwd.cert -Oclear -Opermit-X11-forwarding + +sign force_command.cert -Oforce-command="foo" +sign sourceaddr.cert -Osource-address="127.0.0.1/32,::1/128" + +# ssh-keygen won't permit generation of certs with invalid source-address +# values, so we do it as a custom extension. +sign bad_sourceaddr.cert -Ocritical:source-address=xxxxx + +sign unknown_critical.cert -Ocritical:blah=foo + +sign host.cert -h + +rm -f user_key ca_key user_key.pub ca_key.pub diff --git a/regress/unittests/authopt/testdata/no_agentfwd.cert b/regress/unittests/authopt/testdata/no_agentfwd.cert new file mode 100644 index 000000000000..bfa5c2e658cb --- /dev/null +++ b/regress/unittests/authopt/testdata/no_agentfwd.cert @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIL2qEsLCVtKaBkbCrZicxbPUorcHHrQ8yw5h/26krTOlAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAGMAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAoVYLMLNBOH1SSgemFuDBprzpDXop6ufRSOo6vtD4mTwAAAFMAAAALc3NoLWVkMjU1MTkAAABAdRhISpol01OwV30g39PM/JD1t35muskX4lyCcGpFQ08GQtBuHE/hABOp6apbGBJIC7CZYYF+uHkD7PfGU3NPAQ== user key diff --git a/regress/unittests/authopt/testdata/no_permit.cert b/regress/unittests/authopt/testdata/no_permit.cert new file mode 100644 index 000000000000..351e138aeaa9 --- /dev/null +++ b/regress/unittests/authopt/testdata/no_permit.cert @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIGVQtVgp9sD4sc8esIhVWbZaM8d0NxpX3UbEVzTHm9feAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAoVYLMLNBOH1SSgemFuDBprzpDXop6ufRSOo6vtD4mTwAAAFMAAAALc3NoLWVkMjU1MTkAAABAIKlI0TqqraKjYTjIuKhwoxAV/XnzWRJHq8lNs4aj5yDb84un2xXDF/0vXoLjPgVcLgEbksBKKn0i4whp+xn9Ag== user key diff --git a/regress/unittests/authopt/testdata/no_portfwd.cert b/regress/unittests/authopt/testdata/no_portfwd.cert new file mode 100644 index 000000000000..9457dc34e76c --- /dev/null +++ b/regress/unittests/authopt/testdata/no_portfwd.cert @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIE6gC/QjjuzGWVDkr8ZyaHhja80V+lKLC/MvmEFa+CEBAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAGQAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgKFWCzCzQTh9UkoHphbgwaa86Q16Kern0UjqOr7Q+Jk8AAABTAAAAC3NzaC1lZDI1NTE5AAAAQEzpgckYlfc1BK1ir0reDSXo9OIDx4UoDMrNXrFO6I44NXoJJ4TlUUJH07WcKp/Xp5ESCdyVZtqwgHQxZr0+PwI= user key diff --git a/regress/unittests/authopt/testdata/no_pty.cert b/regress/unittests/authopt/testdata/no_pty.cert new file mode 100644 index 000000000000..e8154ec7f8b6 --- /dev/null +++ b/regress/unittests/authopt/testdata/no_pty.cert @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIFFjhISpSDR3blDejuCf2T9Fe4aHW53jG7KOH2PV/E7jAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAHAAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgKFWCzCzQTh9UkoHphbgwaa86Q16Kern0UjqOr7Q+Jk8AAABTAAAAC3NzaC1lZDI1NTE5AAAAQF5c4BdxVYgqbMGAep414IGFK4deCFBCeNUTOLpKodrfb1M0gS4d2qoeMxZvMv5yMf/viKl/gallHzEmcrEcIQY= user key diff --git a/regress/unittests/authopt/testdata/no_user_rc.cert b/regress/unittests/authopt/testdata/no_user_rc.cert new file mode 100644 index 000000000000..6676a0cbd4cb --- /dev/null +++ b/regress/unittests/authopt/testdata/no_user_rc.cert @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIFUM0VLATkYh05QeS5uuhB1X50NMom3jTWeQUmrPQ1FwAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAGwAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAoVYLMLNBOH1SSgemFuDBprzpDXop6ufRSOo6vtD4mTwAAAFMAAAALc3NoLWVkMjU1MTkAAABAcmJ3c2FCKJL9BCLv1Ij+uN1N+NWZmMXYionsSkv42Go4pMZiH3g8UfTd+OKq9Q7GAcCzGXa///6Dr/wqFssoDA== user key diff --git a/regress/unittests/authopt/testdata/no_x11fwd.cert b/regress/unittests/authopt/testdata/no_x11fwd.cert new file mode 100644 index 000000000000..0aff9e6cfea8 --- /dev/null +++ b/regress/unittests/authopt/testdata/no_x11fwd.cert @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIPRKPAP+b5S+4zihdgoJrYNcMovFBgKZaJupIhN1kUvkAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAGUAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIChVgsws0E4fVJKB6YW4MGmvOkNeinq59FI6jq+0PiZPAAAAUwAAAAtzc2gtZWQyNTUxOQAAAECMzj6VDfT+BJmIEo1qUKdr8VDLExF92K7KkbNxTH77n7uip7TL24HDfXjYBCvqxSSn9KAGBhnWsIC/GPx6A+cP user key diff --git a/regress/unittests/authopt/testdata/only_agentfwd.cert b/regress/unittests/authopt/testdata/only_agentfwd.cert new file mode 100644 index 000000000000..3cf64b05c2de --- /dev/null +++ b/regress/unittests/authopt/testdata/only_agentfwd.cert @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIOvJ28yW5uvA7yxE3ySuyFvPjcRYKAr03CYr4okGTNIFAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAB8AAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgKFWCzCzQTh9UkoHphbgwaa86Q16Kern0UjqOr7Q+Jk8AAABTAAAAC3NzaC1lZDI1NTE5AAAAQEG2uTgmOSk9dJ0s/Ol1EIERXFP9PF6AauF9t5jBMSthNyvSANSrC/1EIaf4TV5kMYfhZxJXoS0XHQjGndcq2AE= user key diff --git a/regress/unittests/authopt/testdata/only_portfwd.cert b/regress/unittests/authopt/testdata/only_portfwd.cert new file mode 100644 index 000000000000..bb09c3a6335c --- /dev/null +++ b/regress/unittests/authopt/testdata/only_portfwd.cert @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIGPoYoExiSyHMyDEvOFgoNZXk5z91u7xq/7357X23TotAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAB4AAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAoVYLMLNBOH1SSgemFuDBprzpDXop6ufRSOo6vtD4mTwAAAFMAAAALc3NoLWVkMjU1MTkAAABAHN3YnwipcbDKVn+PObGSoaT9rwlau+yrPYZ50oetvCKng3RMjGaV+roqlv0vjjLcxE9J4Y0ti+9MXtQ0D7beBA== user key diff --git a/regress/unittests/authopt/testdata/only_pty.cert b/regress/unittests/authopt/testdata/only_pty.cert new file mode 100644 index 000000000000..520c89f3be72 --- /dev/null +++ b/regress/unittests/authopt/testdata/only_pty.cert @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAILvocWYto5Lg7P46YLbe7U4/b2h9Lr5rWqMZ4Cj4ra7RAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAABIAAAAKcGVybWl0LXB0eQAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAoVYLMLNBOH1SSgemFuDBprzpDXop6ufRSOo6vtD4mTwAAAFMAAAALc3NoLWVkMjU1MTkAAABASv2xQvp+Y6E8dCf5pzg3MZaan5bl1ToYXNcmQ3ysGrk9Djkcu8m3TytDpF471KmUejxy/iF4xjs9CDpk7h+SBQ== user key diff --git a/regress/unittests/authopt/testdata/only_user_rc.cert b/regress/unittests/authopt/testdata/only_user_rc.cert new file mode 100644 index 000000000000..fb49c35f3c83 --- /dev/null +++ b/regress/unittests/authopt/testdata/only_user_rc.cert @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIJwsRZQ7kx4A8AQ0q/G/3i6sHM48kr4TxJtTcyy3lZAPAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAABYAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgKFWCzCzQTh9UkoHphbgwaa86Q16Kern0UjqOr7Q+Jk8AAABTAAAAC3NzaC1lZDI1NTE5AAAAQDhgEXsvoHr21XrxmiZq/sIjWeYapp11XvEVkkTBPVhBnPwtrrUeJbPmGs3gmJkQdv8BYajYpT7TXEX8GvEeLwU= user key diff --git a/regress/unittests/authopt/testdata/only_x11fwd.cert b/regress/unittests/authopt/testdata/only_x11fwd.cert new file mode 100644 index 000000000000..6715585a0f05 --- /dev/null +++ b/regress/unittests/authopt/testdata/only_x11fwd.cert @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIDAhZFZBl3eu8Qa8I5BaHCz/mpH8xCjaPusBwo1eJ9OGAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAB0AAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIChVgsws0E4fVJKB6YW4MGmvOkNeinq59FI6jq+0PiZPAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEDysfgbhniX/zdA8576rrDJpaO2D7QtQse2KWIM9XmREPkLKeP6FKiXKKFcPQiMyV28rptfvK8bBXAiOvITSUgL user key diff --git a/regress/unittests/authopt/testdata/sourceaddr.cert b/regress/unittests/authopt/testdata/sourceaddr.cert new file mode 100644 index 000000000000..0fcf7b182842 --- /dev/null +++ b/regress/unittests/authopt/testdata/sourceaddr.cert @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIJ54qqoPs87gtjN1aJoLUn7ZTYUtcaGxkzLyJvRkYG7nAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAALgAAAA5zb3VyY2UtYWRkcmVzcwAAABgAAAAUMTI3LjAuMC4xLzMyLDo6MS8xMjgAAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIChVgsws0E4fVJKB6YW4MGmvOkNeinq59FI6jq+0PiZPAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEAppSUKQ/a9tw/HgIazWceCO3d48GU7mkV4iQMpWWs2nB1dFryY1GDtZrBggAjMviwmBXyM3jIk5vxJDINZXGQJ user key diff --git a/regress/unittests/authopt/testdata/unknown_critical.cert b/regress/unittests/authopt/testdata/unknown_critical.cert new file mode 100644 index 000000000000..216960ab3e3e --- /dev/null +++ b/regress/unittests/authopt/testdata/unknown_critical.cert @@ -0,0 +1 @@ +ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIIjs/wRAB/p5QShSfqoU9cWnCLT3lSveUirk61A27KxVAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAEwAAAARibGFoAAAABwAAAANmb28AAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIChVgsws0E4fVJKB6YW4MGmvOkNeinq59FI6jq+0PiZPAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEDix3FV7JIBuHNAwtZOVIqGBq8lqhnEwP51DqPA43qt+Tzynm56EWxuFzgGehBPF3L8gl+fVqxIJmiQ9iHB0LUD user key diff --git a/regress/unittests/authopt/tests.c b/regress/unittests/authopt/tests.c new file mode 100644 index 000000000000..0e8aacb91699 --- /dev/null +++ b/regress/unittests/authopt/tests.c @@ -0,0 +1,573 @@ +/* $OpenBSD: tests.c,v 1.1 2018/03/03 03:16:17 djm Exp $ */ + +/* + * Regress test for keys options functions. + * + * Placed in the public domain + */ + +#include +#include +#include +#include +#include +#include + +#include "test_helper.h" + +#include "sshkey.h" +#include "authfile.h" +#include "auth-options.h" +#include "misc.h" +#include "log.h" + +static struct sshkey * +load_key(const char *name) +{ + struct sshkey *ret; + int r; + + r = sshkey_load_public(test_data_file(name), &ret, NULL); + ASSERT_INT_EQ(r, 0); + ASSERT_PTR_NE(ret, NULL); + return ret; +} + +static struct sshauthopt * +default_authkey_opts(void) +{ + struct sshauthopt *ret = sshauthopt_new(); + + ASSERT_PTR_NE(ret, NULL); + ret->permit_port_forwarding_flag = 1; + ret->permit_agent_forwarding_flag = 1; + ret->permit_x11_forwarding_flag = 1; + ret->permit_pty_flag = 1; + ret->permit_user_rc = 1; + return ret; +} + +static struct sshauthopt * +default_authkey_restrict_opts(void) +{ + struct sshauthopt *ret = sshauthopt_new(); + + ASSERT_PTR_NE(ret, NULL); + ret->permit_port_forwarding_flag = 0; + ret->permit_agent_forwarding_flag = 0; + ret->permit_x11_forwarding_flag = 0; + ret->permit_pty_flag = 0; + ret->permit_user_rc = 0; + ret->restricted = 1; + return ret; +} + +static char ** +commasplit(const char *s, size_t *np) +{ + char *ocp, *cp, *cp2, **ret = NULL; + size_t n; + + ocp = cp = strdup(s); + ASSERT_PTR_NE(cp, NULL); + for (n = 0; (cp2 = strsep(&cp, ",")) != NULL;) { + ret = recallocarray(ret, n, n + 1, sizeof(*ret)); + ASSERT_PTR_NE(ret, NULL); + cp2 = strdup(cp2); + ASSERT_PTR_NE(cp2, NULL); + ret[n++] = cp2; + } + free(ocp); + *np = n; + return ret; +} + +static void +compare_opts(const struct sshauthopt *opts, + const struct sshauthopt *expected) +{ + size_t i; + + ASSERT_PTR_NE(opts, NULL); + ASSERT_PTR_NE(expected, NULL); + ASSERT_PTR_NE(expected, opts); /* bozo :) */ + +#define FLAG_EQ(x) ASSERT_INT_EQ(opts->x, expected->x) + FLAG_EQ(permit_port_forwarding_flag); + FLAG_EQ(permit_agent_forwarding_flag); + FLAG_EQ(permit_x11_forwarding_flag); + FLAG_EQ(permit_pty_flag); + FLAG_EQ(permit_user_rc); + FLAG_EQ(restricted); + FLAG_EQ(cert_authority); +#undef FLAG_EQ + +#define STR_EQ(x) \ + do { \ + if (expected->x == NULL) \ + ASSERT_PTR_EQ(opts->x, expected->x); \ + else \ + ASSERT_STRING_EQ(opts->x, expected->x); \ + } while (0) + STR_EQ(cert_principals); + STR_EQ(force_command); + STR_EQ(required_from_host_cert); + STR_EQ(required_from_host_keys); +#undef STR_EQ + +#define ARRAY_EQ(nx, x) \ + do { \ + ASSERT_SIZE_T_EQ(opts->nx, expected->nx); \ + if (expected->nx == 0) \ + break; \ + for (i = 0; i < expected->nx; i++) \ + ASSERT_STRING_EQ(opts->x[i], expected->x[i]); \ + } while (0) + ARRAY_EQ(nenv, env); + ARRAY_EQ(npermitopen, permitopen); +#undef ARRAY_EQ +} + +static void +test_authkeys_parse(void) +{ + struct sshauthopt *opts, *expected; + const char *errstr; + +#define FAIL_TEST(label, keywords) \ + do { \ + TEST_START("sshauthopt_parse invalid " label); \ + opts = sshauthopt_parse(keywords, &errstr); \ + ASSERT_PTR_EQ(opts, NULL); \ + ASSERT_PTR_NE(errstr, NULL); \ + TEST_DONE(); \ + } while (0) +#define CHECK_SUCCESS_AND_CLEANUP() \ + do { \ + if (errstr != NULL) \ + ASSERT_STRING_EQ(errstr, ""); \ + compare_opts(opts, expected); \ + sshauthopt_free(expected); \ + sshauthopt_free(opts); \ + } while (0) + + /* Basic tests */ + TEST_START("sshauthopt_parse empty"); + expected = default_authkey_opts(); + opts = sshauthopt_parse("", &errstr); + CHECK_SUCCESS_AND_CLEANUP(); + TEST_DONE(); + + TEST_START("sshauthopt_parse trailing whitespace"); + expected = default_authkey_opts(); + opts = sshauthopt_parse(" ", &errstr); + CHECK_SUCCESS_AND_CLEANUP(); + TEST_DONE(); + + TEST_START("sshauthopt_parse restrict"); + expected = default_authkey_restrict_opts(); + opts = sshauthopt_parse("restrict", &errstr); + CHECK_SUCCESS_AND_CLEANUP(); + TEST_DONE(); + + /* Invalid syntax */ + FAIL_TEST("trailing comma", "restrict,"); + FAIL_TEST("bare comma", ","); + FAIL_TEST("unknown option", "BLAH"); + FAIL_TEST("unknown option with trailing comma", "BLAH,"); + FAIL_TEST("unknown option with trailing whitespace", "BLAH "); + + /* force_tun_device */ + TEST_START("sshauthopt_parse tunnel explicit"); + expected = default_authkey_opts(); + expected->force_tun_device = 1; + opts = sshauthopt_parse("tunnel=\"1\"", &errstr); + CHECK_SUCCESS_AND_CLEANUP(); + TEST_DONE(); + + TEST_START("sshauthopt_parse tunnel any"); + expected = default_authkey_opts(); + expected->force_tun_device = SSH_TUNID_ANY; + opts = sshauthopt_parse("tunnel=\"any\"", &errstr); + CHECK_SUCCESS_AND_CLEANUP(); + TEST_DONE(); + + FAIL_TEST("tunnel", "tunnel=\"blah\""); + + /* Flag options */ +#define FLAG_TEST(keyword, var, val) \ + do { \ + TEST_START("sshauthopt_parse " keyword); \ + expected = default_authkey_opts(); \ + expected->var = val; \ + opts = sshauthopt_parse(keyword, &errstr); \ + CHECK_SUCCESS_AND_CLEANUP(); \ + expected = default_authkey_restrict_opts(); \ + expected->var = val; \ + opts = sshauthopt_parse("restrict,"keyword, &errstr); \ + CHECK_SUCCESS_AND_CLEANUP(); \ + TEST_DONE(); \ + } while (0) + /* Positive flags */ + FLAG_TEST("cert-authority", cert_authority, 1); + FLAG_TEST("port-forwarding", permit_port_forwarding_flag, 1); + FLAG_TEST("agent-forwarding", permit_agent_forwarding_flag, 1); + FLAG_TEST("x11-forwarding", permit_x11_forwarding_flag, 1); + FLAG_TEST("pty", permit_pty_flag, 1); + FLAG_TEST("user-rc", permit_user_rc, 1); + /* Negative flags */ + FLAG_TEST("no-port-forwarding", permit_port_forwarding_flag, 0); + FLAG_TEST("no-agent-forwarding", permit_agent_forwarding_flag, 0); + FLAG_TEST("no-x11-forwarding", permit_x11_forwarding_flag, 0); + FLAG_TEST("no-pty", permit_pty_flag, 0); + FLAG_TEST("no-user-rc", permit_user_rc, 0); +#undef FLAG_TEST + FAIL_TEST("no-cert-authority", "no-cert-authority"); + + /* String options */ +#define STRING_TEST(keyword, var, val) \ + do { \ + TEST_START("sshauthopt_parse " keyword); \ + expected = default_authkey_opts(); \ + expected->var = strdup(val); \ + ASSERT_PTR_NE(expected->var, NULL); \ + opts = sshauthopt_parse(keyword "=" #val, &errstr); \ + CHECK_SUCCESS_AND_CLEANUP(); \ + expected = default_authkey_restrict_opts(); \ + expected->var = strdup(val); \ + ASSERT_PTR_NE(expected->var, NULL); \ + opts = sshauthopt_parse( \ + "restrict," keyword "=" #val ",restrict", &errstr); \ + CHECK_SUCCESS_AND_CLEANUP(); \ + TEST_DONE(); \ + } while (0) + STRING_TEST("command", force_command, "/bin/true"); + STRING_TEST("principals", cert_principals, "gregor,josef,K"); + STRING_TEST("from", required_from_host_keys, "127.0.0.0/8"); +#undef STRING_TEST + FAIL_TEST("unquoted command", "command=oops"); + FAIL_TEST("unquoted principals", "principals=estragon"); + FAIL_TEST("unquoted from", "from=127.0.0.1"); + + /* String array option tests */ +#define ARRAY_TEST(label, keywords, var, nvar, val) \ + do { \ + TEST_START("sshauthopt_parse " label); \ + expected = default_authkey_opts(); \ + expected->var = commasplit(val, &expected->nvar); \ + ASSERT_PTR_NE(expected->var, NULL); \ + opts = sshauthopt_parse(keywords, &errstr); \ + CHECK_SUCCESS_AND_CLEANUP(); \ + expected = default_authkey_restrict_opts(); \ + expected->var = commasplit(val, &expected->nvar); \ + ASSERT_PTR_NE(expected->var, NULL); \ + opts = sshauthopt_parse( \ + "restrict," keywords ",restrict", &errstr); \ + CHECK_SUCCESS_AND_CLEANUP(); \ + TEST_DONE(); \ + } while (0) + ARRAY_TEST("environment", "environment=\"foo=1\",environment=\"bar=2\"", + env, nenv, "foo=1,bar=2"); + ARRAY_TEST("permitopen", "permitopen=\"foo:123\",permitopen=\"bar:*\"", + permitopen, npermitopen, "foo:123,bar:*"); +#undef ARRAY_TEST + FAIL_TEST("environment", "environment=\",=bah\""); + FAIL_TEST("permitopen port", "foo:bar"); + FAIL_TEST("permitopen missing port", "foo:"); + FAIL_TEST("permitopen missing port specification", "foo"); + FAIL_TEST("permitopen invalid host", "[:"); + +#undef CHECK_SUCCESS_AND_CLEANUP +#undef FAIL_TEST +} + +static void +test_cert_parse(void) +{ + struct sshkey *cert; + struct sshauthopt *opts, *expected; + +#define CHECK_SUCCESS_AND_CLEANUP() \ + do { \ + compare_opts(opts, expected); \ + sshauthopt_free(expected); \ + sshauthopt_free(opts); \ + sshkey_free(cert); \ + } while (0) +#define FLAG_TEST(keybase, var) \ + do { \ + TEST_START("sshauthopt_from_cert no_" keybase); \ + cert = load_key("no_" keybase ".cert"); \ + expected = default_authkey_opts(); \ + expected->var = 0; \ + opts = sshauthopt_from_cert(cert); \ + CHECK_SUCCESS_AND_CLEANUP(); \ + TEST_DONE(); \ + TEST_START("sshauthopt_from_cert only_" keybase); \ + cert = load_key("only_" keybase ".cert"); \ + expected = sshauthopt_new(); \ + ASSERT_PTR_NE(expected, NULL); \ + expected->var = 1; \ + opts = sshauthopt_from_cert(cert); \ + CHECK_SUCCESS_AND_CLEANUP(); \ + TEST_DONE(); \ + } while (0) + FLAG_TEST("agentfwd", permit_agent_forwarding_flag); + FLAG_TEST("portfwd", permit_port_forwarding_flag); + FLAG_TEST("pty", permit_pty_flag); + FLAG_TEST("user_rc", permit_user_rc); + FLAG_TEST("x11fwd", permit_x11_forwarding_flag); +#undef FLAG_TEST + + TEST_START("sshauthopt_from_cert all permitted"); + cert = load_key("all_permit.cert"); + expected = default_authkey_opts(); + opts = sshauthopt_from_cert(cert); + CHECK_SUCCESS_AND_CLEANUP(); + TEST_DONE(); + + TEST_START("sshauthopt_from_cert nothing permitted"); + cert = load_key("no_permit.cert"); + expected = sshauthopt_new(); + ASSERT_PTR_NE(expected, NULL); + opts = sshauthopt_from_cert(cert); + CHECK_SUCCESS_AND_CLEANUP(); + TEST_DONE(); + + TEST_START("sshauthopt_from_cert force-command"); + cert = load_key("force_command.cert"); + expected = default_authkey_opts(); + expected->force_command = strdup("foo"); + ASSERT_PTR_NE(expected->force_command, NULL); + opts = sshauthopt_from_cert(cert); + CHECK_SUCCESS_AND_CLEANUP(); + TEST_DONE(); + + TEST_START("sshauthopt_from_cert source-address"); + cert = load_key("sourceaddr.cert"); + expected = default_authkey_opts(); + expected->required_from_host_cert = strdup("127.0.0.1/32,::1/128"); + ASSERT_PTR_NE(expected->required_from_host_cert, NULL); + opts = sshauthopt_from_cert(cert); + CHECK_SUCCESS_AND_CLEANUP(); + TEST_DONE(); +#undef CHECK_SUCCESS_AND_CLEANUP + +#define FAIL_TEST(keybase) \ + do { \ + TEST_START("sshauthopt_from_cert " keybase); \ + cert = load_key(keybase ".cert"); \ + opts = sshauthopt_from_cert(cert); \ + ASSERT_PTR_EQ(opts, NULL); \ + sshkey_free(cert); \ + TEST_DONE(); \ + } while (0) + FAIL_TEST("host"); + FAIL_TEST("bad_sourceaddr"); + FAIL_TEST("unknown_critical"); +#undef FAIL_TEST +} + +static void +test_merge(void) +{ + struct sshkey *cert; + struct sshauthopt *key_opts, *cert_opts, *merge_opts, *expected; + const char *errstr; + + /* + * Prepare for a test by making some key and cert options and + * attempting to merge them. + */ +#define PREPARE(label, keyname, keywords) \ + do { \ + expected = NULL; \ + TEST_START("sshauthopt_merge " label); \ + cert = load_key(keyname ".cert"); \ + cert_opts = sshauthopt_from_cert(cert); \ + ASSERT_PTR_NE(cert_opts, NULL); \ + key_opts = sshauthopt_parse(keywords, &errstr); \ + if (errstr != NULL) \ + ASSERT_STRING_EQ(errstr, ""); \ + ASSERT_PTR_NE(key_opts, NULL); \ + merge_opts = sshauthopt_merge(key_opts, \ + cert_opts, &errstr); \ + } while (0) + + /* Cleanup stuff allocated by PREPARE() */ +#define CLEANUP() \ + do { \ + sshauthopt_free(expected); \ + sshauthopt_free(merge_opts); \ + sshauthopt_free(key_opts); \ + sshauthopt_free(cert_opts); \ + sshkey_free(cert); \ + } while (0) + + /* Check the results of PREPARE() against expectation; calls CLEANUP */ +#define CHECK_SUCCESS_AND_CLEANUP() \ + do { \ + if (errstr != NULL) \ + ASSERT_STRING_EQ(errstr, ""); \ + compare_opts(merge_opts, expected); \ + CLEANUP(); \ + } while (0) + + /* Check a single case of merging of flag options */ +#define FLAG_CASE(keybase, label, keyname, keywords, mostly_off, var, val) \ + do { \ + PREPARE(keybase " " label, keyname, keywords); \ + expected = mostly_off ? \ + sshauthopt_new() : default_authkey_opts(); \ + expected->var = val; \ + ASSERT_PTR_NE(expected, NULL); \ + CHECK_SUCCESS_AND_CLEANUP(); \ + TEST_DONE(); \ + } while (0) + + /* + * Fairly exhaustive exercise of a flag option. Tests + * option both set and clear in certificate, set and clear in + * authorized_keys and set and cleared via restrict keyword. + */ +#define FLAG_TEST(keybase, keyword, var) \ + do { \ + FLAG_CASE(keybase, "keys:default,yes cert:default,no", \ + "no_" keybase, keyword, 0, var, 0); \ + FLAG_CASE(keybase,"keys:-*,yes cert:default,no", \ + "no_" keybase, "restrict," keyword, 1, var, 0); \ + FLAG_CASE(keybase, "keys:default,no cert:default,no", \ + "no_" keybase, "no-" keyword, 0, var, 0); \ + FLAG_CASE(keybase, "keys:-*,no cert:default,no", \ + "no_" keybase, "restrict,no-" keyword, 1, var, 0); \ + \ + FLAG_CASE(keybase, "keys:default,yes cert:-*,yes", \ + "only_" keybase, keyword, 1, var, 1); \ + FLAG_CASE(keybase,"keys:-*,yes cert:-*,yes", \ + "only_" keybase, "restrict," keyword, 1, var, 1); \ + FLAG_CASE(keybase, "keys:default,no cert:-*,yes", \ + "only_" keybase, "no-" keyword, 1, var, 0); \ + FLAG_CASE(keybase, "keys:-*,no cert:-*,yes", \ + "only_" keybase, "restrict,no-" keyword, 1, var, 0); \ + \ + FLAG_CASE(keybase, "keys:default,yes cert:-*", \ + "no_permit", keyword, 1, var, 0); \ + FLAG_CASE(keybase,"keys:-*,yes cert:-*", \ + "no_permit", "restrict," keyword, 1, var, 0); \ + FLAG_CASE(keybase, "keys:default,no cert:-*", \ + "no_permit", "no-" keyword, 1, var, 0); \ + FLAG_CASE(keybase, "keys:-*,no cert:-*", \ + "no_permit", "restrict,no-" keyword, 1, var, 0); \ + \ + FLAG_CASE(keybase, "keys:default,yes cert:*", \ + "all_permit", keyword, 0, var, 1); \ + FLAG_CASE(keybase,"keys:-*,yes cert:*", \ + "all_permit", "restrict," keyword, 1, var, 1); \ + FLAG_CASE(keybase, "keys:default,no cert:*", \ + "all_permit", "no-" keyword, 0, var, 0); \ + FLAG_CASE(keybase, "keys:-*,no cert:*", \ + "all_permit", "restrict,no-" keyword, 1, var, 0); \ + \ + } while (0) + FLAG_TEST("portfwd", "port-forwarding", permit_port_forwarding_flag); + FLAG_TEST("agentfwd", "agent-forwarding", permit_agent_forwarding_flag); + FLAG_TEST("pty", "pty", permit_pty_flag); + FLAG_TEST("user_rc", "user-rc", permit_user_rc); + FLAG_TEST("x11fwd", "x11-forwarding", permit_x11_forwarding_flag); +#undef FLAG_TEST + + PREPARE("source-address both", "sourceaddr", "from=\"127.0.0.1\""); + expected = default_authkey_opts(); + expected->required_from_host_cert = strdup("127.0.0.1/32,::1/128"); + ASSERT_PTR_NE(expected->required_from_host_cert, NULL); + expected->required_from_host_keys = strdup("127.0.0.1"); + ASSERT_PTR_NE(expected->required_from_host_keys, NULL); + CHECK_SUCCESS_AND_CLEANUP(); + TEST_DONE(); + + PREPARE("source-address none", "all_permit", ""); + expected = default_authkey_opts(); + CHECK_SUCCESS_AND_CLEANUP(); + TEST_DONE(); + + PREPARE("source-address keys", "all_permit", "from=\"127.0.0.1\""); + expected = default_authkey_opts(); + expected->required_from_host_keys = strdup("127.0.0.1"); + ASSERT_PTR_NE(expected->required_from_host_keys, NULL); + CHECK_SUCCESS_AND_CLEANUP(); + TEST_DONE(); + + PREPARE("source-address cert", "sourceaddr", ""); + expected = default_authkey_opts(); + expected->required_from_host_cert = strdup("127.0.0.1/32,::1/128"); + ASSERT_PTR_NE(expected->required_from_host_cert, NULL); + CHECK_SUCCESS_AND_CLEANUP(); + TEST_DONE(); + + PREPARE("force-command both", "force_command", "command=\"foo\""); + expected = default_authkey_opts(); + expected->force_command = strdup("foo"); + ASSERT_PTR_NE(expected->force_command, NULL); + CHECK_SUCCESS_AND_CLEANUP(); + TEST_DONE(); + + PREPARE("force-command none", "all_permit", ""); + expected = default_authkey_opts(); + CHECK_SUCCESS_AND_CLEANUP(); + TEST_DONE(); + + PREPARE("force-command keys", "all_permit", "command=\"bar\""); + expected = default_authkey_opts(); + expected->force_command = strdup("bar"); + ASSERT_PTR_NE(expected->force_command, NULL); + CHECK_SUCCESS_AND_CLEANUP(); + TEST_DONE(); + + PREPARE("force-command cert", "force_command", ""); + expected = default_authkey_opts(); + expected->force_command = strdup("foo"); + ASSERT_PTR_NE(expected->force_command, NULL); + CHECK_SUCCESS_AND_CLEANUP(); + TEST_DONE(); + + PREPARE("force-command mismatch", "force_command", "command=\"bar\""); + ASSERT_PTR_EQ(merge_opts, NULL); + CLEANUP(); + TEST_DONE(); + + PREPARE("tunnel", "all_permit", "tunnel=\"6\""); + expected = default_authkey_opts(); + expected->force_tun_device = 6; + CHECK_SUCCESS_AND_CLEANUP(); + TEST_DONE(); + + PREPARE("permitopen", "all_permit", + "permitopen=\"127.0.0.1:*\",permitopen=\"127.0.0.1:123\""); + expected = default_authkey_opts(); + expected->permitopen = commasplit("127.0.0.1:*,127.0.0.1:123", + &expected->npermitopen); + CHECK_SUCCESS_AND_CLEANUP(); + TEST_DONE(); + + PREPARE("environment", "all_permit", + "environment=\"foo=a\",environment=\"bar=b\""); + expected = default_authkey_opts(); + expected->env = commasplit("foo=a,bar=b", &expected->nenv); + CHECK_SUCCESS_AND_CLEANUP(); + TEST_DONE(); +} + +void +tests(void) +{ + extern char *__progname; + LogLevel ll = test_is_verbose() ? + SYSLOG_LEVEL_DEBUG3 : SYSLOG_LEVEL_QUIET; + + /* test_cert_parse() are a bit spammy to error() by default... */ + log_init(__progname, ll, SYSLOG_FACILITY_USER, 1); + + test_authkeys_parse(); + test_cert_parse(); + test_merge(); +} diff --git a/regress/unittests/bitmap/Makefile b/regress/unittests/bitmap/Makefile index bd21949f8b5f..fe30acc77394 100644 --- a/regress/unittests/bitmap/Makefile +++ b/regress/unittests/bitmap/Makefile @@ -1,7 +1,11 @@ -# $OpenBSD: Makefile,v 1.3 2016/11/01 13:43:27 tb Exp $ +# $OpenBSD: Makefile,v 1.4 2017/12/21 00:41:22 djm Exp $ PROG=test_bitmap SRCS=tests.c + +# From usr.sbin/ssh +SRCS+=bitmap.c atomicio.c + REGRESS_TARGETS=run-regress-${PROG} run-regress-${PROG}: ${PROG} diff --git a/regress/unittests/conversion/Makefile b/regress/unittests/conversion/Makefile index cde97dc28a9a..8b2a09cc39fe 100644 --- a/regress/unittests/conversion/Makefile +++ b/regress/unittests/conversion/Makefile @@ -1,7 +1,12 @@ -# $OpenBSD: Makefile,v 1.1 2017/03/14 01:20:29 dtucker Exp $ +# $OpenBSD: Makefile,v 1.2 2017/12/21 00:41:22 djm Exp $ PROG=test_conversion SRCS=tests.c + +# From usr.bin/ssh +SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c +SRCS+=atomicio.c misc.c xmalloc.c log.c uidswap.c cleanup.c fatal.c ssherr.c + REGRESS_TARGETS=run-regress-${PROG} run-regress-${PROG}: ${PROG} diff --git a/regress/unittests/hostkeys/Makefile b/regress/unittests/hostkeys/Makefile index ae3c342bdbd5..3368851225c5 100644 --- a/regress/unittests/hostkeys/Makefile +++ b/regress/unittests/hostkeys/Makefile @@ -1,7 +1,20 @@ -# $OpenBSD: Makefile,v 1.3 2016/11/01 13:43:27 tb Exp $ +# $OpenBSD: Makefile,v 1.4 2017/12/21 00:41:22 djm Exp $ PROG=test_hostkeys SRCS=tests.c test_iterate.c + +# From usr.bin/ssh +SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c +SRCS+=atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c ssh-dss.c +SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c +SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c +SRCS+=addrmatch.c bitmap.c hostfile.c +SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c +SRCS+=cipher-chachapoly.c chacha.c poly1305.c + +SRCS+=digest-openssl.c +#SRCS+=digest-libc.c + REGRESS_TARGETS=run-regress-${PROG} run-regress-${PROG}: ${PROG} diff --git a/regress/unittests/kex/Makefile b/regress/unittests/kex/Makefile index 7ed312675c87..5c61307a325a 100644 --- a/regress/unittests/kex/Makefile +++ b/regress/unittests/kex/Makefile @@ -1,7 +1,24 @@ -# $OpenBSD: Makefile,v 1.4 2016/11/01 13:43:27 tb Exp $ +# $OpenBSD: Makefile,v 1.5 2017/12/21 00:41:22 djm Exp $ PROG=test_kex SRCS=tests.c test_kex.c + +# From usr.bin/ssh +SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c +SRCS+=atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c ssh-dss.c +SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c +SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c +SRCS+=addrmatch.c bitmap.c packet.c dispatch.c canohost.c ssh_api.c +SRCS+=kex.c kexc25519.c kexc25519c.c kexc25519s.c kexdh.c kexdhc.c kexdhs.c +SRCS+=kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c kexgexs.c +SRCS+=dh.c compat.c +SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c +SRCS+=cipher-chachapoly.c chacha.c poly1305.c +SRCS+=smult_curve25519_ref.c + +SRCS+=digest-openssl.c +#SRCS+=digest-libc.c + REGRESS_TARGETS=run-regress-${PROG} run-regress-${PROG}: ${PROG} diff --git a/regress/unittests/match/Makefile b/regress/unittests/match/Makefile index bd4aed8446ca..87e75826ac27 100644 --- a/regress/unittests/match/Makefile +++ b/regress/unittests/match/Makefile @@ -1,7 +1,13 @@ -# $OpenBSD: Makefile,v 1.3 2016/11/01 13:43:27 tb Exp $ +# $OpenBSD: Makefile,v 1.4 2017/12/21 03:01:49 djm Exp $ PROG=test_match SRCS=tests.c + +# From usr.bin/ssh +SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c +SRCS+=match.c misc.c log.c uidswap.c fatal.c ssherr.c addrmatch.c xmalloc.c +SRCS+=cleanup.c atomicio.c + REGRESS_TARGETS=run-regress-${PROG} run-regress-${PROG}: ${PROG} diff --git a/regress/unittests/sshbuf/Makefile b/regress/unittests/sshbuf/Makefile index 69b27566bd79..81d4f27a6132 100644 --- a/regress/unittests/sshbuf/Makefile +++ b/regress/unittests/sshbuf/Makefile @@ -1,4 +1,6 @@ -# $OpenBSD: Makefile,v 1.5 2016/11/01 13:43:27 tb Exp $ +# $OpenBSD: Makefile,v 1.6 2017/12/21 00:41:22 djm Exp $ + +.include PROG=test_sshbuf SRCS=tests.c @@ -10,5 +12,11 @@ SRCS+=test_sshbuf_fuzz.c SRCS+=test_sshbuf_getput_fuzz.c SRCS+=test_sshbuf_fixed.c -.include +# From usr.bin/ssh +SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c +SRCS+=atomicio.c + +run-regress-${PROG}: ${PROG} + env ${TEST_ENV} ./${PROG} + diff --git a/regress/unittests/sshkey/Makefile b/regress/unittests/sshkey/Makefile index cfbfcf8f15ac..1c940bec640b 100644 --- a/regress/unittests/sshkey/Makefile +++ b/regress/unittests/sshkey/Makefile @@ -1,7 +1,20 @@ -# $OpenBSD: Makefile,v 1.4 2016/11/01 13:43:27 tb Exp $ +# $OpenBSD: Makefile,v 1.5 2017/12/21 00:41:22 djm Exp $ PROG=test_sshkey SRCS=tests.c test_sshkey.c test_file.c test_fuzz.c common.c + +# From usr.bin/ssh +SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c +SRCS+=atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c ssh-dss.c +SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c +SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c +SRCS+=addrmatch.c bitmap.c +SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c +SRCS+=cipher-chachapoly.c chacha.c poly1305.c + +SRCS+=digest-openssl.c +#SRCS+=digest-libc.c + REGRESS_TARGETS=run-regress-${PROG} run-regress-${PROG}: ${PROG} diff --git a/regress/unittests/sshkey/test_fuzz.c b/regress/unittests/sshkey/test_fuzz.c index 6706045d5060..d3b0c92b47a0 100644 --- a/regress/unittests/sshkey/test_fuzz.c +++ b/regress/unittests/sshkey/test_fuzz.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_fuzz.c,v 1.7 2017/04/30 23:33:48 djm Exp $ */ +/* $OpenBSD: test_fuzz.c,v 1.8 2017/12/21 00:41:22 djm Exp $ */ /* * Fuzz tests for key parsing * @@ -83,7 +83,7 @@ sig_fuzz(struct sshkey *k, const char *sig_alg) fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | /* too slow FUZZ_2_BIT_FLIP | */ FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP | FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END, sig, l); - ASSERT_INT_EQ(sshkey_verify(k, sig, l, c, sizeof(c), 0), 0); + ASSERT_INT_EQ(sshkey_verify(k, sig, l, c, sizeof(c), NULL, 0), 0); free(sig); TEST_ONERROR(onerror, fuzz); for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { @@ -91,7 +91,7 @@ sig_fuzz(struct sshkey *k, const char *sig_alg) if (fuzz_matches_original(fuzz)) continue; ASSERT_INT_NE(sshkey_verify(k, fuzz_ptr(fuzz), fuzz_len(fuzz), - c, sizeof(c), 0), 0); + c, sizeof(c), NULL, 0), 0); } fuzz_cleanup(fuzz); } diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c index 0a73322a34e5..1aa608f92b03 100644 --- a/regress/unittests/sshkey/test_sshkey.c +++ b/regress/unittests/sshkey/test_sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_sshkey.c,v 1.12 2017/05/08 06:08:42 djm Exp $ */ +/* $OpenBSD: test_sshkey.c,v 1.13 2017/12/21 00:41:22 djm Exp $ */ /* * Regress test for sshkey.h key management API * @@ -121,11 +121,11 @@ signature_test(struct sshkey *k, struct sshkey *bad, const char *sig_alg, ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, sig_alg, 0), 0); ASSERT_SIZE_T_GT(len, 8); ASSERT_PTR_NE(sig, NULL); - ASSERT_INT_EQ(sshkey_verify(k, sig, len, d, l, 0), 0); - ASSERT_INT_NE(sshkey_verify(bad, sig, len, d, l, 0), 0); + ASSERT_INT_EQ(sshkey_verify(k, sig, len, d, l, NULL, 0), 0); + ASSERT_INT_NE(sshkey_verify(bad, sig, len, d, l, NULL, 0), 0); /* Fuzz test is more comprehensive, this is just a smoke test */ sig[len - 5] ^= 0x10; - ASSERT_INT_NE(sshkey_verify(k, sig, len, d, l, 0), 0); + ASSERT_INT_NE(sshkey_verify(k, sig, len, d, l, NULL, 0), 0); free(sig); } diff --git a/regress/unittests/test_helper/test_helper.c b/regress/unittests/test_helper/test_helper.c index f855137fb29f..866f3495d06e 100644 --- a/regress/unittests/test_helper/test_helper.c +++ b/regress/unittests/test_helper/test_helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_helper.c,v 1.7 2017/03/14 01:10:07 dtucker Exp $ */ +/* $OpenBSD: test_helper.c,v 1.8 2018/02/08 08:46:20 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -166,6 +166,18 @@ main(int argc, char **argv) return 0; } +int +test_is_verbose() +{ + return verbose_mode; +} + +int +test_is_quiet() +{ + return quiet_mode; +} + const char * test_data_file(const char *name) { diff --git a/regress/unittests/test_helper/test_helper.h b/regress/unittests/test_helper/test_helper.h index 615b7832b4dc..6da0066e907a 100644 --- a/regress/unittests/test_helper/test_helper.h +++ b/regress/unittests/test_helper/test_helper.h @@ -1,4 +1,4 @@ -/* $OpenBSD: test_helper.h,v 1.7 2017/03/14 01:10:07 dtucker Exp $ */ +/* $OpenBSD: test_helper.h,v 1.8 2018/02/08 08:46:20 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -43,6 +43,8 @@ void test_start(const char *n); void test_info(char *s, size_t len); void set_onerror_func(test_onerror_func_t *f, void *ctx); void test_done(void); +int test_is_verbose(void); +int test_is_quiet(void); void test_subtest_info(const char *fmt, ...) __attribute__((format(printf, 1, 2))); void ssl_err_check(const char *file, int line); diff --git a/regress/unittests/utf8/Makefile b/regress/unittests/utf8/Makefile index a975264fc146..f8eec0484f8f 100644 --- a/regress/unittests/utf8/Makefile +++ b/regress/unittests/utf8/Makefile @@ -1,7 +1,11 @@ -# $OpenBSD: Makefile,v 1.4 2016/11/01 13:43:27 tb Exp $ +# $OpenBSD: Makefile,v 1.5 2017/12/21 00:41:22 djm Exp $ PROG=test_utf8 SRCS=tests.c + +# From usr.bin/ssh +SRCS+=utf8.c atomicio.c + REGRESS_TARGETS=run-regress-${PROG} run-regress-${PROG}: ${PROG} diff --git a/regress/yes-head.sh b/regress/yes-head.sh index fce2f6580344..2759eb8ce59d 100644 --- a/regress/yes-head.sh +++ b/regress/yes-head.sh @@ -1,4 +1,4 @@ -# $OpenBSD: yes-head.sh,v 1.5 2015/03/03 22:35:19 markus Exp $ +# $OpenBSD: yes-head.sh,v 1.6 2017/04/30 23:34:55 djm Exp $ # Placed in the Public Domain. tid="yes pipe head" diff --git a/scp.0 b/scp.0 index 0cb7726c7552..0089ed80f99e 100644 --- a/scp.0 +++ b/scp.0 @@ -5,8 +5,7 @@ NAME SYNOPSIS scp [-346BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file] - [-l limit] [-o ssh_option] [-P port] [-S program] - [[user@]host1:]file1 ... [[user@]host2:]file2 + [-l limit] [-o ssh_option] [-P port] [-S program] source ... target DESCRIPTION scp copies files between hosts on a network. It uses ssh(1) for data @@ -14,11 +13,14 @@ DESCRIPTION as ssh(1). scp will ask for passwords or passphrases if they are needed for authentication. - File names may contain a user and host specification to indicate that the - file is to be copied to/from that host. Local file names can be made - explicit using absolute or relative pathnames to avoid scp treating file - names containing M-bM-^@M-^X:M-bM-^@M-^Y as host specifiers. Copies between two remote hosts - are also permitted. + The source and target may be specified as a local pathname, a remote host + with optional path in the form [user@]host:[path], or a URI in the form + scp://[user@]host[:port][/path]. Local file names can be made explicit + using absolute or relative pathnames to avoid scp treating file names + containing M-bM-^@M-^X:M-bM-^@M-^Y as host specifiers. + + When copying between two remote hosts, if the URI format is used, a port + may only be specified on the target if the -3 option is used. The options are as follows: @@ -63,6 +65,7 @@ DESCRIPTION AddressFamily BatchMode BindAddress + BindInterface CanonicalDomains CanonicalizeFallbackLocal CanonicalizeHostname @@ -156,4 +159,4 @@ AUTHORS Timo Rinne Tatu Ylonen -OpenBSD 6.2 May 3, 2017 OpenBSD 6.2 +OpenBSD 6.2 February 23, 2018 OpenBSD 6.2 diff --git a/scp.1 b/scp.1 index 76ce33361273..8d251e34a830 100644 --- a/scp.1 +++ b/scp.1 @@ -8,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.74 2017/05/03 21:49:18 naddy Exp $ +.\" $OpenBSD: scp.1,v 1.77 2018/02/23 07:38:09 jmc Exp $ .\" -.Dd $Mdocdate: May 3 2017 $ +.Dd $Mdocdate: February 23 2018 $ .Dt SCP 1 .Os .Sh NAME @@ -18,7 +18,6 @@ .Nd secure copy (remote file copy program) .Sh SYNOPSIS .Nm scp -.Bk -words .Op Fl 346BCpqrv .Op Fl c Ar cipher .Op Fl F Ar ssh_config @@ -27,20 +26,7 @@ .Op Fl o Ar ssh_option .Op Fl P Ar port .Op Fl S Ar program -.Sm off -.Oo -.Op Ar user No @ -.Ar host1 : -.Oc Ar file1 -.Sm on -.Ar ... -.Sm off -.Oo -.Op Ar user No @ -.Ar host2 : -.Oc Ar file2 -.Sm on -.Ek +.Ar source ... target .Sh DESCRIPTION .Nm copies files between hosts on a network. @@ -53,15 +39,33 @@ same security as will ask for passwords or passphrases if they are needed for authentication. .Pp -File names may contain a user and host specification to indicate -that the file is to be copied to/from that host. +The +.Ar source +and +.Ar target +may be specified as a local pathname, a remote host with optional path +in the form +.Sm off +.Oo user @ Oc host : Op path , +.Sm on +or a URI in the form +.Sm off +.No scp:// Oo user @ Oc host Oo : port Oc Op / path . +.Sm on Local file names can be made explicit using absolute or relative pathnames to avoid .Nm treating file names containing .Sq :\& as host specifiers. -Copies between two remote hosts are also permitted. +.Pp +When copying between two remote hosts, if the URI format is used, a +.Ar port +may only be specified on the +.Ar target +if the +.Fl 3 +option is used. .Pp The options are as follows: .Bl -tag -width Ds @@ -120,6 +124,7 @@ For full details of the options listed below, and their possible values, see .It AddressFamily .It BatchMode .It BindAddress +.It BindInterface .It CanonicalDomains .It CanonicalizeFallbackLocal .It CanonicalizeHostname diff --git a/scp.c b/scp.c index a533eb097412..31e6709fbcaa 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.192 2017/05/31 09:15:42 deraadt Exp $ */ +/* $OpenBSD: scp.c,v 1.195 2018/02/10 06:15:12 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -112,6 +112,7 @@ #endif #include "xmalloc.h" +#include "ssh.h" #include "atomicio.h" #include "pathnames.h" #include "log.h" @@ -123,8 +124,8 @@ extern char *__progname; #define COPY_BUFLEN 16384 -int do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout); -int do_cmd2(char *host, char *remuser, char *cmd, int fdin, int fdout); +int do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout); +int do_cmd2(char *host, char *remuser, int port, char *cmd, int fdin, int fdout); /* Struct for addargs */ arglist args; @@ -149,6 +150,9 @@ int showprogress = 1; */ int throughlocal = 0; +/* Non-standard port to use for the ssh connection or -1. */ +int sshport = -1; + /* This is the program to execute for the secured connection. ("ssh" or -S) */ char *ssh_program = _PATH_SSH_PROGRAM; @@ -231,7 +235,7 @@ do_local_cmd(arglist *a) */ int -do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) +do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout) { int pin[2], pout[2], reserved[2]; @@ -241,6 +245,9 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) ssh_program, host, remuser ? remuser : "(unspecified)", cmd); + if (port == -1) + port = sshport; + /* * Reserve two descriptors so that the real pipes won't get * descriptors 0 and 1 because that will screw up dup2 below. @@ -274,6 +281,10 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) close(pout[1]); replacearg(&args, 0, "%s", ssh_program); + if (port != -1) { + addargs(&args, "-p"); + addargs(&args, "%d", port); + } if (remuser != NULL) { addargs(&args, "-l"); addargs(&args, "%s", remuser); @@ -305,7 +316,7 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) * This way the input and output of two commands can be connected. */ int -do_cmd2(char *host, char *remuser, char *cmd, int fdin, int fdout) +do_cmd2(char *host, char *remuser, int port, char *cmd, int fdin, int fdout) { pid_t pid; int status; @@ -316,6 +327,9 @@ do_cmd2(char *host, char *remuser, char *cmd, int fdin, int fdout) ssh_program, host, remuser ? remuser : "(unspecified)", cmd); + if (port == -1) + port = sshport; + /* Fork a child to execute the command on the remote host using ssh. */ pid = fork(); if (pid == 0) { @@ -323,6 +337,10 @@ do_cmd2(char *host, char *remuser, char *cmd, int fdin, int fdout) dup2(fdout, 1); replacearg(&args, 0, "%s", ssh_program); + if (port != -1) { + addargs(&args, "-p"); + addargs(&args, "%d", port); + } if (remuser != NULL) { addargs(&args, "-l"); addargs(&args, "%s", remuser); @@ -367,14 +385,14 @@ void rsource(char *, struct stat *); void sink(int, char *[]); void source(int, char *[]); void tolocal(int, char *[]); -void toremote(char *, int, char *[]); +void toremote(int, char *[]); void usage(void); int main(int argc, char **argv) { int ch, fflag, tflag, status, n; - char *targ, **newargv; + char **newargv; const char *errstr; extern char *optarg; extern int optind; @@ -400,6 +418,8 @@ main(int argc, char **argv) addargs(&args, "-oForwardAgent=no"); addargs(&args, "-oPermitLocalCommand=no"); addargs(&args, "-oClearAllForwardings=yes"); + addargs(&args, "-oRemoteCommand=none"); + addargs(&args, "-oRequestTTY=no"); fflag = tflag = 0; while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:")) != -1) @@ -430,10 +450,9 @@ main(int argc, char **argv) addargs(&args, "%s", optarg); break; case 'P': - addargs(&remote_remote_args, "-p"); - addargs(&remote_remote_args, "%s", optarg); - addargs(&args, "-p"); - addargs(&args, "%s", optarg); + sshport = a2port(optarg); + if (sshport <= 0) + fatal("bad port \"%s\"\n", optarg); break; case 'B': addargs(&remote_remote_args, "-oBatchmode=yes"); @@ -533,8 +552,8 @@ main(int argc, char **argv) (void) signal(SIGPIPE, lostconn); - if ((targ = colon(argv[argc - 1]))) /* Dest is remote host. */ - toremote(targ, argc, argv); + if (colon(argv[argc - 1])) /* Dest is remote host. */ + toremote(argc, argv); else { if (targetshouldbedirectory) verifydir(argv[argc - 1]); @@ -589,72 +608,90 @@ do_times(int fd, int verb, const struct stat *sb) return (response()); } +static int +parse_scp_uri(const char *uri, char **userp, char **hostp, int *portp, + char **pathp) +{ + int r; + + r = parse_uri("scp", uri, userp, hostp, portp, pathp); + if (r == 0 && *pathp == NULL) + *pathp = xstrdup("."); + return r; +} + void -toremote(char *targ, int argc, char **argv) +toremote(int argc, char **argv) { - char *bp, *host, *src, *suser, *thost, *tuser, *arg; + char *suser = NULL, *host = NULL, *src = NULL; + char *bp, *tuser, *thost, *targ; + int sport = -1, tport = -1; arglist alist; - int i; + int i, r; u_int j; memset(&alist, '\0', sizeof(alist)); alist.list = NULL; - *targ++ = 0; - if (*targ == 0) - targ = "."; - - arg = xstrdup(argv[argc - 1]); - if ((thost = strrchr(arg, '@'))) { - /* user@host */ - *thost++ = 0; - tuser = arg; - if (*tuser == '\0') - tuser = NULL; - } else { - thost = arg; - tuser = NULL; + /* Parse target */ + r = parse_scp_uri(argv[argc - 1], &tuser, &thost, &tport, &targ); + if (r == -1) { + fmprintf(stderr, "%s: invalid uri\n", argv[argc - 1]); + ++errs; + goto out; + } + if (r != 0) { + if (parse_user_host_path(argv[argc - 1], &tuser, &thost, + &targ) == -1) { + fmprintf(stderr, "%s: invalid target\n", argv[argc - 1]); + ++errs; + goto out; + } } - if (tuser != NULL && !okname(tuser)) { - free(arg); - return; + ++errs; + goto out; } + /* Parse source files */ for (i = 0; i < argc - 1; i++) { - src = colon(argv[i]); - if (src && throughlocal) { /* extended remote to remote */ - *src++ = 0; - if (*src == 0) - src = "."; - host = strrchr(argv[i], '@'); - if (host) { - *host++ = 0; - host = cleanhostname(host); - suser = argv[i]; - if (*suser == '\0') - suser = pwd->pw_name; - else if (!okname(suser)) - continue; - } else { - host = cleanhostname(argv[i]); - suser = NULL; - } + free(suser); + free(host); + free(src); + r = parse_scp_uri(argv[i], &suser, &host, &sport, &src); + if (r == -1) { + fmprintf(stderr, "%s: invalid uri\n", argv[i]); + ++errs; + continue; + } + if (r != 0) { + parse_user_host_path(argv[i], &suser, &host, &src); + } + if (suser != NULL && !okname(suser)) { + ++errs; + continue; + } + if (host && throughlocal) { /* extended remote to remote */ xasprintf(&bp, "%s -f %s%s", cmd, *src == '-' ? "-- " : "", src); - if (do_cmd(host, suser, bp, &remin, &remout) < 0) + if (do_cmd(host, suser, sport, bp, &remin, &remout) < 0) exit(1); free(bp); - host = cleanhostname(thost); xasprintf(&bp, "%s -t %s%s", cmd, *targ == '-' ? "-- " : "", targ); - if (do_cmd2(host, tuser, bp, remin, remout) < 0) + if (do_cmd2(thost, tuser, tport, bp, remin, remout) < 0) exit(1); free(bp); (void) close(remin); (void) close(remout); remin = remout = -1; - } else if (src) { /* standard remote to remote */ + } else if (host) { /* standard remote to remote */ + if (tport != -1 && tport != SSH_DEFAULT_PORT) { + /* This would require the remote support URIs */ + fatal("target port not supported with two " + "remote hosts without the -3 option"); + } + freeargs(&alist); addargs(&alist, "%s", ssh_program); addargs(&alist, "-x"); @@ -664,23 +701,14 @@ toremote(char *targ, int argc, char **argv) addargs(&alist, "%s", remote_remote_args.list[j]); } - *src++ = 0; - if (*src == 0) - src = "."; - host = strrchr(argv[i], '@'); - - if (host) { - *host++ = 0; - host = cleanhostname(host); - suser = argv[i]; - if (*suser == '\0') - suser = pwd->pw_name; - else if (!okname(suser)) - continue; + + if (sport != -1) { + addargs(&alist, "-p"); + addargs(&alist, "%d", sport); + } + if (suser) { addargs(&alist, "-l"); addargs(&alist, "%s", suser); - } else { - host = cleanhostname(argv[i]); } addargs(&alist, "--"); addargs(&alist, "%s", host); @@ -695,8 +723,7 @@ toremote(char *targ, int argc, char **argv) if (remin == -1) { xasprintf(&bp, "%s -t %s%s", cmd, *targ == '-' ? "-- " : "", targ); - host = cleanhostname(thost); - if (do_cmd(host, tuser, bp, &remin, + if (do_cmd(thost, tuser, tport, bp, &remin, &remout) < 0) exit(1); if (response() < 0) @@ -706,21 +733,42 @@ toremote(char *targ, int argc, char **argv) source(1, argv + i); } } - free(arg); +out: + free(tuser); + free(thost); + free(targ); + free(suser); + free(host); + free(src); } void tolocal(int argc, char **argv) { - char *bp, *host, *src, *suser; + char *bp, *host = NULL, *src = NULL, *suser = NULL; arglist alist; - int i; + int i, r, sport = -1; memset(&alist, '\0', sizeof(alist)); alist.list = NULL; for (i = 0; i < argc - 1; i++) { - if (!(src = colon(argv[i]))) { /* Local to local. */ + free(suser); + free(host); + free(src); + r = parse_scp_uri(argv[i], &suser, &host, &sport, &src); + if (r == -1) { + fmprintf(stderr, "%s: invalid uri\n", argv[i]); + ++errs; + continue; + } + if (r != 0) + parse_user_host_path(argv[i], &suser, &host, &src); + if (suser != NULL && !okname(suser)) { + ++errs; + continue; + } + if (!host) { /* Local to local. */ freeargs(&alist); addargs(&alist, "%s", _PATH_CP); if (iamrecursive) @@ -734,22 +782,10 @@ tolocal(int argc, char **argv) ++errs; continue; } - *src++ = 0; - if (*src == 0) - src = "."; - if ((host = strrchr(argv[i], '@')) == NULL) { - host = argv[i]; - suser = NULL; - } else { - *host++ = 0; - suser = argv[i]; - if (*suser == '\0') - suser = pwd->pw_name; - } - host = cleanhostname(host); + /* Remote to local. */ xasprintf(&bp, "%s -f %s%s", cmd, *src == '-' ? "-- " : "", src); - if (do_cmd(host, suser, bp, &remin, &remout) < 0) { + if (do_cmd(host, suser, sport, bp, &remin, &remout) < 0) { free(bp); ++errs; continue; @@ -759,6 +795,9 @@ tolocal(int argc, char **argv) (void) close(remin); remin = remout = -1; } + free(suser); + free(host); + free(src); } void @@ -1275,8 +1314,7 @@ usage(void) { (void) fprintf(stderr, "usage: scp [-346BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]\n" - " [-l limit] [-o ssh_option] [-P port] [-S program]\n" - " [[user@]host1:]file1 ... [[user@]host2:]file2\n"); + " [-l limit] [-o ssh_option] [-P port] [-S program] source ... target\n"); exit(1); } diff --git a/servconf.c b/servconf.c index 2c321a4ad4f3..0f0d090686b1 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.312 2017/10/02 19:33:20 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.326 2018/03/01 20:32:16 markus Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -15,10 +15,16 @@ #include #include +#ifdef HAVE_SYS_SYSCTL_H +#include +#endif #include #include #include +#ifdef HAVE_NET_ROUTE_H +#include +#endif #include #include @@ -58,8 +64,10 @@ #include "myproposal.h" #include "digest.h" -static void add_listen_addr(ServerOptions *, char *, int); -static void add_one_listen_addr(ServerOptions *, char *, int); +static void add_listen_addr(ServerOptions *, const char *, + const char *, int); +static void add_one_listen_addr(ServerOptions *, const char *, + const char *, int); /* Use of privilege separation or not */ extern int use_privsep; @@ -81,7 +89,9 @@ initialize_server_options(ServerOptions *options) options->queued_listen_addrs = NULL; options->num_queued_listens = 0; options->listen_addrs = NULL; + options->num_listen_addrs = 0; options->address_family = -1; + options->routing_domain = NULL; options->num_host_key_files = 0; options->num_host_cert_files = 0; options->host_key_agent = NULL; @@ -188,10 +198,45 @@ assemble_algorithms(ServerOptions *o) fatal("kex_assemble_names failed"); } +static void +array_append(const char *file, const int line, const char *directive, + char ***array, u_int *lp, const char *s) +{ + + if (*lp >= INT_MAX) + fatal("%s line %d: Too many %s entries", file, line, directive); + + *array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array)); + (*array)[*lp] = xstrdup(s); + (*lp)++; +} + +void +servconf_add_hostkey(const char *file, const int line, + ServerOptions *options, const char *path) +{ + char *apath = derelativise_path(path); + + array_append(file, line, "HostKey", + &options->host_key_files, &options->num_host_key_files, apath); + free(apath); +} + +void +servconf_add_hostcert(const char *file, const int line, + ServerOptions *options, const char *path) +{ + char *apath = derelativise_path(path); + + array_append(file, line, "HostCertificate", + &options->host_cert_files, &options->num_host_cert_files, apath); + free(apath); +} + void fill_default_server_options(ServerOptions *options) { - int i; + u_int i; /* Portable-specific options */ if (options->use_pam == -1) @@ -200,16 +245,18 @@ fill_default_server_options(ServerOptions *options) /* Standard Options */ if (options->num_host_key_files == 0) { /* fill default hostkeys for protocols */ - options->host_key_files[options->num_host_key_files++] = - _PATH_HOST_RSA_KEY_FILE; - options->host_key_files[options->num_host_key_files++] = - _PATH_HOST_DSA_KEY_FILE; + servconf_add_hostkey("[default]", 0, options, + _PATH_HOST_RSA_KEY_FILE); #ifdef OPENSSL_HAS_ECC - options->host_key_files[options->num_host_key_files++] = - _PATH_HOST_ECDSA_KEY_FILE; + servconf_add_hostkey("[default]", 0, options, + _PATH_HOST_ECDSA_KEY_FILE); #endif - options->host_key_files[options->num_host_key_files++] = - _PATH_HOST_ED25519_KEY_FILE; + servconf_add_hostkey("[default]", 0, options, + _PATH_HOST_ED25519_KEY_FILE); +#ifdef WITH_XMSS + servconf_add_hostkey("[default]", 0, options, + _PATH_HOST_XMSS_KEY_FILE); +#endif /* WITH_XMSS */ } /* No certificates by default */ if (options->num_ports == 0) @@ -217,7 +264,7 @@ fill_default_server_options(ServerOptions *options) if (options->address_family == -1) options->address_family = AF_UNSPEC; if (options->listen_addrs == NULL) - add_listen_addr(options, NULL, 0); + add_listen_addr(options, NULL, NULL, 0); if (options->pid_file == NULL) options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); if (options->login_grace_time == -1) @@ -313,10 +360,14 @@ fill_default_server_options(ServerOptions *options) if (options->client_alive_count_max == -1) options->client_alive_count_max = 3; if (options->num_authkeys_files == 0) { - options->authorized_keys_files[options->num_authkeys_files++] = - xstrdup(_PATH_SSH_USER_PERMITTED_KEYS); - options->authorized_keys_files[options->num_authkeys_files++] = - xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2); + array_append("[default]", 0, "AuthorizedKeysFiles", + &options->authorized_keys_files, + &options->num_authkeys_files, + _PATH_SSH_USER_PERMITTED_KEYS); + array_append("[default]", 0, "AuthorizedKeysFiles", + &options->authorized_keys_files, + &options->num_authkeys_files, + _PATH_SSH_USER_PERMITTED_KEYS2); } if (options->permit_tun == -1) options->permit_tun = SSH_TUNMODE_NO; @@ -358,6 +409,7 @@ fill_default_server_options(ServerOptions *options) CLEAR_ON_NONE(options->authorized_principals_file); CLEAR_ON_NONE(options->adm_forced_command); CLEAR_ON_NONE(options->chroot_directory); + CLEAR_ON_NONE(options->routing_domain); for (i = 0; i < options->num_host_key_files; i++) CLEAR_ON_NONE(options->host_key_files[i]); for (i = 0; i < options->num_host_cert_files; i++) @@ -393,8 +445,7 @@ typedef enum { sPermitRootLogin, sLogFacility, sLogLevel, sRhostsRSAAuthentication, sRSAAuthentication, sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, - sKerberosGetAFSToken, - sKerberosTgtPassing, sChallengeResponseAuthentication, + sKerberosGetAFSToken, sChallengeResponseAuthentication, sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sAddressFamily, sPrintMotd, sPrintLastLog, sIgnoreRhosts, @@ -421,7 +472,7 @@ typedef enum { sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, sStreamLocalBindMask, sStreamLocalBindUnlink, sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, - sExposeAuthInfo, + sExposeAuthInfo, sRDomain, sDeprecated, sIgnore, sUnsupported } ServerOpCodes; @@ -566,6 +617,7 @@ static struct { { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, + { "rdomain", sRDomain, SSHCFG_ALL }, { NULL, sBadOption, 0 } }; @@ -619,23 +671,51 @@ derelativise_path(const char *path) } static void -add_listen_addr(ServerOptions *options, char *addr, int port) +add_listen_addr(ServerOptions *options, const char *addr, + const char *rdomain, int port) { u_int i; - if (port == 0) - for (i = 0; i < options->num_ports; i++) - add_one_listen_addr(options, addr, options->ports[i]); - else - add_one_listen_addr(options, addr, port); + if (port > 0) + add_one_listen_addr(options, addr, rdomain, port); + else { + for (i = 0; i < options->num_ports; i++) { + add_one_listen_addr(options, addr, rdomain, + options->ports[i]); + } + } } static void -add_one_listen_addr(ServerOptions *options, char *addr, int port) +add_one_listen_addr(ServerOptions *options, const char *addr, + const char *rdomain, int port) { struct addrinfo hints, *ai, *aitop; char strport[NI_MAXSERV]; int gaierr; + u_int i; + + /* Find listen_addrs entry for this rdomain */ + for (i = 0; i < options->num_listen_addrs; i++) { + if (rdomain == NULL && options->listen_addrs[i].rdomain == NULL) + break; + if (rdomain == NULL || options->listen_addrs[i].rdomain == NULL) + continue; + if (strcmp(rdomain, options->listen_addrs[i].rdomain) == 0) + break; + } + if (i >= options->num_listen_addrs) { + /* No entry for this rdomain; allocate one */ + if (i >= INT_MAX) + fatal("%s: too many listen addresses", __func__); + options->listen_addrs = xrecallocarray(options->listen_addrs, + options->num_listen_addrs, options->num_listen_addrs + 1, + sizeof(*options->listen_addrs)); + i = options->num_listen_addrs++; + if (rdomain != NULL) + options->listen_addrs[i].rdomain = xstrdup(rdomain); + } + /* options->listen_addrs[i] points to the addresses for this rdomain */ memset(&hints, 0, sizeof(hints)); hints.ai_family = options->address_family; @@ -648,8 +728,44 @@ add_one_listen_addr(ServerOptions *options, char *addr, int port) ssh_gai_strerror(gaierr)); for (ai = aitop; ai->ai_next; ai = ai->ai_next) ; - ai->ai_next = options->listen_addrs; - options->listen_addrs = aitop; + ai->ai_next = options->listen_addrs[i].addrs; + options->listen_addrs[i].addrs = aitop; +} + +/* Returns nonzero if the routing domain name is valid */ +static int +valid_rdomain(const char *name) +{ +#if defined(HAVE_SYS_VALID_RDOMAIN) + return sys_valid_rdomain(name); +#elif defined(__OpenBSD__) + const char *errstr; + long long num; + struct rt_tableinfo info; + int mib[6]; + size_t miblen = sizeof(mib); + + if (name == NULL) + return 1; + + num = strtonum(name, 0, 255, &errstr); + if (errstr != NULL) + return 0; + + /* Check whether the table actually exists */ + memset(mib, 0, sizeof(mib)); + mib[0] = CTL_NET; + mib[1] = PF_ROUTE; + mib[4] = NET_RT_TABLE; + mib[5] = (int)num; + if (sysctl(mib, 6, &info, &miblen, NULL, 0) == -1) + return 0; + + return 1; +#else /* defined(__OpenBSD__) */ + error("Routing domains are not supported on this platform"); + return 0; +#endif } /* @@ -657,18 +773,19 @@ add_one_listen_addr(ServerOptions *options, char *addr, int port) * and AddressFamily options. */ static void -queue_listen_addr(ServerOptions *options, char *addr, int port) +queue_listen_addr(ServerOptions *options, const char *addr, + const char *rdomain, int port) { - options->queued_listen_addrs = xreallocarray( - options->queued_listen_addrs, options->num_queued_listens + 1, - sizeof(addr)); - options->queued_listen_ports = xreallocarray( - options->queued_listen_ports, options->num_queued_listens + 1, - sizeof(port)); - options->queued_listen_addrs[options->num_queued_listens] = - xstrdup(addr); - options->queued_listen_ports[options->num_queued_listens] = port; - options->num_queued_listens++; + struct queued_listenaddr *qla; + + options->queued_listen_addrs = xrecallocarray( + options->queued_listen_addrs, + options->num_queued_listens, options->num_queued_listens + 1, + sizeof(*options->queued_listen_addrs)); + qla = &options->queued_listen_addrs[options->num_queued_listens++]; + qla->addr = xstrdup(addr); + qla->port = port; + qla->rdomain = rdomain == NULL ? NULL : xstrdup(rdomain); } /* @@ -678,6 +795,7 @@ static void process_queued_listen_addrs(ServerOptions *options) { u_int i; + struct queued_listenaddr *qla; if (options->num_ports == 0) options->ports[options->num_ports++] = SSH_DEFAULT_PORT; @@ -685,15 +803,13 @@ process_queued_listen_addrs(ServerOptions *options) options->address_family = AF_UNSPEC; for (i = 0; i < options->num_queued_listens; i++) { - add_listen_addr(options, options->queued_listen_addrs[i], - options->queued_listen_ports[i]); - free(options->queued_listen_addrs[i]); - options->queued_listen_addrs[i] = NULL; + qla = &options->queued_listen_addrs[i]; + add_listen_addr(options, qla->addr, qla->rdomain, qla->port); + free(qla->addr); + free(qla->rdomain); } free(options->queued_listen_addrs); options->queued_listen_addrs = NULL; - free(options->queued_listen_ports); - options->queued_listen_ports = NULL; options->num_queued_listens = 0; } @@ -747,6 +863,7 @@ get_connection_info(int populate, int use_dns) ci.address = ssh_remote_ipaddr(ssh); ci.laddress = ssh_local_ipaddr(ssh); ci.lport = ssh_local_port(ssh); + ci.rdomain = ssh_packet_rdomain_in(ssh); return &ci; } @@ -811,6 +928,13 @@ out: return result; } +static void +match_test_missing_fatal(const char *criteria, const char *attrib) +{ + fatal("'Match %s' in configuration but '%s' not in connection " + "test specification.", criteria, attrib); +} + /* * All of the attributes on a single Match line are ANDed together, so we need * to check every attribute and set the result to zero if any attribute does @@ -848,20 +972,24 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) return -1; } if (strcasecmp(attrib, "user") == 0) { - if (ci == NULL || ci->user == NULL) { + if (ci == NULL) { result = 0; continue; } + if (ci->user == NULL) + match_test_missing_fatal("User", "user"); if (match_pattern_list(ci->user, arg, 0) != 1) result = 0; else debug("user %.100s matched 'User %.100s' at " "line %d", ci->user, arg, line); } else if (strcasecmp(attrib, "group") == 0) { - if (ci == NULL || ci->user == NULL) { + if (ci == NULL) { result = 0; continue; } + if (ci->user == NULL) + match_test_missing_fatal("Group", "user"); switch (match_cfg_line_group(arg, line, ci->user)) { case -1: return -1; @@ -869,20 +997,24 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) result = 0; } } else if (strcasecmp(attrib, "host") == 0) { - if (ci == NULL || ci->host == NULL) { + if (ci == NULL) { result = 0; continue; } + if (ci->host == NULL) + match_test_missing_fatal("Host", "host"); if (match_hostname(ci->host, arg) != 1) result = 0; else debug("connection from %.100s matched 'Host " "%.100s' at line %d", ci->host, arg, line); } else if (strcasecmp(attrib, "address") == 0) { - if (ci == NULL || ci->address == NULL) { + if (ci == NULL) { result = 0; continue; } + if (ci->address == NULL) + match_test_missing_fatal("Address", "addr"); switch (addr_match_list(ci->address, arg)) { case 1: debug("connection from %.100s matched 'Address " @@ -896,10 +1028,13 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) return -1; } } else if (strcasecmp(attrib, "localaddress") == 0){ - if (ci == NULL || ci->laddress == NULL) { + if (ci == NULL) { result = 0; continue; } + if (ci->laddress == NULL) + match_test_missing_fatal("LocalAddress", + "laddr"); switch (addr_match_list(ci->laddress, arg)) { case 1: debug("connection from %.100s matched " @@ -919,10 +1054,12 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) arg); return -1; } - if (ci == NULL || ci->lport == 0) { + if (ci == NULL) { result = 0; continue; } + if (ci->lport == 0) + match_test_missing_fatal("LocalPort", "lport"); /* TODO support port lists */ if (port == ci->lport) debug("connection from %.100s matched " @@ -930,6 +1067,16 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) ci->laddress, port, line); else result = 0; + } else if (strcasecmp(attrib, "rdomain") == 0) { + if (ci == NULL || ci->rdomain == NULL) { + result = 0; + continue; + } + if (match_pattern_list(ci->rdomain, arg, 0) != 1) + result = 0; + else + debug("user %.100s matched 'RDomain %.100s' at " + "line %d", ci->rdomain, arg, line); } else { error("Unsupported Match attribute %s", attrib); return -1; @@ -952,6 +1099,11 @@ struct multistate { char *key; int value; }; +static const struct multistate multistate_flag[] = { + { "yes", 1 }, + { "no", 0 }, + { NULL, -1 } +}; static const struct multistate multistate_addressfamily[] = { { "inet", AF_INET }, { "inet6", AF_INET6 }, @@ -1001,6 +1153,7 @@ process_server_config_line(ServerOptions *options, char *line, size_t len; long long val64; const struct multistate *multistate_ptr; + const char *errstr; /* Strip trailing whitespace. Allow \f (form feed) at EOL only */ if ((len = strlen(line)) == 0) @@ -1088,20 +1241,33 @@ process_server_config_line(ServerOptions *options, char *line, /* check for bare IPv6 address: no "[]" and 2 or more ":" */ if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL && strchr(p+1, ':') != NULL) { - queue_listen_addr(options, arg, 0); - break; - } - p = hpdelim(&arg); - if (p == NULL) - fatal("%s line %d: bad address:port usage", - filename, linenum); - p = cleanhostname(p); - if (arg == NULL) port = 0; - else if ((port = a2port(arg)) <= 0) - fatal("%s line %d: bad port number", filename, linenum); + p = arg; + } else { + p = hpdelim(&arg); + if (p == NULL) + fatal("%s line %d: bad address:port usage", + filename, linenum); + p = cleanhostname(p); + if (arg == NULL) + port = 0; + else if ((port = a2port(arg)) <= 0) + fatal("%s line %d: bad port number", + filename, linenum); + } + /* Optional routing table */ + arg2 = NULL; + if ((arg = strdelim(&cp)) != NULL) { + if (strcmp(arg, "rdomain") != 0 || + (arg2 = strdelim(&cp)) == NULL) + fatal("%s line %d: bad ListenAddress syntax", + filename, linenum); + if (!valid_rdomain(arg2)) + fatal("%s line %d: bad routing domain", + filename, linenum); + } - queue_listen_addr(options, p, port); + queue_listen_addr(options, p, arg2, port); break; @@ -1128,22 +1294,12 @@ process_server_config_line(ServerOptions *options, char *line, break; case sHostKeyFile: - intptr = &options->num_host_key_files; - if (*intptr >= MAX_HOSTKEYS) - fatal("%s line %d: too many host keys specified (max %d).", - filename, linenum, MAX_HOSTKEYS); - charptr = &options->host_key_files[*intptr]; - parse_filename: arg = strdelim(&cp); if (!arg || *arg == '\0') fatal("%s line %d: missing file name.", filename, linenum); - if (*activep && *charptr == NULL) { - *charptr = derelativise_path(arg); - /* increase optional counter */ - if (intptr != NULL) - *intptr = *intptr + 1; - } + if (*activep) + servconf_add_hostkey(filename, linenum, options, arg); break; case sHostKeyAgent: @@ -1158,17 +1314,28 @@ process_server_config_line(ServerOptions *options, char *line, break; case sHostCertificate: - intptr = &options->num_host_cert_files; - if (*intptr >= MAX_HOSTKEYS) - fatal("%s line %d: too many host certificates " - "specified (max %d).", filename, linenum, - MAX_HOSTCERTS); - charptr = &options->host_cert_files[*intptr]; - goto parse_filename; + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: missing file name.", + filename, linenum); + if (*activep) + servconf_add_hostcert(filename, linenum, options, arg); + break; case sPidFile: charptr = &options->pid_file; - goto parse_filename; + parse_filename: + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: missing file name.", + filename, linenum); + if (*activep && *charptr == NULL) { + *charptr = derelativise_path(arg); + /* increase optional counter */ + if (intptr != NULL) + *intptr = *intptr + 1; + } + break; case sPermitRootLogin: intptr = &options->permit_root_login; @@ -1178,21 +1345,8 @@ process_server_config_line(ServerOptions *options, char *line, case sIgnoreRhosts: intptr = &options->ignore_rhosts; parse_flag: - arg = strdelim(&cp); - if (!arg || *arg == '\0') - fatal("%s line %d: missing yes/no argument.", - filename, linenum); - value = 0; /* silence compiler */ - if (strcmp(arg, "yes") == 0) - value = 1; - else if (strcmp(arg, "no") == 0) - value = 0; - else - fatal("%s line %d: Bad yes/no argument: %s", - filename, linenum, arg); - if (*activep && *intptr == -1) - *intptr = value; - break; + multistate_ptr = multistate_flag; + goto parse_multistate; case sIgnoreUserKnownHosts: intptr = &options->ignore_user_known_hosts; @@ -1289,10 +1443,9 @@ process_server_config_line(ServerOptions *options, char *line, intptr = &options->x11_display_offset; parse_int: arg = strdelim(&cp); - if (!arg || *arg == '\0') - fatal("%s line %d: missing integer value.", - filename, linenum); - value = atoi(arg); + if ((errstr = atoi_err(arg, &value)) != NULL) + fatal("%s line %d: integer value %s.", + filename, linenum, errstr); if (*activep && *intptr == -1) *intptr = value; break; @@ -1412,55 +1565,47 @@ process_server_config_line(ServerOptions *options, char *line, case sAllowUsers: while ((arg = strdelim(&cp)) && *arg != '\0') { - if (options->num_allow_users >= MAX_ALLOW_USERS) - fatal("%s line %d: too many allow users.", - filename, linenum); if (match_user(NULL, NULL, NULL, arg) == -1) fatal("%s line %d: invalid AllowUsers pattern: " "\"%.100s\"", filename, linenum, arg); if (!*activep) continue; - options->allow_users[options->num_allow_users++] = - xstrdup(arg); + array_append(filename, linenum, "AllowUsers", + &options->allow_users, &options->num_allow_users, + arg); } break; case sDenyUsers: while ((arg = strdelim(&cp)) && *arg != '\0') { - if (options->num_deny_users >= MAX_DENY_USERS) - fatal("%s line %d: too many deny users.", - filename, linenum); if (match_user(NULL, NULL, NULL, arg) == -1) fatal("%s line %d: invalid DenyUsers pattern: " "\"%.100s\"", filename, linenum, arg); if (!*activep) continue; - options->deny_users[options->num_deny_users++] = - xstrdup(arg); + array_append(filename, linenum, "DenyUsers", + &options->deny_users, &options->num_deny_users, + arg); } break; case sAllowGroups: while ((arg = strdelim(&cp)) && *arg != '\0') { - if (options->num_allow_groups >= MAX_ALLOW_GROUPS) - fatal("%s line %d: too many allow groups.", - filename, linenum); if (!*activep) continue; - options->allow_groups[options->num_allow_groups++] = - xstrdup(arg); + array_append(filename, linenum, "AllowGroups", + &options->allow_groups, &options->num_allow_groups, + arg); } break; case sDenyGroups: while ((arg = strdelim(&cp)) && *arg != '\0') { - if (options->num_deny_groups >= MAX_DENY_GROUPS) - fatal("%s line %d: too many deny groups.", - filename, linenum); if (!*activep) continue; - options->deny_groups[options->num_deny_groups++] = - xstrdup(arg); + array_append(filename, linenum, "DenyGroups", + &options->deny_groups, &options->num_deny_groups, + arg); } break; @@ -1579,14 +1724,12 @@ process_server_config_line(ServerOptions *options, char *line, case sAuthorizedKeysFile: if (*activep && options->num_authkeys_files == 0) { while ((arg = strdelim(&cp)) && *arg != '\0') { - if (options->num_authkeys_files >= - MAX_AUTHKEYS_FILES) - fatal("%s line %d: " - "too many authorized keys files.", - filename, linenum); - options->authorized_keys_files[ - options->num_authkeys_files++] = - tilde_expand_filename(arg, getuid()); + arg = tilde_expand_filename(arg, getuid()); + array_append(filename, linenum, + "AuthorizedKeysFile", + &options->authorized_keys_files, + &options->num_authkeys_files, arg); + free(arg); } } return 0; @@ -1618,13 +1761,11 @@ process_server_config_line(ServerOptions *options, char *line, if (strchr(arg, '=') != NULL) fatal("%s line %d: Invalid environment name.", filename, linenum); - if (options->num_accept_env >= MAX_ACCEPT_ENV) - fatal("%s line %d: too many allow env.", - filename, linenum); if (!*activep) continue; - options->accept_env[options->num_accept_env++] = - xstrdup(arg); + array_append(filename, linenum, "AcceptEnv", + &options->accept_env, &options->num_accept_env, + arg); } break; @@ -1663,9 +1804,9 @@ process_server_config_line(ServerOptions *options, char *line, if (!arg || *arg == '\0') fatal("%s line %d: missing PermitOpen specification", filename, linenum); - i = options->num_permitted_opens; /* modified later */ + value = options->num_permitted_opens; /* modified later */ if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) { - if (*activep && i == 0) { + if (*activep && value == 0) { options->num_permitted_opens = 1; options->permitted_opens = xcalloc(1, sizeof(*options->permitted_opens)); @@ -1683,16 +1824,13 @@ process_server_config_line(ServerOptions *options, char *line, if (arg == NULL || ((port = permitopen_port(arg)) < 0)) fatal("%s line %d: bad port number in " "PermitOpen", filename, linenum); - if (*activep && i == 0) { - options->permitted_opens = xrecallocarray( - options->permitted_opens, - options->num_permitted_opens, - options->num_permitted_opens + 1, - sizeof(*options->permitted_opens)); - i = options->num_permitted_opens++; - options->permitted_opens[i] = arg2; - } else - free(arg2); + if (*activep && value == 0) { + array_append(filename, linenum, + "PermitOpen", + &options->permitted_opens, + &options->num_permitted_opens, arg2); + } + free(arg2); } break; @@ -1815,11 +1953,6 @@ process_server_config_line(ServerOptions *options, char *line, value = 0; /* seen "any" pseudo-method */ value2 = 0; /* sucessfully parsed any method */ while ((arg = strdelim(&cp)) && *arg != '\0') { - if (options->num_auth_methods >= - MAX_AUTH_METHODS) - fatal("%s line %d: " - "too many authentication methods.", - filename, linenum); if (strcmp(arg, "any") == 0) { if (options->num_auth_methods > 0) { fatal("%s line %d: \"any\" " @@ -1840,8 +1973,10 @@ process_server_config_line(ServerOptions *options, char *line, value2 = 1; if (!*activep) continue; - options->auth_methods[ - options->num_auth_methods++] = xstrdup(arg); + array_append(filename, linenum, + "AuthenticationMethods", + &options->auth_methods, + &options->num_auth_methods, arg); } if (value2 == 0) { fatal("%s line %d: no AuthenticationMethods " @@ -1883,6 +2018,20 @@ process_server_config_line(ServerOptions *options, char *line, intptr = &options->expose_userauth_info; goto parse_flag; + case sRDomain: + charptr = &options->routing_domain; + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%.200s line %d: Missing argument.", + filename, linenum); + if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") != 0 && + !valid_rdomain(arg)) + fatal("%s line %d: bad routing domain", + filename, linenum); + if (*activep && *charptr == NULL) + *charptr = xstrdup(arg); + break; + case sDeprecated: case sIgnore: case sUnsupported: @@ -1963,6 +2112,8 @@ int parse_server_match_testspec(struct connection_info *ci, char *spec) ci->user = xstrdup(p + 5); } else if (strncmp(p, "laddr=", 6) == 0) { ci->laddress = xstrdup(p + 6); + } else if (strncmp(p, "rdomain=", 8) == 0) { + ci->rdomain = xstrdup(p + 8); } else if (strncmp(p, "lport=", 6) == 0) { ci->lport = a2port(p + 6); if (ci->lport == -1) { @@ -1979,19 +2130,6 @@ int parse_server_match_testspec(struct connection_info *ci, char *spec) return 0; } -/* - * returns 1 for a complete spec, 0 for partial spec and -1 for an - * empty spec. - */ -int server_match_spec_complete(struct connection_info *ci) -{ - if (ci->user && ci->host && ci->address) - return 1; /* complete */ - if (!ci->user && !ci->host && !ci->address) - return -1; /* empty */ - return 0; /* partial */ -} - /* * Copy any supported values that are set. * @@ -2057,17 +2195,16 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) dst->n = src->n; \ } \ } while(0) -#define M_CP_STRARRAYOPT(n, num_n) do {\ - if (src->num_n != 0) { \ - for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \ - dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \ - } \ -} while(0) -#define M_CP_STRARRAYOPT_ALLOC(n, num_n) do { \ - if (src->num_n != 0) { \ - dst->n = xcalloc(src->num_n, sizeof(*dst->n)); \ - M_CP_STRARRAYOPT(n, num_n); \ - dst->num_n = src->num_n; \ +#define M_CP_STRARRAYOPT(s, num_s) do {\ + u_int i; \ + if (src->num_s != 0) { \ + for (i = 0; i < dst->num_s; i++) \ + free(dst->s[i]); \ + free(dst->s); \ + dst->s = xcalloc(src->num_s, sizeof(*dst->s)); \ + for (i = 0; i < src->num_s; i++) \ + dst->s[i] = xstrdup(src->s[i]); \ + dst->num_s = src->num_s; \ } \ } while(0) @@ -2100,7 +2237,6 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) #undef M_CP_INTOPT #undef M_CP_STROPT #undef M_CP_STRARRAYOPT -#undef M_CP_STRARRAYOPT_ALLOC void parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, @@ -2231,45 +2367,61 @@ dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals) printf("\n"); } -void -dump_config(ServerOptions *o) +static char * +format_listen_addrs(struct listenaddr *la) { - u_int i; - int ret; + int r; struct addrinfo *ai; - char addr[NI_MAXHOST], port[NI_MAXSERV], *s = NULL; + char addr[NI_MAXHOST], port[NI_MAXSERV]; char *laddr1 = xstrdup(""), *laddr2 = NULL; - /* these are usually at the top of the config */ - for (i = 0; i < o->num_ports; i++) - printf("port %d\n", o->ports[i]); - dump_cfg_fmtint(sAddressFamily, o->address_family); - /* * ListenAddress must be after Port. add_one_listen_addr pushes * addresses onto a stack, so to maintain ordering we need to * print these in reverse order. */ - for (ai = o->listen_addrs; ai; ai = ai->ai_next) { - if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, + for (ai = la->addrs; ai; ai = ai->ai_next) { + if ((r = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr, sizeof(addr), port, sizeof(port), NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { - error("getnameinfo failed: %.100s", - (ret != EAI_SYSTEM) ? gai_strerror(ret) : - strerror(errno)); + error("getnameinfo: %.100s", ssh_gai_strerror(r)); + continue; + } + laddr2 = laddr1; + if (ai->ai_family == AF_INET6) { + xasprintf(&laddr1, "listenaddress [%s]:%s%s%s\n%s", + addr, port, + la->rdomain == NULL ? "" : " rdomain ", + la->rdomain == NULL ? "" : la->rdomain, + laddr2); } else { - laddr2 = laddr1; - if (ai->ai_family == AF_INET6) - xasprintf(&laddr1, "listenaddress [%s]:%s\n%s", - addr, port, laddr2); - else - xasprintf(&laddr1, "listenaddress %s:%s\n%s", - addr, port, laddr2); - free(laddr2); + xasprintf(&laddr1, "listenaddress %s:%s%s%s\n%s", + addr, port, + la->rdomain == NULL ? "" : " rdomain ", + la->rdomain == NULL ? "" : la->rdomain, + laddr2); } + free(laddr2); + } + return laddr1; +} + +void +dump_config(ServerOptions *o) +{ + char *s; + u_int i; + + /* these are usually at the top of the config */ + for (i = 0; i < o->num_ports; i++) + printf("port %d\n", o->ports[i]); + dump_cfg_fmtint(sAddressFamily, o->address_family); + + for (i = 0; i < o->num_listen_addrs; i++) { + s = format_listen_addrs(&o->listen_addrs[i]); + printf("%s", s); + free(s); } - printf("%s", laddr1); - free(laddr1); /* integer arguments */ #ifdef USE_PAM @@ -2358,6 +2510,7 @@ dump_config(ServerOptions *o) o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG); dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ? o->pubkey_key_types : KEX_DEFAULT_PK_ALG); + dump_cfg_string(sRDomain, o->routing_domain); /* string arguments requiring a lookup */ dump_cfg_string(sLogLevel, log_level_name(o->log_level)); @@ -2386,11 +2539,13 @@ dump_config(ServerOptions *o) printf("maxstartups %d:%d:%d\n", o->max_startups_begin, o->max_startups_rate, o->max_startups); - for (i = 0; tunmode_desc[i].val != -1; i++) + s = NULL; + for (i = 0; tunmode_desc[i].val != -1; i++) { if (tunmode_desc[i].val == o->permit_tun) { s = tunmode_desc[i].text; break; } + } dump_cfg_string(sPermitTunnel, s); printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); diff --git a/servconf.h b/servconf.h index 1dca702e6acb..37a0fb1a39ff 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.126 2017/10/02 19:33:20 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.130 2017/10/25 00:19:47 djm Exp $ */ /* * Author: Tatu Ylonen @@ -18,17 +18,7 @@ #define MAX_PORTS 256 /* Max # ports. */ -#define MAX_ALLOW_USERS 256 /* Max # users on allow list. */ -#define MAX_DENY_USERS 256 /* Max # users on deny list. */ -#define MAX_ALLOW_GROUPS 256 /* Max # groups on allow list. */ -#define MAX_DENY_GROUPS 256 /* Max # groups on deny list. */ #define MAX_SUBSYSTEMS 256 /* Max # subsystems. */ -#define MAX_HOSTKEYS 256 /* Max # hostkeys. */ -#define MAX_HOSTCERTS 256 /* Max # host certificates. */ -#define MAX_ACCEPT_ENV 256 /* Max # of env vars. */ -#define MAX_MATCH_GROUPS 256 /* Max # of groups for Match. */ -#define MAX_AUTHKEYS_FILES 256 /* Max # of authorized_keys files. */ -#define MAX_AUTH_METHODS 256 /* Max # of AuthenticationMethods. */ /* permit_root_login */ #define PERMIT_NOT_SET -1 @@ -61,21 +51,42 @@ struct ssh; struct fwd_perm_list; +/* + * Used to store addresses from ListenAddr directives. These may be + * incomplete, as they may specify addresses that need to be merged + * with any ports requested by ListenPort. + */ +struct queued_listenaddr { + char *addr; + int port; /* <=0 if unspecified */ + char *rdomain; +}; + +/* Resolved listen addresses, grouped by optional routing domain */ +struct listenaddr { + char *rdomain; + struct addrinfo *addrs; +}; + typedef struct { u_int num_ports; u_int ports_from_cmdline; int ports[MAX_PORTS]; /* Port number to listen on. */ + struct queued_listenaddr *queued_listen_addrs; u_int num_queued_listens; - char **queued_listen_addrs; - int *queued_listen_ports; - struct addrinfo *listen_addrs; /* Addresses on which the server listens. */ - int address_family; /* Address family used by the server. */ - char *host_key_files[MAX_HOSTKEYS]; /* Files containing host keys. */ - int num_host_key_files; /* Number of files for host keys. */ - char *host_cert_files[MAX_HOSTCERTS]; /* Files containing host certs. */ - int num_host_cert_files; /* Number of files for host certs. */ - char *host_key_agent; /* ssh-agent socket for host keys. */ - char *pid_file; /* Where to put our pid */ + struct listenaddr *listen_addrs; + u_int num_listen_addrs; + int address_family; /* Address family used by the server. */ + + char *routing_domain; /* Bind session to routing domain */ + + char **host_key_files; /* Files containing host keys. */ + u_int num_host_key_files; /* Number of files for host keys. */ + char **host_cert_files; /* Files containing host certs. */ + u_int num_host_cert_files; /* Number of files for host certs. */ + + char *host_key_agent; /* ssh-agent socket for host keys. */ + char *pid_file; /* Where to put our pid */ int login_grace_time; /* Disconnect if no auth in this time * (sec). */ int permit_root_login; /* PERMIT_*, see above */ @@ -134,13 +145,13 @@ typedef struct { int allow_agent_forwarding; int disable_forwarding; u_int num_allow_users; - char *allow_users[MAX_ALLOW_USERS]; + char **allow_users; u_int num_deny_users; - char *deny_users[MAX_DENY_USERS]; + char **deny_users; u_int num_allow_groups; - char *allow_groups[MAX_ALLOW_GROUPS]; + char **allow_groups; u_int num_deny_groups; - char *deny_groups[MAX_DENY_GROUPS]; + char **deny_groups; u_int num_subsystems; char *subsystem_name[MAX_SUBSYSTEMS]; @@ -148,7 +159,7 @@ typedef struct { char *subsystem_args[MAX_SUBSYSTEMS]; u_int num_accept_env; - char *accept_env[MAX_ACCEPT_ENV]; + char **accept_env; int max_startups_begin; int max_startups_rate; @@ -167,8 +178,8 @@ typedef struct { * disconnect the session */ - u_int num_authkeys_files; /* Files containing public keys */ - char *authorized_keys_files[MAX_AUTHKEYS_FILES]; + u_int num_authkeys_files; /* Files containing public keys */ + char **authorized_keys_files; char *adm_forced_command; @@ -194,7 +205,7 @@ typedef struct { char *version_addendum; /* Appended to SSH banner */ u_int num_auth_methods; - char *auth_methods[MAX_AUTH_METHODS]; + char **auth_methods; int fingerprint_hash; int expose_userauth_info; @@ -207,6 +218,7 @@ struct connection_info { const char *address; /* remote address */ const char *laddress; /* local address */ int lport; /* local port */ + const char *rdomain; /* routing domain if available */ }; @@ -230,6 +242,7 @@ struct connection_info { M_CP_STROPT(authorized_principals_command_user); \ M_CP_STROPT(hostbased_key_types); \ M_CP_STROPT(pubkey_key_types); \ + M_CP_STROPT(routing_domain); \ M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ M_CP_STRARRAYOPT(allow_users, num_allow_users); \ M_CP_STRARRAYOPT(deny_users, num_deny_users); \ @@ -237,7 +250,7 @@ struct connection_info { M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \ M_CP_STRARRAYOPT(accept_env, num_accept_env); \ M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \ - M_CP_STRARRAYOPT_ALLOC(permitted_opens, num_permitted_opens); \ + M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \ } while (0) struct connection_info *get_connection_info(int, int); @@ -255,5 +268,9 @@ int server_match_spec_complete(struct connection_info *); void copy_set_server_options(ServerOptions *, ServerOptions *, int); void dump_config(ServerOptions *); char *derelativise_path(const char *); +void servconf_add_hostkey(const char *, const int, + ServerOptions *, const char *path); +void servconf_add_hostcert(const char *, const int, + ServerOptions *, const char *path); #endif /* SERVCONF_H */ diff --git a/serverloop.c b/serverloop.c index 24bbae322c34..d6fe24cc1dbb 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.198 2017/09/12 06:35:32 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.205 2018/03/03 03:15:51 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -82,6 +82,7 @@ extern ServerOptions options; /* XXX */ extern Authctxt *the_authctxt; +extern struct sshauthopt *auth_opts; extern int use_privsep; static int no_more_sessions = 0; /* Disallow further sessions. */ @@ -99,6 +100,9 @@ static volatile sig_atomic_t received_sigterm = 0; /* prototypes */ static void server_init_dispatch(void); +/* requested tunnel forwarding interface(s), shared with session.c */ +char *tun_fwd_ifnames = NULL; + /* * we write to this pipe if a SIGCHLD is caught in order to avoid * the race between select() and child_terminated @@ -150,9 +154,6 @@ sigchld_handler(int sig) { int save_errno = errno; child_terminated = 1; -#ifndef _UNICOS - mysignal(SIGCHLD, sigchld_handler); -#endif notify_parent(); errno = save_errno; } @@ -168,10 +169,12 @@ static void client_alive_check(struct ssh *ssh) { int channel_id; + char remote_id[512]; /* timeout, check to see how many we have had */ if (packet_inc_alive_timeouts() > options.client_alive_count_max) { - logit("Timeout, client not responding."); + sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id)); + logit("Timeout, client not responding from %s", remote_id); cleanup_exit(255); } @@ -371,7 +374,7 @@ server_loop2(struct ssh *ssh, Authctxt *authctxt) debug("Entering interactive session for SSH2."); - mysignal(SIGCHLD, sigchld_handler); + signal(SIGCHLD, sigchld_handler); child_terminated = 0; connection_in = packet_get_connection_in(); connection_out = packet_get_connection_out(); @@ -454,12 +457,13 @@ server_request_direct_tcpip(struct ssh *ssh, int *reason, const char **errmsg) originator_port = packet_get_int(); packet_check_eom(); - debug("server_request_direct_tcpip: originator %s port %d, target %s " - "port %d", originator, originator_port, target, target_port); + debug("%s: originator %s port %d, target %s port %d", __func__, + originator, originator_port, target, target_port); /* XXX fine grained permissions */ if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0 && - !no_port_forwarding_flag && !options.disable_forwarding) { + auth_opts->permit_port_forwarding_flag && + !options.disable_forwarding) { c = channel_connect_to_port(ssh, target, target_port, "direct-tcpip", "direct-tcpip", reason, errmsg); } else { @@ -485,20 +489,20 @@ server_request_direct_streamlocal(struct ssh *ssh) struct passwd *pw = the_authctxt->pw; if (pw == NULL || !the_authctxt->valid) - fatal("server_input_global_request: no/invalid user"); + fatal("%s: no/invalid user", __func__); target = packet_get_string(NULL); originator = packet_get_string(NULL); originator_port = packet_get_int(); packet_check_eom(); - debug("server_request_direct_streamlocal: originator %s port %d, target %s", + debug("%s: originator %s port %d, target %s", __func__, originator, originator_port, target); /* XXX fine grained permissions */ if ((options.allow_streamlocal_forwarding & FORWARD_LOCAL) != 0 && - !no_port_forwarding_flag && !options.disable_forwarding && - (pw->pw_uid == 0 || use_privsep)) { + auth_opts->permit_port_forwarding_flag && + !options.disable_forwarding && (pw->pw_uid == 0 || use_privsep)) { c = channel_connect_to_path(ssh, target, "direct-streamlocal@openssh.com", "direct-streamlocal"); } else { @@ -517,8 +521,8 @@ static Channel * server_request_tun(struct ssh *ssh) { Channel *c = NULL; - int mode, tun; - int sock; + int mode, tun, sock; + char *tmp, *ifname = NULL; mode = packet_get_int(); switch (mode) { @@ -536,14 +540,16 @@ server_request_tun(struct ssh *ssh) } tun = packet_get_int(); - if (forced_tun_device != -1) { - if (tun != SSH_TUNID_ANY && forced_tun_device != tun) + if (auth_opts->force_tun_device != -1) { + if (tun != SSH_TUNID_ANY && auth_opts->force_tun_device != tun) goto done; - tun = forced_tun_device; + tun = auth_opts->force_tun_device; } - sock = tun_open(tun, mode); + sock = tun_open(tun, mode, &ifname); if (sock < 0) goto done; + debug("Tunnel forwarding using interface %s", ifname); + c = channel_new(ssh, "tun", SSH_CHANNEL_OPEN, sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); c->datagram = 1; @@ -553,6 +559,19 @@ server_request_tun(struct ssh *ssh) sys_tun_outfilter, NULL, NULL); #endif + /* + * Update the list of names exposed to the session + * XXX remove these if the tunnels are closed (won't matter + * much if they are already in the environment though) + */ + tmp = tun_fwd_ifnames; + xasprintf(&tun_fwd_ifnames, "%s%s%s", + tun_fwd_ifnames == NULL ? "" : tun_fwd_ifnames, + tun_fwd_ifnames == NULL ? "" : ",", + ifname); + free(tmp); + free(ifname); + done: if (c == NULL) packet_send_debug("Failed to open the tunnel device."); @@ -635,10 +654,8 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); packet_put_int(rchan); packet_put_int(reason); - if (!(datafellows & SSH_BUG_OPENFAILURE)) { - packet_put_cstring(errmsg ? errmsg : "open failed"); - packet_put_cstring(""); - } + packet_put_cstring(errmsg ? errmsg : "open failed"); + packet_put_cstring(""); packet_send(); } free(ctype); @@ -651,7 +668,7 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp) struct sshbuf *resp = NULL; struct sshbuf *sigbuf = NULL; struct sshkey *key = NULL, *key_pub = NULL, *key_prv = NULL; - int r, ndx, success = 0; + int r, ndx, kexsigtype, use_kexsigtype, success = 0; const u_char *blob; u_char *sig = 0; size_t blen, slen; @@ -659,6 +676,8 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp) if ((resp = sshbuf_new()) == NULL || (sigbuf = sshbuf_new()) == NULL) fatal("%s: sshbuf_new", __func__); + kexsigtype = sshkey_type_plain( + sshkey_type_from_name(ssh->kex->hostkey_alg)); while (ssh_packet_remaining(ssh) > 0) { sshkey_free(key); key = NULL; @@ -689,13 +708,20 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp) sshbuf_reset(sigbuf); free(sig); sig = NULL; + /* + * For RSA keys, prefer to use the signature type negotiated + * during KEX to the default (SHA1). + */ + use_kexsigtype = kexsigtype == KEY_RSA && + sshkey_type_plain(key->type) == KEY_RSA; if ((r = sshbuf_put_cstring(sigbuf, "hostkeys-prove-00@openssh.com")) != 0 || (r = sshbuf_put_string(sigbuf, ssh->kex->session_id, ssh->kex->session_id_len)) != 0 || (r = sshkey_puts(key, sigbuf)) != 0 || (r = ssh->kex->sign(key_prv, key_pub, &sig, &slen, - sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), NULL, 0)) != 0 || + sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), + use_kexsigtype ? ssh->kex->hostkey_alg : NULL, 0)) != 0 || (r = sshbuf_put_string(resp, sig, slen)) != 0) { error("%s: couldn't prepare signature: %s", __func__, ssh_err(r)); @@ -742,7 +768,8 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) /* check permissions */ if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 || - no_port_forwarding_flag || options.disable_forwarding || + !auth_opts->permit_port_forwarding_flag || + options.disable_forwarding || (!want_reply && fwd.listen_port == 0) || (fwd.listen_port != 0 && !bind_permitted(fwd.listen_port, pw->pw_uid))) { @@ -780,7 +807,8 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) /* check permissions */ if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0 - || no_port_forwarding_flag || options.disable_forwarding || + || !auth_opts->permit_port_forwarding_flag || + options.disable_forwarding || (pw->pw_uid != 0 && !use_privsep)) { success = 0; packet_send_debug("Server has disabled " diff --git a/session.c b/session.c index 4bccb62d1e4d..58826db1698a 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.292 2017/09/12 06:32:07 djm Exp $ */ +/* $OpenBSD: session.c,v 1.294 2018/03/03 03:15:51 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -140,6 +140,8 @@ extern u_int utmp_len; extern int startup_pipe; extern void destroy_sensitive_data(void); extern Buffer loginmsg; +extern struct sshauthopt *auth_opts; +char *tun_fwd_ifnames; /* serverloop.c */ /* original command from peer. */ const char *original_command = NULL; @@ -287,14 +289,42 @@ prepare_auth_info_file(struct passwd *pw, struct sshbuf *info) restore_uid(); } +static void +set_permitopen_from_authopts(struct ssh *ssh, const struct sshauthopt *opts) +{ + char *tmp, *cp, *host; + int port; + size_t i; + + if ((options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) + return; + channel_clear_permitted_opens(ssh); + for (i = 0; i < auth_opts->npermitopen; i++) { + tmp = cp = xstrdup(auth_opts->permitopen[i]); + /* This shouldn't fail as it has already been checked */ + if ((host = hpdelim(&cp)) == NULL) + fatal("%s: internal error: hpdelim", __func__); + host = cleanhostname(host); + if (cp == NULL || (port = permitopen_port(cp)) < 0) + fatal("%s: internal error: permitopen port", + __func__); + channel_add_permitted_opens(ssh, host, port); + free(tmp); + } +} + void do_authenticated(struct ssh *ssh, Authctxt *authctxt) { setproctitle("%s", authctxt->pw->pw_name); + auth_log_authopts("active", auth_opts, 0); + /* setup the channel layer */ /* XXX - streamlocal? */ - if (no_port_forwarding_flag || options.disable_forwarding || + set_permitopen_from_authopts(ssh, auth_opts); + if (!auth_opts->permit_port_forwarding_flag || + options.disable_forwarding || (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) channel_disable_adm_local_opens(ssh); else @@ -334,7 +364,6 @@ int do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) { pid_t pid; - #ifdef USE_PIPES int pin[2], pout[2], perr[2]; @@ -450,11 +479,6 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) close(err[0]); #endif - -#ifdef _UNICOS - cray_init_job(s->pw); /* set up cray jid and tmpdir */ -#endif - /* Do processing for the child (exec command etc). */ do_child(ssh, s, command); /* NOTREACHED */ @@ -462,9 +486,6 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) break; } -#ifdef _UNICOS - signal(WJSIGNAL, cray_job_termination_handler); -#endif /* _UNICOS */ #ifdef HAVE_CYGWIN cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); #endif @@ -576,9 +597,6 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command) close(ttyfd); /* record login, etc. similar to login(1) */ -#ifdef _UNICOS - cray_init_job(s->pw); /* set up cray jid and tmpdir */ -#endif /* _UNICOS */ #ifndef HAVE_OSF_SIA do_login(ssh, s, command); #endif @@ -592,9 +610,6 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command) break; } -#ifdef _UNICOS - signal(WJSIGNAL, cray_job_termination_handler); -#endif /* _UNICOS */ #ifdef HAVE_CYGWIN cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); #endif @@ -656,9 +671,9 @@ do_exec(struct ssh *ssh, Session *s, const char *command) original_command = command; command = options.adm_forced_command; forced = "(config)"; - } else if (forced_command) { + } else if (auth_opts->force_command != NULL) { original_command = command; - command = forced_command; + command = auth_opts->force_command; forced = "(key-option)"; } if (forced != NULL) { @@ -961,8 +976,9 @@ static char ** do_setup_env(struct ssh *ssh, Session *s, const char *shell) { char buf[256]; + size_t n; u_int i, envsize; - char **env, *laddr; + char *ocp, *cp, **env, *laddr; struct passwd *pw = s->pw; #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN) char *path = NULL; @@ -1037,20 +1053,17 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) if (getenv("TZ")) child_set_env(&env, &envsize, "TZ", getenv("TZ")); - /* Set custom environment options from RSA authentication. */ - while (custom_environment) { - struct envstring *ce = custom_environment; - char *str = ce->s; - - for (i = 0; str[i] != '=' && str[i]; i++) - ; - if (str[i] == '=') { - str[i] = 0; - child_set_env(&env, &envsize, str, str + i + 1); + /* Set custom environment options from pubkey authentication. */ + if (options.permit_user_env) { + for (n = 0 ; n < auth_opts->nenv; n++) { + ocp = xstrdup(auth_opts->env[n]); + cp = strchr(ocp, '='); + if (*cp == '=') { + *cp = '\0'; + child_set_env(&env, &envsize, ocp, cp + 1); + } + free(ocp); } - custom_environment = ce->next; - free(ce->s); - free(ce); } /* SSH_CLIENT deprecated */ @@ -1066,6 +1079,8 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) free(laddr); child_set_env(&env, &envsize, "SSH_CONNECTION", buf); + if (tun_fwd_ifnames != NULL) + child_set_env(&env, &envsize, "SSH_TUNNEL", tun_fwd_ifnames); if (auth_info_file != NULL) child_set_env(&env, &envsize, "SSH_USER_AUTH", auth_info_file); if (s->ttyfd != -1) @@ -1078,11 +1093,6 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", original_command); -#ifdef _UNICOS - if (cray_tmpdir[0] != '\0') - child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir); -#endif /* _UNICOS */ - /* * Since we clear KRB5CCNAME at startup, if it's set now then it * must have been set by a native authentication method (eg AIX or @@ -1155,7 +1165,7 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) * first in this order). */ static void -do_rc_files(Session *s, const char *shell) +do_rc_files(struct ssh *ssh, Session *s, const char *shell) { FILE *f = NULL; char cmd[1024]; @@ -1167,7 +1177,7 @@ do_rc_files(Session *s, const char *shell) /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */ if (!s->is_subsystem && options.adm_forced_command == NULL && - !no_user_rc && options.permit_user_rc && + auth_opts->permit_user_rc && options.permit_user_rc && stat(_PATH_SSH_USER_RC, &st) >= 0) { snprintf(cmd, sizeof cmd, "%s -c '%s %s'", shell, _PATH_BSHELL, _PATH_SSH_USER_RC); @@ -1248,10 +1258,10 @@ do_nologin(struct passwd *pw) /* /etc/nologin exists. Print its contents if we can and exit. */ logit("User %.100s not allowed because %s exists", pw->pw_name, nl); if ((f = fopen(nl, "r")) != NULL) { - while (fgets(buf, sizeof(buf), f)) - fputs(buf, stderr); - fclose(f); - } + while (fgets(buf, sizeof(buf), f)) + fputs(buf, stderr); + fclose(f); + } exit(254); } @@ -1483,10 +1493,6 @@ do_child(struct ssh *ssh, Session *s, const char *command) exit(1); } -#ifdef _UNICOS - cray_setup(pw->pw_uid, pw->pw_name, command); -#endif /* _UNICOS */ - /* * Login(1) does this as well, and it needs uid 0 for the "-h" * switch, so we let login(1) to this for us. @@ -1591,7 +1597,7 @@ do_child(struct ssh *ssh, Session *s, const char *command) closefrom(STDERR_FILENO + 1); - do_rc_files(s, shell); + do_rc_files(ssh, s, shell); /* restore SIGPIPE for child */ signal(SIGPIPE, SIG_DFL); @@ -1854,8 +1860,8 @@ session_pty_req(struct ssh *ssh, Session *s) u_int len; int n_bytes; - if (no_pty_flag || !options.permit_tty) { - debug("Allocating a pty not permitted for this authentication."); + if (!auth_opts->permit_pty_flag || !options.permit_tty) { + debug("Allocating a pty not permitted for this connection."); return 0; } if (s->ttyfd != -1) { @@ -2043,9 +2049,11 @@ static int session_auth_agent_req(struct ssh *ssh, Session *s) { static int called = 0; + packet_check_eom(); - if (no_agent_forwarding_flag || !options.allow_agent_forwarding) { - debug("session_auth_agent_req: no_agent_forwarding_flag"); + if (!auth_opts->permit_agent_forwarding_flag || + !options.allow_agent_forwarding) { + debug("%s: agent forwarding disabled", __func__); return 0; } if (called) { @@ -2423,8 +2431,8 @@ session_setup_x11fwd(struct ssh *ssh, Session *s) char hostname[NI_MAXHOST]; u_int i; - if (no_x11_forwarding_flag) { - packet_send_debug("X11 forwarding disabled in user configuration file."); + if (!auth_opts->permit_x11_forwarding_flag) { + packet_send_debug("X11 forwarding disabled by key options."); return 0; } if (!options.x11_forwarding) { @@ -2433,7 +2441,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s) } if (options.xauth_location == NULL || (stat(options.xauth_location, &st) == -1)) { - packet_send_debug("No xauth program; cannot forward with spoofing."); + packet_send_debug("No xauth program; cannot forward X11."); return 0; } if (s->display != NULL) { diff --git a/sftp-client.c b/sftp-client.c index 626330262264..0b53a2e681a8 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.127 2017/08/11 04:41:08 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.128 2017/11/28 21:10:22 dtucker Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -130,7 +130,7 @@ send_msg(struct sftp_conn *conn, struct sshbuf *m) } static void -get_msg(struct sftp_conn *conn, struct sshbuf *m) +get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial) { u_int msg_len; u_char *p; @@ -148,8 +148,12 @@ get_msg(struct sftp_conn *conn, struct sshbuf *m) if ((r = sshbuf_get_u32(m, &msg_len)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); - if (msg_len > SFTP_MAX_MSG_LENGTH) - fatal("Received message too long %u", msg_len); + if (msg_len > SFTP_MAX_MSG_LENGTH) { + do_log2(initial ? SYSLOG_LEVEL_ERROR : SYSLOG_LEVEL_FATAL, + "Received message too long %u", msg_len); + fatal("Ensure the remote shell produces no output " + "for non-interactive sessions."); + } if ((r = sshbuf_reserve(m, msg_len, &p)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); @@ -163,6 +167,12 @@ get_msg(struct sftp_conn *conn, struct sshbuf *m) } } +static void +get_msg(struct sftp_conn *conn, struct sshbuf *m) +{ + get_msg_extended(conn, m, 0); +} + static void send_string_request(struct sftp_conn *conn, u_int id, u_int code, const char *s, u_int len) @@ -406,7 +416,7 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests, sshbuf_reset(msg); - get_msg(ret, msg); + get_msg_extended(ret, msg, 1); /* Expecting a VERSION reply */ if ((r = sshbuf_get_u8(msg, &type)) != 0) diff --git a/sftp.0 b/sftp.0 index 45b8faf5543d..7ad3e8d3f460 100644 --- a/sftp.0 +++ b/sftp.0 @@ -7,32 +7,29 @@ SYNOPSIS sftp [-46aCfpqrv] [-B buffer_size] [-b batchfile] [-c cipher] [-D sftp_server_path] [-F ssh_config] [-i identity_file] [-l limit] [-o ssh_option] [-P port] [-R num_requests] [-S program] - [-s subsystem | sftp_server] host - sftp [user@]host[:file ...] - sftp [user@]host[:dir[/]] - sftp -b batchfile [user@]host + [-s subsystem | sftp_server] destination DESCRIPTION - sftp is an interactive file transfer program, similar to ftp(1), which - performs all operations over an encrypted ssh(1) transport. It may also - use many features of ssh, such as public key authentication and - compression. sftp connects and logs into the specified host, then enters - an interactive command mode. + sftp is a file transfer program, similar to ftp(1), which performs all + operations over an encrypted ssh(1) transport. It may also use many + features of ssh, such as public key authentication and compression. - The second usage format will retrieve files automatically if a non- - interactive authentication method is used; otherwise it will do so after - successful interactive authentication. + The destination may be specified either as [user@]host[:path] or as a URI + in the form sftp://[user@]host[:port][/path]. - The third usage format allows sftp to start in a remote directory. + If the destination includes a path and it is not a directory, sftp will + retrieve files automatically if a non-interactive authentication method + is used; otherwise it will do so after successful interactive + authentication. - The final usage format allows for automated sessions using the -b option. - In such cases, it is necessary to configure non-interactive - authentication to obviate the need to enter a password at connection time - (see sshd(8) and ssh-keygen(1) for details). + If no path is specified, or if the path is a directory, sftp will log in + to the specified host and enter interactive command mode, changing to the + remote directory if one was specified. An optional trailing slash can be + used to force the path to be interpreted as a directory. - Since some usage formats use colon characters to delimit host names from - path names, IPv6 addresses must be enclosed in square brackets to avoid - ambiguity. + Since the destination formats use colon characters to delimit host names + from path names or port numbers, IPv6 addresses must be enclosed in + square brackets to avoid ambiguity. The options are as follows: @@ -53,14 +50,15 @@ DESCRIPTION -b batchfile Batch mode reads a series of commands from an input batchfile instead of stdin. Since it lacks user interaction it should be - used in conjunction with non-interactive authentication. A - batchfile of M-bM-^@M-^X-M-bM-^@M-^Y may be used to indicate standard input. sftp - will abort if any of the following commands fail: get, put, - reget, reput, rename, ln, rm, mkdir, chdir, ls, lchdir, chmod, - chown, chgrp, lpwd, df, symlink, and lmkdir. Termination on - error can be suppressed on a command by command basis by - prefixing the command with a M-bM-^@M-^X-M-bM-^@M-^Y character (for example, -rm - /tmp/blah*). + used in conjunction with non-interactive authentication to + obviate the need to enter a password at connection time (see + sshd(8) and ssh-keygen(1) for details). A batchfile of M-bM-^@M-^X-M-bM-^@M-^Y may + be used to indicate standard input. sftp will abort if any of + the following commands fail: get, put, reget, reput, rename, ln, + rm, mkdir, chdir, ls, lchdir, chmod, chown, chgrp, lpwd, df, + symlink, and lmkdir. Termination on error can be suppressed on a + command by command basis by prefixing the command with a M-bM-^@M-^X-M-bM-^@M-^Y + character (for example, -rm /tmp/blah*). -C Enables compression (via ssh's -C flag). @@ -99,6 +97,7 @@ DESCRIPTION AddressFamily BatchMode BindAddress + BindInterface CanonicalDomains CanonicalizeFallbackLocal CanonicalizeHostname @@ -193,8 +192,9 @@ INTERACTIVE COMMANDS bye Quit sftp. - cd path - Change remote directory to path. + cd [path] + Change remote directory to path. If path is not specified, then + change directory to the one the session started in. chgrp grp path Change group of file path to grp. path may contain glob(3) @@ -246,8 +246,9 @@ INTERACTIVE COMMANDS help Display help text. - lcd path - Change local directory to path. + lcd [path] + Change local directory to path. If path is not specified, then + change directory to the local user's home directory. lls [ls-options [path]] Display local directory listing of either path or current @@ -374,4 +375,4 @@ SEE ALSO T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- filexfer-00.txt, January 2001, work in progress material. -OpenBSD 6.2 May 3, 2017 OpenBSD 6.2 +OpenBSD 6.2 February 23, 2018 OpenBSD 6.2 diff --git a/sftp.1 b/sftp.1 index c218376fbf0c..43e0442f7bb7 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.110 2017/05/03 21:49:18 naddy Exp $ +.\" $OpenBSD: sftp.1,v 1.114 2018/02/23 07:38:09 jmc Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 3 2017 $ +.Dd $Mdocdate: February 23 2018 $ .Dt SFTP 1 .Os .Sh NAME @@ -30,7 +30,6 @@ .Nd secure file transfer program .Sh SYNOPSIS .Nm sftp -.Bk -words .Op Fl 46aCfpqrv .Op Fl B Ar buffer_size .Op Fl b Ar batchfile @@ -44,54 +43,55 @@ .Op Fl R Ar num_requests .Op Fl S Ar program .Op Fl s Ar subsystem | sftp_server -.Ar host -.Ek -.Nm sftp -.Oo Ar user Ns @ Oc Ns -.Ar host Ns Op : Ns Ar -.Nm sftp -.Oo -.Ar user Ns @ Oc Ns -.Ar host Ns Oo : Ns Ar dir Ns -.Op Ar / -.Oc -.Nm sftp -.Fl b Ar batchfile -.Oo Ar user Ns @ Oc Ns Ar host +.Ar destination .Sh DESCRIPTION .Nm -is an interactive file transfer program, similar to +is a file transfer program, similar to .Xr ftp 1 , which performs all operations over an encrypted .Xr ssh 1 transport. It may also use many features of ssh, such as public key authentication and compression. -.Nm -connects and logs into the specified -.Ar host , -then enters an interactive command mode. .Pp -The second usage format will retrieve files automatically if a non-interactive +The +.Ar destination +may be specified either as +.Sm off +.Oo user @ Oc host Op : path +.Sm on +or as a URI in the form +.Sm off +.No sftp:// Oo user @ Oc host Oo : port Oc Op / path . +.Sm on +.Pp +If the +.Ar destination +includes a +.Ar path +and it is not a directory, +.Nm +will retrieve files automatically if a non-interactive authentication method is used; otherwise it will do so after successful interactive authentication. .Pp -The third usage format allows +If no +.Ar path +is specified, or if the +.Ar path +is a directory, .Nm -to start in a remote directory. -.Pp -The final usage format allows for automated sessions using the -.Fl b -option. -In such cases, it is necessary to configure non-interactive authentication -to obviate the need to enter a password at connection time (see -.Xr sshd 8 -and -.Xr ssh-keygen 1 -for details). +will log in to the specified +.Ar host +and enter interactive command mode, changing to the remote directory +if one was specified. +An optional trailing slash can be used to force the +.Ar path +to be interpreted as a directory. .Pp -Since some usage formats use colon characters to delimit host names from path -names, IPv6 addresses must be enclosed in square brackets to avoid ambiguity. +Since the destination formats use colon characters to delimit host +names from path names or port numbers, IPv6 addresses must be +enclosed in square brackets to avoid ambiguity. .Pp The options are as follows: .Bl -tag -width Ds @@ -121,7 +121,12 @@ Batch mode reads a series of commands from an input instead of .Em stdin . Since it lacks user interaction it should be used in conjunction with -non-interactive authentication. +non-interactive authentication to obviate the need to enter a password +at connection time (see +.Xr sshd 8 +and +.Xr ssh-keygen 1 +for details). A .Ar batchfile of @@ -189,6 +194,7 @@ For full details of the options listed below, and their possible values, see .It AddressFamily .It BatchMode .It BindAddress +.It BindInterface .It CanonicalDomains .It CanonicalizeFallbackLocal .It CanonicalizeHostname @@ -296,9 +302,12 @@ must be escaped with backslashes .It Ic bye Quit .Nm sftp . -.It Ic cd Ar path +.It Ic cd Op Ar path Change remote directory to .Ar path . +If +.Ar path +is not specified, then change directory to the one the session started in. .It Ic chgrp Ar grp Ar path Change group of file .Ar path @@ -402,9 +411,12 @@ Note that does not follow symbolic links when performing recursive transfers. .It Ic help Display help text. -.It Ic lcd Ar path +.It Ic lcd Op Ar path Change local directory to .Ar path . +If +.Ar path +is not specified, then change directory to the local user's home directory. .It Ic lls Op Ar ls-options Op Ar path Display local directory listing of either .Ar path diff --git a/sftp.c b/sftp.c index 67110f738f79..5ce864eeb0fe 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.180 2017/06/10 06:33:34 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.182 2017/11/03 03:46:52 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -217,8 +217,6 @@ static const struct CMD cmds[] = { { NULL, -1, -1 } }; -int interactive_loop(struct sftp_conn *, char *file1, char *file2); - /* ARGSUSED */ static void killchild(int signo) @@ -1288,7 +1286,7 @@ parse_args(const char **cpp, int *ignore_errors, int *aflag, char *cp2, **argv; int base = 0; long l; - int i, cmdnum, optidx, argc; + int path1_mandatory = 0, i, cmdnum, optidx, argc; /* Skip leading whitespace */ cp = cp + strspn(cp, WHITESPACE); @@ -1378,13 +1376,17 @@ parse_args(const char **cpp, int *ignore_errors, int *aflag, case I_RM: case I_MKDIR: case I_RMDIR: + case I_LMKDIR: + path1_mandatory = 1; + /* FALLTHROUGH */ case I_CHDIR: case I_LCHDIR: - case I_LMKDIR: if ((optidx = parse_no_flags(cmd, argv, argc)) == -1) return -1; /* Get pathname (mandatory) */ if (argc - optidx < 1) { + if (!path1_mandatory) + break; /* return a NULL path1 */ error("You must specify a path after a %s command.", cmd); return -1; @@ -1469,7 +1471,7 @@ parse_args(const char **cpp, int *ignore_errors, int *aflag, static int parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, - int err_abort) + const char *startdir, int err_abort) { char *path1, *path2, *tmp; int ignore_errors = 0, aflag = 0, fflag = 0, hflag = 0, @@ -1549,6 +1551,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, err = do_rmdir(conn, path1); break; case I_CHDIR: + if (path1 == NULL || *path1 == '\0') + path1 = xstrdup(startdir); path1 = make_absolute(path1, *pwd); if ((tmp = do_realpath(conn, path1)) == NULL) { err = 1; @@ -1597,6 +1601,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, err = do_df(conn, path1, hflag, iflag); break; case I_LCHDIR: + if (path1 == NULL || *path1 == '\0') + path1 = xstrdup("~"); tmp = tilde_expand_filename(path1, getuid()); free(path1); path1 = tmp; @@ -2083,11 +2089,11 @@ complete(EditLine *el, int ch) } #endif /* USE_LIBEDIT */ -int +static int interactive_loop(struct sftp_conn *conn, char *file1, char *file2) { char *remote_path; - char *dir = NULL; + char *dir = NULL, *startdir = NULL; char cmd[2048]; int err, interactive; EditLine *el = NULL; @@ -2131,6 +2137,7 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) remote_path = do_realpath(conn, "."); if (remote_path == NULL) fatal("Need cwd"); + startdir = xstrdup(remote_path); if (file1 != NULL) { dir = xstrdup(file1); @@ -2141,8 +2148,9 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) mprintf("Changing to: %s\n", dir); snprintf(cmd, sizeof cmd, "cd \"%s\"", dir); if (parse_dispatch_command(conn, cmd, - &remote_path, 1) != 0) { + &remote_path, startdir, 1) != 0) { free(dir); + free(startdir); free(remote_path); free(conn); return (-1); @@ -2154,8 +2162,9 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) file2 == NULL ? "" : " ", file2 == NULL ? "" : file2); err = parse_dispatch_command(conn, cmd, - &remote_path, 1); + &remote_path, startdir, 1); free(dir); + free(startdir); free(remote_path); free(conn); return (err); @@ -2214,11 +2223,12 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) signal(SIGINT, cmd_interrupt); err = parse_dispatch_command(conn, cmd, &remote_path, - batchmode); + startdir, batchmode); if (err != 0) break; } free(remote_path); + free(startdir); free(conn); #ifdef USE_LIBEDIT @@ -2301,19 +2311,16 @@ usage(void) "[-i identity_file] [-l limit]\n" " [-o ssh_option] [-P port] [-R num_requests] " "[-S program]\n" - " [-s subsystem | sftp_server] host\n" - " %s [user@]host[:file ...]\n" - " %s [user@]host[:dir[/]]\n" - " %s -b batchfile [user@]host\n", - __progname, __progname, __progname, __progname); + " [-s subsystem | sftp_server] destination\n", + __progname); exit(1); } int main(int argc, char **argv) { - int in, out, ch, err; - char *host = NULL, *userhost, *cp, *file2 = NULL; + int in, out, ch, err, tmp, port = -1; + char *host = NULL, *user, *cp, *file2 = NULL; int debug_level = 0, sshver = 2; char *file1 = NULL, *sftp_server = NULL; char *ssh_program = _PATH_SSH_PROGRAM, *sftp_direct = NULL; @@ -2368,7 +2375,9 @@ main(int argc, char **argv) addargs(&args, "-%c", ch); break; case 'P': - addargs(&args, "-oPort %s", optarg); + port = a2port(optarg); + if (port <= 0) + fatal("Bad port \"%s\"\n", optarg); break; case 'v': if (debug_level < 3) { @@ -2451,33 +2460,38 @@ main(int argc, char **argv) if (sftp_direct == NULL) { if (optind == argc || argc > (optind + 2)) usage(); + argv += optind; - userhost = xstrdup(argv[optind]); - file2 = argv[optind+1]; - - if ((host = strrchr(userhost, '@')) == NULL) - host = userhost; - else { - *host++ = '\0'; - if (!userhost[0]) { - fprintf(stderr, "Missing username\n"); - usage(); + switch (parse_uri("sftp", *argv, &user, &host, &tmp, &file1)) { + case -1: + usage(); + break; + case 0: + if (tmp != -1) + port = tmp; + break; + default: + if (parse_user_host_path(*argv, &user, &host, + &file1) == -1) { + /* Treat as a plain hostname. */ + host = xstrdup(*argv); + host = cleanhostname(host); } - addargs(&args, "-l"); - addargs(&args, "%s", userhost); - } - - if ((cp = colon(host)) != NULL) { - *cp++ = '\0'; - file1 = cp; + break; } + file2 = *(argv + 1); - host = cleanhostname(host); if (!*host) { fprintf(stderr, "Missing hostname\n"); usage(); } + if (port != -1) + addargs(&args, "-oPort %d", port); + if (user != NULL) { + addargs(&args, "-l"); + addargs(&args, "%s", user); + } addargs(&args, "-oProtocol %d", sshver); /* no subsystem if the server-spec contains a '/' */ diff --git a/ssh-add.c b/ssh-add.c index 2afd483305cc..adcc459987eb 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.134 2017/08/29 09:42:29 dlg Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.135 2018/02/23 15:58:37 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -78,6 +78,7 @@ static char *default_files[] = { #endif #endif /* WITH_OPENSSL */ _PATH_SSH_CLIENT_ID_ED25519, + _PATH_SSH_CLIENT_ID_XMSS, NULL }; @@ -89,6 +90,10 @@ static int lifetime = 0; /* User has to confirm key use */ static int confirm = 0; +/* Maximum number of signatures (XMSS) */ +static u_int maxsign = 0; +static u_int minleft = 0; + /* we keep a cache of one passphrase */ static char *pass = NULL; static void @@ -190,7 +195,10 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag) char *comment = NULL; char msg[1024], *certpath = NULL; int r, fd, ret = -1; + size_t i; + u_int32_t left; struct sshbuf *keyblob; + struct ssh_identitylist *idlist; if (strcmp(filename, "-") == 0) { fd = STDIN_FILENO; @@ -268,8 +276,40 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag) comment = xstrdup(filename); sshbuf_free(keyblob); + /* For XMSS */ + if ((r = sshkey_set_filename(private, filename)) != 0) { + fprintf(stderr, "Could not add filename to private key: %s (%s)\n", + filename, comment); + goto out; + } + if (maxsign && minleft && + (r = ssh_fetch_identitylist(agent_fd, &idlist)) == 0) { + for (i = 0; i < idlist->nkeys; i++) { + if (!sshkey_equal_public(idlist->keys[i], private)) + continue; + left = sshkey_signatures_left(idlist->keys[i]); + if (left < minleft) { + fprintf(stderr, + "Only %d signatures left.\n", left); + break; + } + fprintf(stderr, "Skipping update: "); + if (left == minleft) { + fprintf(stderr, + "required signatures left (%d).\n", left); + } else { + fprintf(stderr, + "more signatures left (%d) than" + " required (%d).\n", left, minleft); + } + ssh_free_identitylist(idlist); + goto out; + } + ssh_free_identitylist(idlist); + } + if ((r = ssh_add_identity_constrained(agent_fd, private, comment, - lifetime, confirm)) == 0) { + lifetime, confirm, maxsign)) == 0) { fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); ret = 0; if (lifetime != 0) @@ -317,7 +357,7 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag) sshkey_free(cert); if ((r = ssh_add_identity_constrained(agent_fd, private, comment, - lifetime, confirm)) != 0) { + lifetime, confirm, maxsign)) != 0) { error("Certificate %s (%s) add failed: %s", certpath, private->cert->key_id, ssh_err(r)); goto out; @@ -368,6 +408,7 @@ list_identities(int agent_fd, int do_fp) char *fp; int r; struct ssh_identitylist *idlist; + u_int32_t left; size_t i; if ((r = ssh_fetch_identitylist(agent_fd, &idlist)) != 0) { @@ -392,7 +433,12 @@ list_identities(int agent_fd, int do_fp) ssh_err(r)); continue; } - fprintf(stdout, " %s\n", idlist->comments[i]); + fprintf(stdout, " %s", idlist->comments[i]); + left = sshkey_signatures_left(idlist->keys[i]); + if (left > 0) + fprintf(stdout, + " [signatures left %d]", left); + fprintf(stdout, "\n"); } } ssh_free_identitylist(idlist); @@ -454,6 +500,8 @@ usage(void) fprintf(stderr, " -L List public key parameters of all identities.\n"); fprintf(stderr, " -k Load only keys and not certificates.\n"); fprintf(stderr, " -c Require confirmation to sign using identities\n"); + fprintf(stderr, " -m minleft Maxsign is only changed if less than minleft are left (for XMSS)\n"); + fprintf(stderr, " -M maxsign Maximum number of signatures allowed (for XMSS)\n"); fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); fprintf(stderr, " -d Delete identity.\n"); fprintf(stderr, " -D Delete all identities.\n"); @@ -500,7 +548,7 @@ main(int argc, char **argv) exit(2); } - while ((ch = getopt(argc, argv, "klLcdDxXE:e:qs:t:")) != -1) { + while ((ch = getopt(argc, argv, "klLcdDxXE:e:M:m:qs:t:")) != -1) { switch (ch) { case 'E': fingerprint_hash = ssh_digest_alg_by_name(optarg); @@ -525,6 +573,22 @@ main(int argc, char **argv) case 'c': confirm = 1; break; + case 'm': + minleft = (int)strtonum(optarg, 1, UINT_MAX, NULL); + if (minleft == 0) { + usage(); + ret = 1; + goto done; + } + break; + case 'M': + maxsign = (int)strtonum(optarg, 1, UINT_MAX, NULL); + if (maxsign == 0) { + usage(); + ret = 1; + goto done; + } + break; case 'd': deleting = 1; break; diff --git a/ssh-agent.c b/ssh-agent.c index 0c6c3659217f..2a4578b03ef1 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.224 2017/07/24 04:34:28 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.228 2018/02/23 15:58:37 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -245,7 +245,8 @@ process_request_identities(SocketEntry *e) (r = sshbuf_put_u32(msg, idtab->nentries)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); TAILQ_FOREACH(id, &idtab->idlist, next) { - if ((r = sshkey_puts(id->key, msg)) != 0 || + if ((r = sshkey_puts_opts(id->key, msg, SSHKEY_SERIALIZE_INFO)) + != 0 || (r = sshbuf_put_cstring(msg, id->comment)) != 0) { error("%s: put key/comment: %s", __func__, ssh_err(r)); @@ -287,10 +288,11 @@ process_sign_request2(SocketEntry *e) fatal("%s: sshbuf_new failed", __func__); if ((r = sshkey_froms(e->request, &key)) != 0 || (r = sshbuf_get_string_direct(e->request, &data, &dlen)) != 0 || - (r = sshbuf_get_u32(e->request, &flags)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - if (flags & SSH_AGENT_OLD_SIGNATURE) - compat = SSH_BUG_SIGBLOB; + (r = sshbuf_get_u32(e->request, &flags)) != 0) { + error("%s: couldn't parse request: %s", __func__, ssh_err(r)); + goto send; + } + if ((id = lookup_identity(key)) == NULL) { verbose("%s: %s key not found", __func__, sshkey_type(key)); goto send; @@ -401,7 +403,7 @@ process_add_identity(SocketEntry *e) { Identity *id; int success = 0, confirm = 0; - u_int seconds; + u_int seconds, maxsign; char *comment = NULL; time_t death = 0; struct sshkey *k = NULL; @@ -432,6 +434,18 @@ process_add_identity(SocketEntry *e) case SSH_AGENT_CONSTRAIN_CONFIRM: confirm = 1; break; + case SSH_AGENT_CONSTRAIN_MAXSIGN: + if ((r = sshbuf_get_u32(e->request, &maxsign)) != 0) { + error("%s: bad maxsign constraint: %s", + __func__, ssh_err(r)); + goto err; + } + if ((r = sshkey_enable_maxsign(k, maxsign)) != 0) { + error("%s: cannot enable maxsign: %s", + __func__, ssh_err(r)); + goto err; + } + break; default: error("%s: Unknown constraint %d", __func__, ctype); err: @@ -447,14 +461,15 @@ process_add_identity(SocketEntry *e) death = monotime() + lifetime; if ((id = lookup_identity(k)) == NULL) { id = xcalloc(1, sizeof(Identity)); - id->key = k; TAILQ_INSERT_TAIL(&idtab->idlist, id, next); /* Increment the number of identities. */ idtab->nentries++; } else { - sshkey_free(k); + /* key state might have been updated */ + sshkey_free(id->key); free(id->comment); } + id->key = k; id->comment = comment; id->death = death; id->confirm = confirm; @@ -472,6 +487,11 @@ process_lock_agent(SocketEntry *e, int lock) static u_int fail_count = 0; size_t pwlen; + /* + * This is deliberately fatal: the user has requested that we lock, + * but we can't parse their request properly. The only safe thing to + * do is abort. + */ if ((r = sshbuf_get_cstring(e->request, &passwd, &pwlen)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (pwlen == 0) { @@ -529,7 +549,7 @@ no_identities(SocketEntry *e) static void process_add_smartcard_key(SocketEntry *e) { - char *provider = NULL, *pin, canonical_provider[PATH_MAX]; + char *provider = NULL, *pin = NULL, canonical_provider[PATH_MAX]; int r, i, count = 0, success = 0, confirm = 0; u_int seconds; time_t death = 0; @@ -538,17 +558,23 @@ process_add_smartcard_key(SocketEntry *e) Identity *id; if ((r = sshbuf_get_cstring(e->request, &provider, NULL)) != 0 || - (r = sshbuf_get_cstring(e->request, &pin, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + (r = sshbuf_get_cstring(e->request, &pin, NULL)) != 0) { + error("%s: buffer error: %s", __func__, ssh_err(r)); + goto send; + } while (sshbuf_len(e->request)) { - if ((r = sshbuf_get_u8(e->request, &type)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if ((r = sshbuf_get_u8(e->request, &type)) != 0) { + error("%s: buffer error: %s", __func__, ssh_err(r)); + goto send; + } switch (type) { case SSH_AGENT_CONSTRAIN_LIFETIME: - if ((r = sshbuf_get_u32(e->request, &seconds)) != 0) - fatal("%s: buffer error: %s", + if ((r = sshbuf_get_u32(e->request, &seconds)) != 0) { + error("%s: buffer error: %s", __func__, ssh_err(r)); + goto send; + } death = monotime() + seconds; break; case SSH_AGENT_CONSTRAIN_CONFIRM: @@ -606,8 +632,10 @@ process_remove_smartcard_key(SocketEntry *e) Identity *id, *nxt; if ((r = sshbuf_get_cstring(e->request, &provider, NULL)) != 0 || - (r = sshbuf_get_cstring(e->request, &pin, NULL)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + (r = sshbuf_get_cstring(e->request, &pin, NULL)) != 0) { + error("%s: buffer error: %s", __func__, ssh_err(r)); + goto send; + } free(pin); if (realpath(provider, canonical_provider) == NULL) { diff --git a/ssh-dss.c b/ssh-dss.c index 7af59fa6e19c..9f832ee2b286 100644 --- a/ssh-dss.c +++ b/ssh-dss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-dss.c,v 1.35 2016/04/21 06:08:02 djm Exp $ */ +/* $OpenBSD: ssh-dss.c,v 1.37 2018/02/07 02:06:51 jsing Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -86,42 +86,28 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen); - if (compat & SSH_BUG_SIGBLOB) { - if (sigp != NULL) { - if ((*sigp = malloc(SIGBLOB_LEN)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(*sigp, sigblob, SIGBLOB_LEN); - } - if (lenp != NULL) - *lenp = SIGBLOB_LEN; - ret = 0; - } else { - /* ietf-drafts */ - if ((b = sshbuf_new()) == NULL) { + if ((b = sshbuf_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 || + (ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0) + goto out; + + len = sshbuf_len(b); + if (sigp != NULL) { + if ((*sigp = malloc(len)) == NULL) { ret = SSH_ERR_ALLOC_FAIL; goto out; } - if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 || - (ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0) - goto out; - len = sshbuf_len(b); - if (sigp != NULL) { - if ((*sigp = malloc(len)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - memcpy(*sigp, sshbuf_ptr(b), len); - } - if (lenp != NULL) - *lenp = len; - ret = 0; + memcpy(*sigp, sshbuf_ptr(b), len); } + if (lenp != NULL) + *lenp = len; + ret = 0; out: explicit_bzero(digest, sizeof(digest)); - if (sig != NULL) - DSA_SIG_free(sig); + DSA_SIG_free(sig); sshbuf_free(b); return ret; } @@ -146,28 +132,20 @@ ssh_dss_verify(const struct sshkey *key, return SSH_ERR_INTERNAL_ERROR; /* fetch signature */ - if (compat & SSH_BUG_SIGBLOB) { - if ((sigblob = malloc(signaturelen)) == NULL) - return SSH_ERR_ALLOC_FAIL; - memcpy(sigblob, signature, signaturelen); - len = signaturelen; - } else { - /* ietf-drafts */ - if ((b = sshbuf_from(signature, signaturelen)) == NULL) - return SSH_ERR_ALLOC_FAIL; - if (sshbuf_get_cstring(b, &ktype, NULL) != 0 || - sshbuf_get_string(b, &sigblob, &len) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } - if (strcmp("ssh-dss", ktype) != 0) { - ret = SSH_ERR_KEY_TYPE_MISMATCH; - goto out; - } - if (sshbuf_len(b) != 0) { - ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; - goto out; - } + if ((b = sshbuf_from(signature, signaturelen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (sshbuf_get_cstring(b, &ktype, NULL) != 0 || + sshbuf_get_string(b, &sigblob, &len) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (strcmp("ssh-dss", ktype) != 0) { + ret = SSH_ERR_KEY_TYPE_MISMATCH; + goto out; + } + if (sshbuf_len(b) != 0) { + ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; + goto out; } if (len != SIGBLOB_LEN) { @@ -207,8 +185,7 @@ ssh_dss_verify(const struct sshkey *key, out: explicit_bzero(digest, sizeof(digest)); - if (sig != NULL) - DSA_SIG_free(sig); + DSA_SIG_free(sig); sshbuf_free(b); free(ktype); if (sigblob != NULL) { diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c index d7bf3c69b006..3d3b78d7b42e 100644 --- a/ssh-ecdsa.c +++ b/ssh-ecdsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-ecdsa.c,v 1.13 2016/04/21 06:08:02 djm Exp $ */ +/* $OpenBSD: ssh-ecdsa.c,v 1.14 2018/02/07 02:06:51 jsing Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -101,8 +101,7 @@ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, explicit_bzero(digest, sizeof(digest)); sshbuf_free(b); sshbuf_free(bb); - if (sig != NULL) - ECDSA_SIG_free(sig); + ECDSA_SIG_free(sig); return ret; } @@ -180,8 +179,7 @@ ssh_ecdsa_verify(const struct sshkey *key, explicit_bzero(digest, sizeof(digest)); sshbuf_free(sigbuf); sshbuf_free(b); - if (sig != NULL) - ECDSA_SIG_free(sig); + ECDSA_SIG_free(sig); free(ktype); return ret; } diff --git a/ssh-keygen.0 b/ssh-keygen.0 index fb2c02fe7f90..417e8382b680 100644 --- a/ssh-keygen.0 +++ b/ssh-keygen.0 @@ -226,8 +226,10 @@ DESCRIPTION -O option Specify a certificate option when signing a key. This option may be specified multiple times. See also the CERTIFICATES section - for further details. The options that are valid for user - certificates are: + for further details. + + At present, no standard options are valid for host keys. The + options that are valid for user certificates are: clear Clear all enabled permissions. This is useful for clearing the default set of permissions so permissions @@ -246,8 +248,6 @@ DESCRIPTION unknown critical options will cause the certificate to be refused. - At present, no standard options are valid for host keys. - force-command=command Forces the execution of command instead of any shell or command specified by the user when the certificate is @@ -280,7 +280,7 @@ DESCRIPTION permit-user-rc Allows execution of ~/.ssh/rc by sshd(8). - permit-x11-forwarding + permit-X11-forwarding Allows X11 forwarding. source-address=address_list @@ -349,19 +349,26 @@ DESCRIPTION validity interval may consist of a single time, indicating that the certificate is valid beginning now and expiring at that time, or may consist of two times separated by a colon to indicate an - explicit time interval. The start time may be specified as a - date in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a - relative time (to the current time) consisting of a minus sign - followed by a relative time in the format described in the TIME - FORMATS section of sshd_config(5). The end time may be specified - as a YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time - starting with a plus character. + explicit time interval. + + The start time may be specified as the string M-bM-^@M-^\alwaysM-bM-^@M-^] to + indicate the certificate has no specified start time, a date in + YYYYMMDD format, a time in YYYYMMDDHHMM[SS] format, a relative + time (to the current time) consisting of a minus sign followed by + an interval in the format described in the TIME FORMATS section + of sshd_config(5). + + The end time may be specified as a YYYYMMDD date, a + YYYYMMDDHHMM[SS] time, a relative time starting with a plus + character or the string M-bM-^@M-^\foreverM-bM-^@M-^] to indicate that the + certificate has no expirty date. For example: M-bM-^@M-^\+52w1dM-bM-^@M-^] (valid from now to 52 weeks and one day from now), M-bM-^@M-^\-4w:+4wM-bM-^@M-^] (valid from four weeks ago to four weeks from now), M-bM-^@M-^\20100101123000:20110101123000M-bM-^@M-^] (valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011), M-bM-^@M-^\-1d:20110101M-bM-^@M-^] (valid from yesterday to midnight, January 1st, 2011). + M-bM-^@M-^\-1m:foreverM-bM-^@M-^] (valid from one minute ago and never expiring). -v Verbose mode. Causes ssh-keygen to print debugging messages about its progress. This is helpful for debugging moduli @@ -570,4 +577,4 @@ AUTHORS created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 6.2 July 8, 2017 OpenBSD 6.2 +OpenBSD 6.2 March 12, 2018 OpenBSD 6.2 diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 5f1ec09b07a2..3525d7d17567 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.144 2017/07/08 18:32:54 jmc Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.147 2018/03/12 00:52:01 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 8 2017 $ +.Dd $Mdocdate: March 12 2018 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -425,6 +425,8 @@ This option may be specified multiple times. See also the .Sx CERTIFICATES section for further details. +.Pp +At present, no standard options are valid for host keys. The options that are valid for user certificates are: .Pp .Bl -tag -width Ds -compact @@ -448,8 +450,6 @@ contents (usually indicating a flag). Extensions may be ignored by a client or server that does not recognise them, whereas unknown critical options will cause the certificate to be refused. .Pp -At present, no standard options are valid for host keys. -.Pp .It Ic force-command Ns = Ns Ar command Forces the execution of .Ar command @@ -494,7 +494,7 @@ Allows execution of by .Xr sshd 8 . .Pp -.It Ic permit-x11-forwarding +.It Ic permit-X11-forwarding Allows X11 forwarding. .Pp .It Ic source-address Ns = Ns Ar address_list @@ -584,13 +584,20 @@ Specify a validity interval when signing a certificate. A validity interval may consist of a single time, indicating that the certificate is valid beginning now and expiring at that time, or may consist of two times separated by a colon to indicate an explicit time interval. -The start time may be specified as a date in YYYYMMDD format, a time -in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting -of a minus sign followed by a relative time in the format described in the +.Pp +The start time may be specified as the string +.Dq always +to indicate the certificate has no specified start time, +a date in YYYYMMDD format, a time in YYYYMMDDHHMM[SS] format, +a relative time (to the current time) consisting of a minus sign followed by +an interval in the format described in the TIME FORMATS section of .Xr sshd_config 5 . -The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or -a relative time starting with a plus character. +.Pp +The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMM[SS] time, +a relative time starting with a plus character or the string +.Dq forever +to indicate that the certificate has no expirty date. .Pp For example: .Dq +52w1d @@ -601,6 +608,8 @@ For example: (valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011), .Dq -1d:20110101 (valid from yesterday to midnight, January 1st, 2011). +.Dq -1m:forever +(valid from one minute ago and never expiring). .It Fl v Verbose mode. Causes diff --git a/ssh-keygen.c b/ssh-keygen.c index 835f7d0169ba..9aac64fc3b14 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.307 2017/07/07 03:53:12 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.314 2018/03/12 00:52:01 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -275,6 +275,10 @@ ask_filename(struct passwd *pw, const char *prompt) case KEY_ED25519_CERT: name = _PATH_SSH_CLIENT_ID_ED25519; break; + case KEY_XMSS: + case KEY_XMSS_CERT: + name = _PATH_SSH_CLIENT_ID_XMSS; + break; default: fatal("bad key type"); } @@ -377,13 +381,6 @@ do_convert_to_pem(struct sshkey *k) if (!PEM_write_RSAPublicKey(stdout, k->rsa)) fatal("PEM_write_RSAPublicKey failed"); break; -#if notyet /* OpenSSH 0.9.8 lacks this function */ - case KEY_DSA: - if (!PEM_write_DSAPublicKey(stdout, k->dsa)) - fatal("PEM_write_DSAPublicKey failed"); - break; -#endif - /* XXX ECDSA? */ default: fatal("%s: unsupported key type %s", __func__, sshkey_type(k)); } @@ -539,7 +536,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) /* try the key */ if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 || - sshkey_verify(key, sig, slen, data, sizeof(data), 0) != 0) { + sshkey_verify(key, sig, slen, data, sizeof(data), NULL, 0) != 0) { sshkey_free(key); free(sig); return NULL; @@ -671,9 +668,6 @@ do_convert_from_pem(struct sshkey **k, int *private) { FILE *fp; RSA *rsa; -#ifdef notyet - DSA *dsa; -#endif if ((fp = fopen(identity_file, "r")) == NULL) fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); @@ -685,18 +679,6 @@ do_convert_from_pem(struct sshkey **k, int *private) fclose(fp); return; } -#if notyet /* OpenSSH 0.9.8 lacks this function */ - rewind(fp); - if ((dsa = PEM_read_DSAPublicKey(fp, NULL, NULL, NULL)) != NULL) { - if ((*k = sshkey_new(KEY_UNSPEC)) == NULL) - fatal("sshkey_new failed"); - (*k)->type = KEY_DSA; - (*k)->dsa = dsa; - fclose(fp); - return; - } - /* XXX ECDSA */ -#endif fatal("%s: unrecognised raw private key format", __func__); } @@ -991,6 +973,9 @@ do_gen_all_hostkeys(struct passwd *pw) #endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ { "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE }, +#ifdef WITH_XMSS + { "xmss", "XMSS",_PATH_HOST_XMSS_KEY_FILE }, +#endif /* WITH_XMSS */ { NULL, NULL, NULL } }; @@ -1477,7 +1462,8 @@ do_change_comment(struct passwd *pw) } } - if (private->type != KEY_ED25519 && !use_new_format) { + if (private->type != KEY_ED25519 && private->type != KEY_XMSS && + !use_new_format) { error("Comments are only supported for keys stored in " "the new format (-o)."); explicit_bzero(passphrase, strlen(passphrase)); @@ -1719,13 +1705,16 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) } free(otmp); } + if (n > SSHKEY_CERT_MAX_PRINCIPALS) + fatal("Too many certificate principals specified"); tmp = tilde_expand_filename(argv[i], pw->pw_uid); if ((r = sshkey_load_public(tmp, &public, &comment)) != 0) fatal("%s: unable to open \"%s\": %s", __func__, tmp, ssh_err(r)); if (public->type != KEY_RSA && public->type != KEY_DSA && - public->type != KEY_ECDSA && public->type != KEY_ED25519) + public->type != KEY_ECDSA && public->type != KEY_ED25519 && + public->type != KEY_XMSS) fatal("%s: key \"%s\" type %s cannot be certified", __func__, tmp, sshkey_type(public)); @@ -1809,40 +1798,6 @@ parse_relative_time(const char *s, time_t now) return now + (u_int64_t)(secs * mul); } -static u_int64_t -parse_absolute_time(const char *s) -{ - struct tm tm; - time_t tt; - char buf[32], *fmt; - - /* - * POSIX strptime says "The application shall ensure that there - * is white-space or other non-alphanumeric characters between - * any two conversion specifications" so arrange things this way. - */ - switch (strlen(s)) { - case 8: - fmt = "%Y-%m-%d"; - snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2s", s, s + 4, s + 6); - break; - case 14: - fmt = "%Y-%m-%dT%H:%M:%S"; - snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2sT%.2s:%.2s:%.2s", - s, s + 4, s + 6, s + 8, s + 10, s + 12); - break; - default: - fatal("Invalid certificate time format %s", s); - } - - memset(&tm, 0, sizeof(tm)); - if (strptime(buf, fmt, &tm) == NULL) - fatal("Invalid certificate time %s", s); - if ((tt = mktime(&tm)) < 0) - fatal("Certificate time %s cannot be represented", s); - return (u_int64_t)tt; -} - static void parse_cert_times(char *timespec) { @@ -1865,8 +1820,8 @@ parse_cert_times(char *timespec) /* * from:to, where - * from := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS - * to := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS + * from := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | "always" + * to := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | "forever" */ from = xstrdup(timespec); to = strchr(from, ':'); @@ -1876,13 +1831,17 @@ parse_cert_times(char *timespec) if (*from == '-' || *from == '+') cert_valid_from = parse_relative_time(from, now); - else - cert_valid_from = parse_absolute_time(from); + else if (strcmp(from, "always") == 0) + cert_valid_from = 0; + else if (parse_absolute_time(from, &cert_valid_from) != 0) + fatal("Invalid from time \"%s\"", from); if (*to == '-' || *to == '+') cert_valid_to = parse_relative_time(to, now); - else - cert_valid_to = parse_absolute_time(to); + else if (strcmp(to, "forever") == 0) + cert_valid_to = ~(u_int64_t)0; + else if (parse_absolute_time(to, &cert_valid_to) != 0) + fatal("Invalid to time \"%s\"", to); if (cert_valid_to <= cert_valid_from) fatal("Empty certificate validity interval"); @@ -2421,7 +2380,7 @@ main(int argc, char **argv) gen_all_hostkeys = 1; break; case 'b': - bits = (u_int32_t)strtonum(optarg, 256, 32768, &errstr); + bits = (u_int32_t)strtonum(optarg, 10, 32768, &errstr); if (errstr) fatal("Bits has bad value %s (%s)", optarg, errstr); @@ -2699,6 +2658,8 @@ main(int argc, char **argv) _PATH_HOST_ECDSA_KEY_FILE, rr_hostname); n += do_print_resource_record(pw, _PATH_HOST_ED25519_KEY_FILE, rr_hostname); + n += do_print_resource_record(pw, + _PATH_HOST_XMSS_KEY_FILE, rr_hostname); if (n == 0) fatal("no keys found."); exit(0); @@ -2859,7 +2820,8 @@ passphrase_again: if ((r = sshkey_write(public, f)) != 0) error("write key failed: %s", ssh_err(r)); fprintf(f, " %s\n", comment); - fclose(f); + if (ferror(f) || fclose(f) != 0) + fatal("write public failed: %s", strerror(errno)); if (!quiet) { fp = sshkey_fingerprint(public, fingerprint_hash, diff --git a/ssh-keyscan.0 b/ssh-keyscan.0 index 1a9751ef14a4..c0278ee0aacd 100644 --- a/ssh-keyscan.0 +++ b/ssh-keyscan.0 @@ -1,62 +1,66 @@ SSH-KEYSCAN(1) General Commands Manual SSH-KEYSCAN(1) NAME - ssh-keyscan M-bM-^@M-^S gather ssh public keys + ssh-keyscan M-bM-^@M-^S gather SSH public keys SYNOPSIS - ssh-keyscan [-46cHv] [-f file] [-p port] [-T timeout] [-t type] - [host | addrlist namelist] ... + ssh-keyscan [-46cDHv] [-f file] [-p port] [-T timeout] [-t type] + [host | addrlist namelist] DESCRIPTION - ssh-keyscan is a utility for gathering the public ssh host keys of a + ssh-keyscan is a utility for gathering the public SSH host keys of a number of hosts. It was designed to aid in building and verifying - ssh_known_hosts files. ssh-keyscan provides a minimal interface suitable - for use by shell and perl scripts. + ssh_known_hosts files, the format of which is documented in sshd(8). + ssh-keyscan provides a minimal interface suitable for use by shell and + perl scripts. ssh-keyscan uses non-blocking socket I/O to contact as many hosts as possible in parallel, so it is very efficient. The keys from a domain of 1,000 hosts can be collected in tens of seconds, even when some of those - hosts are down or do not run ssh. For scanning, one does not need login - access to the machines that are being scanned, nor does the scanning - process involve any encryption. + hosts are down or do not run sshd(8). For scanning, one does not need + login access to the machines that are being scanned, nor does the + scanning process involve any encryption. The options are as follows: - -4 Forces ssh-keyscan to use IPv4 addresses only. + -4 Force ssh-keyscan to use IPv4 addresses only. - -6 Forces ssh-keyscan to use IPv6 addresses only. + -6 Force ssh-keyscan to use IPv6 addresses only. -c Request certificates from target hosts instead of plain keys. + -D Print keys found as SSHFP DNS records. The default is to print + keys in a format usable as a ssh(1) known_hosts file. + -f file Read hosts or M-bM-^@M-^\addrlist namelistM-bM-^@M-^] pairs from file, one per line. - If - is supplied instead of a filename, ssh-keyscan will read - hosts or M-bM-^@M-^\addrlist namelistM-bM-^@M-^] pairs from the standard input. + If M-bM-^@M-^X-M-bM-^@M-^Y is supplied instead of a filename, ssh-keyscan will read + from the standard input. Input is expected in the format: + + 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 -H Hash all hostnames and addresses in the output. Hashed names may - be used normally by ssh and sshd, but they do not reveal + be used normally by ssh(1) and sshd(8), but they do not reveal identifying information should the file's contents be disclosed. -p port - Port to connect to on the remote host. + Connect to port on the remote host. -T timeout Set the timeout for connection attempts. If timeout seconds have elapsed since a connection was initiated to a host or since the - last time anything was read from that host, then the connection - is closed and the host in question considered unavailable. - Default is 5 seconds. + last time anything was read from that host, the connection is + closed and the host in question considered unavailable. The + default is 5 seconds. -t type - Specifies the type of the key to fetch from the scanned hosts. - The possible values are M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or M-bM-^@M-^\rsaM-bM-^@M-^]. + Specify the type of the key to fetch from the scanned hosts. The + possible values are M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or M-bM-^@M-^\rsaM-bM-^@M-^]. Multiple values may be specified by separating them with commas. The default is to fetch M-bM-^@M-^\rsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], and M-bM-^@M-^\ed25519M-bM-^@M-^] keys. - -v Verbose mode. Causes ssh-keyscan to print debugging messages - about its progress. + -v Verbose mode: print debugging messages about progress. -SECURITY If an ssh_known_hosts file is constructed using ssh-keyscan without verifying the keys, users will be vulnerable to man in the middle attacks. On the other hand, if the security model allows such a risk, @@ -65,42 +69,28 @@ SECURITY created. FILES - Input format: - - 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 - - Output format for RSA, DSA, ECDSA, and Ed25519 keys: - - host-or-namelist keytype base64-encoded-key - - Where keytype is either M-bM-^@M-^\ecdsa-sha2-nistp256M-bM-^@M-^], M-bM-^@M-^\ecdsa-sha2-nistp384M-bM-^@M-^], - M-bM-^@M-^\ecdsa-sha2-nistp521M-bM-^@M-^], M-bM-^@M-^\ssh-ed25519M-bM-^@M-^], M-bM-^@M-^\ssh-dssM-bM-^@M-^] or M-bM-^@M-^\ssh-rsaM-bM-^@M-^]. - /etc/ssh/ssh_known_hosts EXAMPLES - Print the rsa host key for machine hostname: + Print the RSA host key for machine hostname: - $ ssh-keyscan hostname + $ ssh-keyscan -t rsa hostname Find all hosts from the file ssh_hosts which have new or different keys from those in the sorted file ssh_known_hosts: - $ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \ - sort -u - ssh_known_hosts | diff ssh_known_hosts - + $ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \ + sort -u - ssh_known_hosts | diff ssh_known_hosts - SEE ALSO ssh(1), sshd(8) + Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints, RFC + 4255, 2006. + AUTHORS David Mazieres wrote the initial version, and Wayne Davison added support for protocol version 2. -BUGS - It generates "Connection closed by remote host" messages on the consoles - of all the machines it scans if the server is older than version 2.9. - This is because it opens a connection to the ssh port, reads the public - key, and drops the connection as soon as it gets the key. - -OpenBSD 6.2 May 2, 2017 OpenBSD 6.2 +OpenBSD 6.2 March 5, 2018 OpenBSD 6.2 diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index aa4a2ae838a0..f3d7a4078f53 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.40 2017/05/02 17:04:09 jmc Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.44 2018/03/05 07:03:18 jmc Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres . .\" @@ -6,30 +6,29 @@ .\" permitted provided that due credit is given to the author and the .\" OpenBSD project by leaving this copyright notice intact. .\" -.Dd $Mdocdate: May 2 2017 $ +.Dd $Mdocdate: March 5 2018 $ .Dt SSH-KEYSCAN 1 .Os .Sh NAME .Nm ssh-keyscan -.Nd gather ssh public keys +.Nd gather SSH public keys .Sh SYNOPSIS .Nm ssh-keyscan -.Bk -words -.Op Fl 46cHv +.Op Fl 46cDHv .Op Fl f Ar file .Op Fl p Ar port .Op Fl T Ar timeout .Op Fl t Ar type .Op Ar host | addrlist namelist -.Ar ... -.Ek .Sh DESCRIPTION .Nm -is a utility for gathering the public ssh host keys of a number of +is a utility for gathering the public SSH host keys of a number of hosts. It was designed to aid in building and verifying .Pa ssh_known_hosts -files. +files, +the format of which is documented in +.Xr sshd 8 . .Nm provides a minimal interface suitable for use by shell and perl scripts. @@ -39,7 +38,8 @@ uses non-blocking socket I/O to contact as many hosts as possible in parallel, so it is very efficient. The keys from a domain of 1,000 hosts can be collected in tens of seconds, even when some of those -hosts are down or do not run ssh. +hosts are down or do not run +.Xr sshd 8 . For scanning, one does not need login access to the machines that are being scanned, nor does the scanning process involve any encryption. @@ -47,15 +47,21 @@ scanning process involve any encryption. The options are as follows: .Bl -tag -width Ds .It Fl 4 -Forces +Force .Nm to use IPv4 addresses only. .It Fl 6 -Forces +Force .Nm to use IPv6 addresses only. .It Fl c Request certificates from target hosts instead of plain keys. +.It Fl D +Print keys found as SSHFP DNS records. +The default is to print keys in a format usable as a +.Xr ssh 1 +.Pa known_hosts +file. .It Fl f Ar file Read hosts or .Dq addrlist namelist @@ -63,32 +69,36 @@ pairs from .Ar file , one per line. If -.Pa - +.Sq - is supplied instead of a filename, .Nm -will read hosts or -.Dq addrlist namelist -pairs from the standard input. +will read from the standard input. +Input is expected in the format: +.Bd -literal +1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 +.Ed .It Fl H Hash all hostnames and addresses in the output. Hashed names may be used normally by -.Nm ssh +.Xr ssh 1 and -.Nm sshd , +.Xr sshd 8 , but they do not reveal identifying information should the file's contents be disclosed. .It Fl p Ar port -Port to connect to on the remote host. +Connect to +.Ar port +on the remote host. .It Fl T Ar timeout Set the timeout for connection attempts. If .Ar timeout seconds have elapsed since a connection was initiated to a host or since the -last time anything was read from that host, then the connection is +last time anything was read from that host, the connection is closed and the host in question considered unavailable. -Default is 5 seconds. +The default is 5 seconds. .It Fl t Ar type -Specifies the type of the key to fetch from the scanned hosts. +Specify the type of the key to fetch from the scanned hosts. The possible values are .Dq dsa , .Dq ecdsa , @@ -103,12 +113,10 @@ and .Dq ed25519 keys. .It Fl v -Verbose mode. -Causes -.Nm -to print debugging messages about its progress. +Verbose mode: +print debugging messages about progress. .El -.Sh SECURITY +.Pp If an ssh_known_hosts file is constructed using .Nm without verifying the keys, users will be vulnerable to @@ -119,54 +127,32 @@ On the other hand, if the security model allows such a risk, can help in the detection of tampered keyfiles or man in the middle attacks which have begun after the ssh_known_hosts file was created. .Sh FILES -Input format: -.Bd -literal -1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 -.Ed -.Pp -Output format for RSA, DSA, ECDSA, and Ed25519 keys: -.Bd -literal -host-or-namelist keytype base64-encoded-key -.Ed -.Pp -Where -.Ar keytype -is either -.Dq ecdsa-sha2-nistp256 , -.Dq ecdsa-sha2-nistp384 , -.Dq ecdsa-sha2-nistp521 , -.Dq ssh-ed25519 , -.Dq ssh-dss -or -.Dq ssh-rsa . -.Pp .Pa /etc/ssh/ssh_known_hosts .Sh EXAMPLES -Print the rsa host key for machine +Print the RSA host key for machine .Ar hostname : -.Bd -literal -$ ssh-keyscan hostname -.Ed +.Pp +.Dl $ ssh-keyscan -t rsa hostname .Pp Find all hosts from the file .Pa ssh_hosts which have new or different keys from those in the sorted file .Pa ssh_known_hosts : -.Bd -literal +.Bd -literal -offset indent $ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \e sort -u - ssh_known_hosts | diff ssh_known_hosts - .Ed .Sh SEE ALSO .Xr ssh 1 , .Xr sshd 8 +.Rs +.%D 2006 +.%R RFC 4255 +.%T Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints +.Re .Sh AUTHORS .An -nosplit .An David Mazieres Aq Mt dm@lcs.mit.edu wrote the initial version, and .An Wayne Davison Aq Mt wayned@users.sourceforge.net added support for protocol version 2. -.Sh BUGS -It generates "Connection closed by remote host" messages on the consoles -of all the machines it scans if the server is older than version 2.9. -This is because it opens a connection to the ssh port, reads the public -key, and drops the connection as soon as it gets the key. diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 258123ae80a8..381fb0844da7 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.115 2017/06/30 04:17:23 dtucker Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.119 2018/03/02 21:40:15 jmc Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -46,6 +46,7 @@ #include "hostfile.h" #include "ssherr.h" #include "ssh_api.h" +#include "dns.h" /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. Default value is AF_UNSPEC means both IPv4 and IPv6. */ @@ -57,15 +58,18 @@ int ssh_port = SSH_DEFAULT_PORT; #define KT_RSA (1<<1) #define KT_ECDSA (1<<2) #define KT_ED25519 (1<<3) +#define KT_XMSS (1<<4) #define KT_MIN KT_DSA -#define KT_MAX KT_ED25519 +#define KT_MAX KT_XMSS int get_cert = 0; int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; int hash_hosts = 0; /* Hash hostname on output */ +int print_sshfp = 0; /* Print SSHFP records instead of known_hosts */ + #define MAXMAXFD 256 /* The number of seconds after which to give up on a TCP connection */ @@ -235,6 +239,10 @@ keygrab_ssh2(con *c) myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? "ssh-ed25519-cert-v01@openssh.com" : "ssh-ed25519"; break; + case KT_XMSS: + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? + "ssh-xmss-cert-v01@openssh.com" : "ssh-xmss@openssh.com"; + break; case KT_ECDSA: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? "ecdsa-sha2-nistp256-cert-v01@openssh.com," @@ -280,6 +288,11 @@ keyprint_one(const char *host, struct sshkey *key) char *hostport; const char *known_host, *hashed; + if (print_sshfp) { + export_dns_rr(host, key, stdout, 0); + return; + } + hostport = put_host_port(host, ssh_port); lowercase(hostport); if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL) @@ -377,7 +390,7 @@ conalloc(char *iname, char *oname, int keytype) fdcon[s].c_len = 4; fdcon[s].c_off = 0; fdcon[s].c_keytype = keytype; - gettimeofday(&fdcon[s].c_tv, NULL); + monotime_tv(&fdcon[s].c_tv); fdcon[s].c_tv.tv_sec += timeout; TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link); FD_SET(s, read_wait); @@ -411,7 +424,7 @@ static void contouch(int s) { TAILQ_REMOVE(&tq, &fdcon[s], c_link); - gettimeofday(&fdcon[s].c_tv, NULL); + monotime_tv(&fdcon[s].c_tv); fdcon[s].c_tv.tv_sec += timeout; TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link); } @@ -497,7 +510,8 @@ congreet(int s) confree(s); return; } - fprintf(stderr, "# %s:%d %s\n", c->c_name, ssh_port, chop(buf)); + fprintf(stderr, "%c %s:%d %s\n", print_sshfp ? ';' : '#', + c->c_name, ssh_port, chop(buf)); keygrab_ssh2(c); confree(s); } @@ -545,7 +559,7 @@ conloop(void) con *c; int i; - gettimeofday(&now, NULL); + monotime_tv(&now); c = TAILQ_FIRST(&tq); if (c && (c->c_tv.tv_sec > now.tv_sec || @@ -621,8 +635,8 @@ static void usage(void) { fprintf(stderr, - "usage: %s [-46cHv] [-f file] [-p port] [-T timeout] [-t type]\n" - "\t\t [host | addrlist namelist] ...\n", + "usage: %s [-46cDHv] [-f file] [-p port] [-T timeout] [-t type]\n" + "\t\t [host | addrlist namelist]\n", __progname); exit(1); } @@ -650,7 +664,7 @@ main(int argc, char **argv) if (argc <= 1) usage(); - while ((opt = getopt(argc, argv, "cHv46p:T:t:f:")) != -1) { + while ((opt = getopt(argc, argv, "cDHv46p:T:t:f:")) != -1) { switch (opt) { case 'H': hash_hosts = 1; @@ -658,6 +672,9 @@ main(int argc, char **argv) case 'c': get_cert = 1; break; + case 'D': + print_sshfp = 1; + break; case 'p': ssh_port = a2port(optarg); if (ssh_port <= 0) { @@ -706,6 +723,9 @@ main(int argc, char **argv) case KEY_ED25519: get_keytypes |= KT_ED25519; break; + case KEY_XMSS: + get_keytypes |= KT_XMSS; + break; case KEY_UNSPEC: default: fatal("Unknown key type \"%s\"", tname); diff --git a/ssh-keysign.c b/ssh-keysign.c index ac5034de860f..78bb66b08f7b 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.52 2016/02/15 09:47:49 dtucker Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.54 2018/02/23 15:58:38 markus Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -158,7 +158,7 @@ valid_request(struct passwd *pw, char *host, struct sshkey **ret, debug3("%s: fail %d", __func__, fail); - if (fail && key != NULL) + if (fail) sshkey_free(key); else if (ret != NULL) *ret = key; @@ -171,7 +171,7 @@ main(int argc, char **argv) { struct sshbuf *b; Options options; -#define NUM_KEYTYPES 4 +#define NUM_KEYTYPES 5 struct sshkey *keys[NUM_KEYTYPES], *key = NULL; struct passwd *pw; int r, key_fd[NUM_KEYTYPES], i, found, version = 2, fd; @@ -198,6 +198,7 @@ main(int argc, char **argv) key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY); + key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); original_real_uid = getuid(); /* XXX readconf.c needs this */ diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c index a79c872101fb..fc75828278fb 100644 --- a/ssh-pkcs11-client.c +++ b/ssh-pkcs11-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-client.c,v 1.7 2017/05/30 08:52:19 markus Exp $ */ +/* $OpenBSD: ssh-pkcs11-client.c,v 1.8 2018/02/05 05:37:46 tb Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -99,7 +99,8 @@ pkcs11_init(int interactive) void pkcs11_terminate(void) { - close(fd); + if (fd >= 0) + close(fd); } static int diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c index fd3039c14272..6301033c513a 100644 --- a/ssh-pkcs11-helper.c +++ b/ssh-pkcs11-helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-helper.c,v 1.13 2017/05/30 08:52:19 markus Exp $ */ +/* $OpenBSD: ssh-pkcs11-helper.c,v 1.14 2018/01/08 15:18:46 markus Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -30,12 +30,13 @@ #include #include "xmalloc.h" -#include "buffer.h" +#include "sshbuf.h" #include "log.h" #include "misc.h" -#include "key.h" +#include "sshkey.h" #include "authfd.h" #include "ssh-pkcs11.h" +#include "ssherr.h" #ifdef ENABLE_PKCS11 @@ -51,13 +52,9 @@ TAILQ_HEAD(, pkcs11_keyinfo) pkcs11_keylist; #define MAX_MSG_LENGTH 10240 /*XXX*/ -/* helper */ -#define get_int() buffer_get_int(&iqueue); -#define get_string(lenp) buffer_get_string(&iqueue, lenp); - /* input and output queue */ -Buffer iqueue; -Buffer oqueue; +struct sshbuf *iqueue; +struct sshbuf *oqueue; static void add_key(struct sshkey *k, char *name) @@ -80,7 +77,7 @@ del_keys_by_name(char *name) if (!strcmp(ki->providername, name)) { TAILQ_REMOVE(&pkcs11_keylist, ki, next); free(ki->providername); - key_free(ki->key); + sshkey_free(ki->key); free(ki); } } @@ -94,20 +91,19 @@ lookup_key(struct sshkey *k) TAILQ_FOREACH(ki, &pkcs11_keylist, next) { debug("check %p %s", ki, ki->providername); - if (key_equal(k, ki->key)) + if (sshkey_equal(k, ki->key)) return (ki->key); } return (NULL); } static void -send_msg(Buffer *m) +send_msg(struct sshbuf *m) { - int mlen = buffer_len(m); + int r; - buffer_put_int(&oqueue, mlen); - buffer_append(&oqueue, buffer_ptr(m), mlen); - buffer_consume(m, mlen); + if ((r = sshbuf_put_stringb(oqueue, m)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } static void @@ -115,69 +111,85 @@ process_add(void) { char *name, *pin; struct sshkey **keys; - int i, nkeys; + int r, i, nkeys; u_char *blob; - u_int blen; - Buffer msg; - - buffer_init(&msg); - name = get_string(NULL); - pin = get_string(NULL); + size_t blen; + struct sshbuf *msg; + + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || + (r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if ((nkeys = pkcs11_add_provider(name, pin, &keys)) > 0) { - buffer_put_char(&msg, SSH2_AGENT_IDENTITIES_ANSWER); - buffer_put_int(&msg, nkeys); + if ((r = sshbuf_put_u8(msg, + SSH2_AGENT_IDENTITIES_ANSWER)) != 0 || + (r = sshbuf_put_u32(msg, nkeys)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); for (i = 0; i < nkeys; i++) { - if (key_to_blob(keys[i], &blob, &blen) == 0) + if ((r = sshkey_to_blob(keys[i], &blob, &blen)) != 0) { + debug("%s: sshkey_to_blob: %s", + __func__, ssh_err(r)); continue; - buffer_put_string(&msg, blob, blen); - buffer_put_cstring(&msg, name); + } + if ((r = sshbuf_put_string(msg, blob, blen)) != 0 || + (r = sshbuf_put_cstring(msg, name)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); free(blob); add_key(keys[i], name); } free(keys); } else { - buffer_put_char(&msg, SSH_AGENT_FAILURE); + if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } free(pin); free(name); - send_msg(&msg); - buffer_free(&msg); + send_msg(msg); + sshbuf_free(msg); } static void process_del(void) { char *name, *pin; - Buffer msg; - - buffer_init(&msg); - name = get_string(NULL); - pin = get_string(NULL); + struct sshbuf *msg; + int r; + + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || + (r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); del_keys_by_name(name); - if (pkcs11_del_provider(name) == 0) - buffer_put_char(&msg, SSH_AGENT_SUCCESS); - else - buffer_put_char(&msg, SSH_AGENT_FAILURE); + if ((r = sshbuf_put_u8(msg, pkcs11_del_provider(name) == 0 ? + SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); free(pin); free(name); - send_msg(&msg); - buffer_free(&msg); + send_msg(msg); + sshbuf_free(msg); } static void process_sign(void) { u_char *blob, *data, *signature = NULL; - u_int blen, dlen, slen = 0; - int ok = -1; + size_t blen, dlen, slen = 0; + int r, ok = -1; struct sshkey *key, *found; - Buffer msg; + struct sshbuf *msg; - blob = get_string(&blen); - data = get_string(&dlen); - (void)get_int(); /* XXX ignore flags */ + /* XXX support SHA2 signature flags */ + if ((r = sshbuf_get_string(iqueue, &blob, &blen)) != 0 || + (r = sshbuf_get_string(iqueue, &data, &dlen)) != 0 || + (r = sshbuf_get_u32(iqueue, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - if ((key = key_from_blob(blob, blen)) != NULL) { + if ((r = sshkey_from_blob(blob, blen, &key)) != 0) + error("%s: sshkey_from_blob: %s", __func__, ssh_err(r)); + else { if ((found = lookup_key(key)) != NULL) { #ifdef WITH_OPENSSL int ret; @@ -191,20 +203,23 @@ process_sign(void) } #endif /* WITH_OPENSSL */ } - key_free(key); + sshkey_free(key); } - buffer_init(&msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); if (ok == 0) { - buffer_put_char(&msg, SSH2_AGENT_SIGN_RESPONSE); - buffer_put_string(&msg, signature, slen); + if ((r = sshbuf_put_u8(msg, SSH2_AGENT_SIGN_RESPONSE)) != 0 || + (r = sshbuf_put_string(msg, signature, slen)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } else { - buffer_put_char(&msg, SSH_AGENT_FAILURE); + if ((r = sshbuf_put_u8(msg, SSH2_AGENT_FAILURE)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } free(data); free(blob); free(signature); - send_msg(&msg); - buffer_free(&msg); + send_msg(msg); + sshbuf_free(msg); } static void @@ -213,13 +228,14 @@ process(void) u_int msg_len; u_int buf_len; u_int consumed; - u_int type; - u_char *cp; + u_char type; + const u_char *cp; + int r; - buf_len = buffer_len(&iqueue); + buf_len = sshbuf_len(iqueue); if (buf_len < 5) return; /* Incomplete message. */ - cp = buffer_ptr(&iqueue); + cp = sshbuf_ptr(iqueue); msg_len = get_u32(cp); if (msg_len > MAX_MSG_LENGTH) { error("bad message len %d", msg_len); @@ -227,9 +243,10 @@ process(void) } if (buf_len < msg_len + 4) return; - buffer_consume(&iqueue, 4); + if ((r = sshbuf_consume(iqueue, 4)) != 0 || + (r = sshbuf_get_u8(iqueue, &type)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); buf_len -= 4; - type = buffer_get_char(&iqueue); switch (type) { case SSH_AGENTC_ADD_SMARTCARD_KEY: debug("process_add"); @@ -248,17 +265,19 @@ process(void) break; } /* discard the remaining bytes from the current packet */ - if (buf_len < buffer_len(&iqueue)) { + if (buf_len < sshbuf_len(iqueue)) { error("iqueue grew unexpectedly"); cleanup_exit(255); } - consumed = buf_len - buffer_len(&iqueue); + consumed = buf_len - sshbuf_len(iqueue); if (msg_len < consumed) { error("msg_len %d < consumed %d", msg_len, consumed); cleanup_exit(255); } - if (msg_len > consumed) - buffer_consume(&iqueue, msg_len - consumed); + if (msg_len > consumed) { + if ((r = sshbuf_consume(iqueue, msg_len - consumed)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + } } void @@ -272,7 +291,7 @@ int main(int argc, char **argv) { fd_set *rset, *wset; - int in, out, max, log_stderr = 0; + int r, in, out, max, log_stderr = 0; ssize_t len, olen, set_size; SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; LogLevel log_level = SYSLOG_LEVEL_ERROR; @@ -298,8 +317,10 @@ main(int argc, char **argv) if (out > max) max = out; - buffer_init(&iqueue); - buffer_init(&oqueue); + if ((iqueue = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((oqueue = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask); rset = xmalloc(set_size); @@ -314,11 +335,13 @@ main(int argc, char **argv) * the worst-case length packet it can generate, * otherwise apply backpressure by stopping reads. */ - if (buffer_check_alloc(&iqueue, sizeof(buf)) && - buffer_check_alloc(&oqueue, MAX_MSG_LENGTH)) + if ((r = sshbuf_check_reserve(iqueue, sizeof(buf))) == 0 && + (r = sshbuf_check_reserve(oqueue, MAX_MSG_LENGTH)) == 0) FD_SET(in, rset); + else if (r != SSH_ERR_NO_BUFFER_SPACE) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - olen = buffer_len(&oqueue); + olen = sshbuf_len(oqueue); if (olen > 0) FD_SET(out, wset); @@ -338,18 +361,20 @@ main(int argc, char **argv) } else if (len < 0) { error("read: %s", strerror(errno)); cleanup_exit(1); - } else { - buffer_append(&iqueue, buf, len); + } else if ((r = sshbuf_put(iqueue, buf, len)) != 0) { + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); } } /* send oqueue to stdout */ if (FD_ISSET(out, wset)) { - len = write(out, buffer_ptr(&oqueue), olen); + len = write(out, sshbuf_ptr(oqueue), olen); if (len < 0) { error("write: %s", strerror(errno)); cleanup_exit(1); - } else { - buffer_consume(&oqueue, len); + } else if ((r = sshbuf_consume(oqueue, len)) != 0) { + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); } } @@ -358,8 +383,10 @@ main(int argc, char **argv) * into the output buffer, otherwise stop processing input * and let the output queue drain. */ - if (buffer_check_alloc(&oqueue, MAX_MSG_LENGTH)) + if ((r = sshbuf_check_reserve(oqueue, MAX_MSG_LENGTH)) == 0) process(); + else if (r != SSH_ERR_NO_BUFFER_SPACE) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } } #else /* ENABLE_PKCS11 */ diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index b37491c5d68d..65a7b58979d1 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.25 2017/05/31 09:15:42 deraadt Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.26 2018/02/07 02:06:51 jsing Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -532,8 +532,7 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx, == NULL) { error("RSAPublicKey_dup"); } - if (x509) - X509_free(x509); + X509_free(x509); } if (rsa && rsa->n && rsa->e && pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) { diff --git a/ssh-rsa.c b/ssh-rsa.c index f570ae6d40aa..49e71c87f64b 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-rsa.c,v 1.62 2017/07/01 13:50:45 djm Exp $ */ +/* $OpenBSD: ssh-rsa.c,v 1.66 2018/02/14 16:27:24 jsing Exp $ */ /* * Copyright (c) 2000, 2003 Markus Friedl * @@ -33,6 +33,7 @@ #define SSHKEY_INTERNAL #include "sshkey.h" #include "digest.h" +#include "log.h" static int openssh_RSA_verify(int, u_char *, size_t, u_char *, size_t, RSA *); @@ -78,13 +79,12 @@ rsa_hash_alg_nid(int type) } } -/* calculate p-1 and q-1 */ int ssh_rsa_generate_additional_parameters(struct sshkey *key) { - RSA *rsa; BIGNUM *aux = NULL; BN_CTX *ctx = NULL; + BIGNUM d; int r; if (key == NULL || key->rsa == NULL || @@ -97,12 +97,15 @@ ssh_rsa_generate_additional_parameters(struct sshkey *key) r = SSH_ERR_ALLOC_FAIL; goto out; } - rsa = key->rsa; + BN_set_flags(aux, BN_FLG_CONSTTIME); - if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) || - (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) || - (BN_sub(aux, rsa->p, BN_value_one()) == 0) || - (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) { + BN_init(&d); + BN_with_flags(&d, key->rsa->d, BN_FLG_CONSTTIME); + + if ((BN_sub(aux, key->rsa->q, BN_value_one()) == 0) || + (BN_mod(key->rsa->dmq1, &d, aux, ctx) == 0) || + (BN_sub(aux, key->rsa->p, BN_value_one()) == 0) || + (BN_mod(key->rsa->dmp1, &d, aux, ctx) == 0)) { r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } @@ -119,7 +122,7 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, const char *alg_ident) { u_char digest[SSH_DIGEST_MAX_LENGTH], *sig = NULL; - size_t slen; + size_t slen = 0; u_int dlen, len; int nid, hash_alg, ret = SSH_ERR_INTERNAL_ERROR; struct sshbuf *b = NULL; @@ -188,21 +191,19 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, ret = 0; out: explicit_bzero(digest, sizeof(digest)); - if (sig != NULL) { - explicit_bzero(sig, slen); - free(sig); - } + freezero(sig, slen); sshbuf_free(b); return ret; } int ssh_rsa_verify(const struct sshkey *key, - const u_char *sig, size_t siglen, const u_char *data, size_t datalen) + const u_char *sig, size_t siglen, const u_char *data, size_t datalen, + const char *alg) { - char *ktype = NULL; + char *sigtype = NULL; int hash_alg, ret = SSH_ERR_INTERNAL_ERROR; - size_t len, diff, modlen, dlen; + size_t len = 0, diff, modlen, dlen; struct sshbuf *b = NULL; u_char digest[SSH_DIGEST_MAX_LENGTH], *osigblob, *sigblob = NULL; @@ -215,11 +216,19 @@ ssh_rsa_verify(const struct sshkey *key, if ((b = sshbuf_from(sig, siglen)) == NULL) return SSH_ERR_ALLOC_FAIL; - if (sshbuf_get_cstring(b, &ktype, NULL) != 0) { + if (sshbuf_get_cstring(b, &sigtype, NULL) != 0) { ret = SSH_ERR_INVALID_FORMAT; goto out; } - if ((hash_alg = rsa_hash_alg_from_ident(ktype)) == -1) { + /* XXX djm: need cert types that reliably yield SHA-2 signatures */ + if (alg != NULL && strcmp(alg, sigtype) != 0 && + strcmp(alg, "ssh-rsa-cert-v01@openssh.com") != 0) { + error("%s: RSA signature type mismatch: " + "expected %s received %s", __func__, alg, sigtype); + ret = SSH_ERR_SIGNATURE_INVALID; + goto out; + } + if ((hash_alg = rsa_hash_alg_from_ident(sigtype)) == -1) { ret = SSH_ERR_KEY_TYPE_MISMATCH; goto out; } @@ -259,11 +268,8 @@ ssh_rsa_verify(const struct sshkey *key, ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len, key->rsa); out: - if (sigblob != NULL) { - explicit_bzero(sigblob, len); - free(sigblob); - } - free(ktype); + freezero(sigblob, len); + free(sigtype); sshbuf_free(b); explicit_bzero(digest, sizeof(digest)); return ret; @@ -384,10 +390,7 @@ openssh_RSA_verify(int hash_alg, u_char *hash, size_t hashlen, } ret = 0; done: - if (decrypted) { - explicit_bzero(decrypted, rsasize); - free(decrypted); - } + freezero(decrypted, rsasize); return ret; } #endif /* WITH_OPENSSL */ diff --git a/ssh-xmss.c b/ssh-xmss.c new file mode 100644 index 000000000000..4c734fd7d5e2 --- /dev/null +++ b/ssh-xmss.c @@ -0,0 +1,192 @@ +/* $OpenBSD: ssh-xmss.c,v 1.1 2018/02/23 15:58:38 markus Exp $*/ +/* + * Copyright (c) 2017 Stefan-Lukas Gazdag. + * Copyright (c) 2017 Markus Friedl. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +#include "includes.h" +#ifdef WITH_XMSS + +#define SSHKEY_INTERNAL +#include +#include + +#include +#include +#include + +#include "log.h" +#include "sshbuf.h" +#include "sshkey.h" +#include "sshkey-xmss.h" +#include "ssherr.h" +#include "ssh.h" + +#include "xmss_fast.h" + +int +ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, u_int compat) +{ + u_char *sig = NULL; + size_t slen = 0, len = 0, required_siglen; + unsigned long long smlen; + int r, ret; + struct sshbuf *b = NULL; + + if (lenp != NULL) + *lenp = 0; + if (sigp != NULL) + *sigp = NULL; + + if (key == NULL || + sshkey_type_plain(key->type) != KEY_XMSS || + key->xmss_sk == NULL || + sshkey_xmss_params(key) == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if ((r = sshkey_xmss_siglen(key, &required_siglen)) != 0) + return r; + if (datalen >= INT_MAX - required_siglen) + return SSH_ERR_INVALID_ARGUMENT; + smlen = slen = datalen + required_siglen; + if ((sig = malloc(slen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshkey_xmss_get_state(key, error)) != 0) + goto out; + if ((ret = xmss_sign(key->xmss_sk, sshkey_xmss_bds_state(key), sig, &smlen, + data, datalen, sshkey_xmss_params(key))) != 0 || smlen <= datalen) { + r = SSH_ERR_INVALID_ARGUMENT; /* XXX better error? */ + goto out; + } + /* encode signature */ + if ((b = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_put_cstring(b, "ssh-xmss@openssh.com")) != 0 || + (r = sshbuf_put_string(b, sig, smlen - datalen)) != 0) + goto out; + len = sshbuf_len(b); + if (sigp != NULL) { + if ((*sigp = malloc(len)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + memcpy(*sigp, sshbuf_ptr(b), len); + } + if (lenp != NULL) + *lenp = len; + /* success */ + r = 0; + out: + if ((ret = sshkey_xmss_update_state(key, error)) != 0) { + /* discard signature since we cannot update the state */ + if (r == 0 && sigp != NULL && *sigp != NULL) { + explicit_bzero(*sigp, len); + free(*sigp); + } + if (sigp != NULL) + *sigp = NULL; + if (lenp != NULL) + *lenp = 0; + r = ret; + } + sshbuf_free(b); + if (sig != NULL) { + explicit_bzero(sig, slen); + free(sig); + } + + return r; +} + +int +ssh_xmss_verify(const struct sshkey *key, + const u_char *signature, size_t signaturelen, + const u_char *data, size_t datalen, u_int compat) +{ + struct sshbuf *b = NULL; + char *ktype = NULL; + const u_char *sigblob; + u_char *sm = NULL, *m = NULL; + size_t len, required_siglen; + unsigned long long smlen = 0, mlen = 0; + int r, ret; + + if (key == NULL || + sshkey_type_plain(key->type) != KEY_XMSS || + key->xmss_pk == NULL || + sshkey_xmss_params(key) == NULL || + signature == NULL || signaturelen == 0) + return SSH_ERR_INVALID_ARGUMENT; + if ((r = sshkey_xmss_siglen(key, &required_siglen)) != 0) + return r; + if (datalen >= INT_MAX - required_siglen) + return SSH_ERR_INVALID_ARGUMENT; + + if ((b = sshbuf_from(signature, signaturelen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshbuf_get_cstring(b, &ktype, NULL)) != 0 || + (r = sshbuf_get_string_direct(b, &sigblob, &len)) != 0) + goto out; + if (strcmp("ssh-xmss@openssh.com", ktype) != 0) { + r = SSH_ERR_KEY_TYPE_MISMATCH; + goto out; + } + if (sshbuf_len(b) != 0) { + r = SSH_ERR_UNEXPECTED_TRAILING_DATA; + goto out; + } + if (len != required_siglen) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (datalen >= SIZE_MAX - len) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + smlen = len + datalen; + mlen = smlen; + if ((sm = malloc(smlen)) == NULL || (m = malloc(mlen)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + memcpy(sm, sigblob, len); + memcpy(sm+len, data, datalen); + if ((ret = xmss_sign_open(m, &mlen, sm, smlen, + key->xmss_pk, sshkey_xmss_params(key))) != 0) { + debug2("%s: crypto_sign_xmss_open failed: %d", + __func__, ret); + } + if (ret != 0 || mlen != datalen) { + r = SSH_ERR_SIGNATURE_INVALID; + goto out; + } + /* XXX compare 'm' and 'data' ? */ + /* success */ + r = 0; + out: + if (sm != NULL) { + explicit_bzero(sm, smlen); + free(sm); + } + if (m != NULL) { + explicit_bzero(m, smlen); /* NB mlen may be invalid if r != 0 */ + free(m); + } + sshbuf_free(b); + free(ktype); + return r; +} +#endif /* WITH_XMSS */ diff --git a/ssh.0 b/ssh.0 index f920dd97e010..228553c8b370 100644 --- a/ssh.0 +++ b/ssh.0 @@ -4,13 +4,13 @@ NAME ssh M-bM-^@M-^S OpenSSH SSH client (remote login program) SYNOPSIS - ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] - [-D [bind_address:]port] [-E log_file] [-e escape_char] - [-F configfile] [-I pkcs11] [-i identity_file] - [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] + ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address] + [-c cipher_spec] [-D [bind_address:]port] [-E log_file] + [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] + [-J destination] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] - [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] - [user@]hostname [command] + [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] destination + [command] DESCRIPTION ssh (SSH client) is a program for logging into a remote machine and for @@ -19,11 +19,12 @@ DESCRIPTION network. X11 connections, arbitrary TCP ports and UNIX-domain sockets can also be forwarded over the secure channel. - ssh connects and logs into the specified hostname (with optional user - name). The user must prove his/her identity to the remote machine using - one of several methods (see below). + ssh connects and logs into the specified destination, which may be + specified as either [user@]hostname or a URI of the form + ssh://[user@]hostname[:port]. The user must prove his/her identity to + the remote machine using one of several methods (see below). - If command is specified, it is executed on the remote host instead of a + If a command is specified, it is executed on the remote host instead of a login shell. The options are as follows: @@ -46,6 +47,11 @@ DESCRIPTION -a Disables forwarding of the authentication agent connection. + -B bind_interface + Bind to the address of bind_interface before attempting to + connect to the destination host. This is only useful on systems + with more than one address. + -b bind_address Use bind_address on the local machine as the source address of the connection. Only useful on systems with more than one @@ -138,12 +144,12 @@ DESCRIPTION information from the filename obtained by appending -cert.pub to identity filenames. - -J [user@]host[:port] + -J destination Connect to the target host by first making a ssh connection to - the jump host and then establishing a TCP forwarding to the - ultimate destination from there. Multiple jump hops may be - specified separated by comma characters. This is a shortcut to - specify a ProxyJump configuration directive. + the jump host described by destination and then establishing a + TCP forwarding to the ultimate destination from there. Multiple + jump hops may be specified separated by comma characters. This + is a shortcut to specify a ProxyJump configuration directive. -K Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI credentials to the server. @@ -785,6 +791,16 @@ ENVIRONMENT command. If the current session has no tty, this variable is not set. + SSH_TUNNEL Optionally set by sshd(8) to contain the interface + names assigned if tunnel forwarding was requested + by the client. + + SSH_USER_AUTH Optionally set by sshd(8), this variable may + contain a pathname to a file that lists the + authentication methods successfully used when the + session was established, including any public keys + that were used. + TZ This variable is set to indicate the present time zone if it was set when the daemon was started (i.e. the daemon passes the value on to new @@ -846,7 +862,7 @@ FILES ignore a private key file if it is accessible by others. It is possible to specify a passphrase when generating the key which will be used to encrypt the sensitive part of this file using - 3DES. + AES-128. ~/.ssh/id_dsa.pub ~/.ssh/id_ecdsa.pub @@ -957,4 +973,4 @@ AUTHORS created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 6.2 September 21, 2017 OpenBSD 6.2 +OpenBSD 6.2 February 23, 2018 OpenBSD 6.2 diff --git a/ssh.1 b/ssh.1 index 2ab1697f95de..b4078525b32a 100644 --- a/ssh.1 +++ b/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.384 2017/09/21 19:16:53 markus Exp $ -.Dd $Mdocdate: September 21 2017 $ +.\" $OpenBSD: ssh.1,v 1.391 2018/02/23 07:38:09 jmc Exp $ +.Dd $Mdocdate: February 23 2018 $ .Dt SSH 1 .Os .Sh NAME @@ -42,8 +42,8 @@ .Nd OpenSSH SSH client (remote login program) .Sh SYNOPSIS .Nm ssh -.Bk -words .Op Fl 46AaCfGgKkMNnqsTtVvXxYy +.Op Fl B Ar bind_interface .Op Fl b Ar bind_address .Op Fl c Ar cipher_spec .Op Fl D Oo Ar bind_address : Oc Ns Ar port @@ -52,7 +52,7 @@ .Op Fl F Ar configfile .Op Fl I Ar pkcs11 .Op Fl i Ar identity_file -.Op Fl J Oo Ar user Ns @ Oc Ns Ar host Ns Op : Ns Ar port +.Op Fl J Ar destination .Op Fl L Ar address .Op Fl l Ar login_name .Op Fl m Ar mac_spec @@ -64,9 +64,8 @@ .Op Fl S Ar ctl_path .Op Fl W Ar host : Ns Ar port .Op Fl w Ar local_tun Ns Op : Ns Ar remote_tun -.Oo Ar user Ns @ Oc Ns Ar hostname +.Ar destination .Op Ar command -.Ek .Sh DESCRIPTION .Nm (SSH client) is a program for logging into a remote machine and for @@ -79,15 +78,20 @@ sockets can also be forwarded over the secure channel. .Pp .Nm connects and logs into the specified -.Ar hostname -(with optional -.Ar user -name). +.Ar destination , +which may be specified as either +.Sm off +.Oo user @ Oc hostname +.Sm on +or a URI of the form +.Sm off +.No ssh:// Oo user @ Oc hostname Op : port . +.Sm on The user must prove his/her identity to the remote machine using one of several methods (see below). .Pp -If +If a .Ar command is specified, it is executed on the remote host instead of a login shell. @@ -121,6 +125,12 @@ authenticate using the identities loaded into the agent. .It Fl a Disables forwarding of the authentication agent connection. .Pp +.It Fl B Ar bind_interface +Bind to the address of +.Ar bind_interface +before attempting to connect to the destination host. +This is only useful on systems with more than one address. +.Pp .It Fl b Ar bind_address Use .Ar bind_address @@ -287,17 +297,11 @@ by appending .Pa -cert.pub to identity filenames. .Pp -.It Fl J Xo -.Sm off -.Op Ar user No @ -.Ar host -.Op : Ar port -.Sm on -.Xc +.It Fl J Ar destination Connect to the target host by first making a .Nm -connection to the jump -.Ar host +connection to the jump host described by +.Ar destination and then establishing a TCP forwarding to the ultimate destination from there. Multiple jump hops may be specified separated by comma characters. @@ -1393,6 +1397,17 @@ This is set to the name of the tty (path to the device) associated with the current shell or command. If the current session has no tty, this variable is not set. +.It Ev SSH_TUNNEL +Optionally set by +.Xr sshd 8 +to contain the interface names assigned if tunnel forwarding was +requested by the client. +.It Ev SSH_USER_AUTH +Optionally set by +.Xr sshd 8 , +this variable may contain a pathname to a file that lists the authentication +methods successfully used when the session was established, including any +public keys that were used. .It Ev TZ This variable is set to indicate the present time zone if it was set when the daemon was started (i.e. the daemon passes the value @@ -1474,7 +1489,7 @@ accessible by others (read/write/execute). will simply ignore a private key file if it is accessible by others. It is possible to specify a passphrase when generating the key which will be used to encrypt the -sensitive part of this file using 3DES. +sensitive part of this file using AES-128. .Pp .It Pa ~/.ssh/id_dsa.pub .It Pa ~/.ssh/id_ecdsa.pub diff --git a/ssh.c b/ssh.c index ae37432bd47e..d3619fe292a2 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.464 2017/09/21 19:16:53 markus Exp $ */ +/* $OpenBSD: ssh.c,v 1.475 2018/02/23 15:58:38 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -168,6 +168,10 @@ char *config = NULL; */ char *host; +/* Various strings used to to percent_expand() arguments */ +static char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; +static char uidstr[32], *host_arg, *conn_hash_hex; + /* socket address the host resolves to */ struct sockaddr_storage hostaddr; @@ -197,19 +201,19 @@ static void usage(void) { fprintf(stderr, -"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n" -" [-D [bind_address:]port] [-E log_file] [-e escape_char]\n" -" [-F configfile] [-I pkcs11] [-i identity_file]\n" -" [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]\n" -" [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]\n" -" [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]\n" -" [user@]hostname [command]\n" +"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]\n" +" [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]\n" +" [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]\n" +" [-i identity_file] [-J [user@]host[:port]] [-L address]\n" +" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" +" [-Q query_option] [-R address] [-S ctl_path] [-W host:port]\n" +" [-w local_tun[:remote_tun]] destination [command]\n" ); exit(255); } -static int ssh_session2(struct ssh *); -static void load_public_identity_files(void); +static int ssh_session2(struct ssh *, struct passwd *); +static void load_public_identity_files(struct passwd *); static void main_sigchld_handler(int); /* ~/ expand a list of paths. NB. assumes path[n] is heap-allocated. */ @@ -267,6 +271,40 @@ resolve_host(const char *name, int port, int logerr, char *cname, size_t clen) return res; } +/* Returns non-zero if name can only be an address and not a hostname */ +static int +is_addr_fast(const char *name) +{ + return (strchr(name, '%') != NULL || strchr(name, ':') != NULL || + strspn(name, "0123456789.") == strlen(name)); +} + +/* Returns non-zero if name represents a valid, single address */ +static int +is_addr(const char *name) +{ + char strport[NI_MAXSERV]; + struct addrinfo hints, *res; + + if (is_addr_fast(name)) + return 1; + + snprintf(strport, sizeof strport, "%u", default_ssh_port()); + memset(&hints, 0, sizeof(hints)); + hints.ai_family = options.address_family == -1 ? + AF_UNSPEC : options.address_family; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_NUMERICHOST|AI_NUMERICSERV; + if (getaddrinfo(name, strport, &hints, &res) != 0) + return 0; + if (res == NULL || res->ai_next != NULL) { + freeaddrinfo(res); + return 0; + } + freeaddrinfo(res); + return 1; +} + /* * Attempt to resolve a numeric host address / port to a single address. * Returns a canonical address string. @@ -372,20 +410,10 @@ resolve_canonicalize(char **hostp, int port) char *cp, *fullhost, newname[NI_MAXHOST]; struct addrinfo *addrs; - if (options.canonicalize_hostname == SSH_CANONICALISE_NO) - return NULL; - /* - * Don't attempt to canonicalize names that will be interpreted by - * a proxy unless the user specifically requests so. + * Attempt to canonicalise addresses, regardless of + * whether hostname canonicalisation was requested */ - direct = option_clear_or_none(options.proxy_command) && - options.jump_host == NULL; - if (!direct && - options.canonicalize_hostname != SSH_CANONICALISE_ALWAYS) - return NULL; - - /* Try numeric hostnames first */ if ((addrs = resolve_addr(*hostp, port, newname, sizeof(newname))) != NULL) { debug2("%s: hostname %.100s is address", __func__, *hostp); @@ -398,6 +426,30 @@ resolve_canonicalize(char **hostp, int port) return addrs; } + /* + * If this looks like an address but didn't parse as one, it might + * be an address with an invalid interface scope. Skip further + * attempts at canonicalisation. + */ + if (is_addr_fast(*hostp)) { + debug("%s: hostname %.100s is an unrecognised address", + __func__, *hostp); + return NULL; + } + + if (options.canonicalize_hostname == SSH_CANONICALISE_NO) + return NULL; + + /* + * Don't attempt to canonicalize names that will be interpreted by + * a proxy unless the user specifically requests so. + */ + direct = option_clear_or_none(options.proxy_command) && + options.jump_host == NULL; + if (!direct && + options.canonicalize_hostname != SSH_CANONICALISE_ALWAYS) + return NULL; + /* If domain name is anchored, then resolve it now */ if ((*hostp)[strlen(*hostp) - 1] == '.') { debug3("%s: name is fully qualified", __func__); @@ -456,14 +508,14 @@ resolve_canonicalize(char **hostp, int port) * file if the user specifies a config file on the command line. */ static void -process_config_files(const char *host_arg, struct passwd *pw, int post_canon) +process_config_files(const char *host_name, struct passwd *pw, int post_canon) { char buf[PATH_MAX]; int r; if (config != NULL) { if (strcasecmp(config, "none") != 0 && - !read_config_file(config, pw, host, host_arg, &options, + !read_config_file(config, pw, host, host_name, &options, SSHCONF_USERCONF | (post_canon ? SSHCONF_POSTCANON : 0))) fatal("Can't open user config file %.100s: " "%.100s", config, strerror(errno)); @@ -471,13 +523,13 @@ process_config_files(const char *host_arg, struct passwd *pw, int post_canon) r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, _PATH_SSH_USER_CONFFILE); if (r > 0 && (size_t)r < sizeof(buf)) - (void)read_config_file(buf, pw, host, host_arg, + (void)read_config_file(buf, pw, host, host_name, &options, SSHCONF_CHECKPERM | SSHCONF_USERCONF | (post_canon ? SSHCONF_POSTCANON : 0)); /* Read systemwide configuration file after user config. */ (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, - host, host_arg, &options, + host, host_name, &options, post_canon ? SSHCONF_POSTCANON : 0); } } @@ -510,10 +562,9 @@ main(int ac, char **av) { struct ssh *ssh = NULL; int i, r, opt, exit_status, use_syslog, direct, timeout_ms; - int config_test = 0, opt_terminated = 0; - char *p, *cp, *line, *argv0, buf[PATH_MAX], *host_arg, *logfile; - char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; - char cname[NI_MAXHOST], uidstr[32], *conn_hash_hex; + int was_addr, config_test = 0, opt_terminated = 0; + char *p, *cp, *line, *argv0, buf[PATH_MAX], *logfile; + char cname[NI_MAXHOST]; struct stat st; struct passwd *pw; extern int optind, optreset; @@ -612,7 +663,7 @@ main(int ac, char **av) again: while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" - "ACD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { + "AB:CD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { switch (opt) { case '1': fatal("SSH protocol v.1 is no longer supported"); @@ -846,14 +897,18 @@ main(int ac, char **av) options.control_master = SSHCTL_MASTER_YES; break; case 'p': - options.port = a2port(optarg); - if (options.port <= 0) { - fprintf(stderr, "Bad port '%s'\n", optarg); - exit(255); + if (options.port == -1) { + options.port = a2port(optarg); + if (options.port <= 0) { + fprintf(stderr, "Bad port '%s'\n", + optarg); + exit(255); + } } break; case 'l': - options.user = optarg; + if (options.user == NULL) + options.user = optarg; break; case 'L': @@ -918,6 +973,9 @@ main(int ac, char **av) case 'b': options.bind_address = optarg; break; + case 'B': + options.bind_interface = optarg; + break; case 'F': config = optarg; break; @@ -933,16 +991,38 @@ main(int ac, char **av) av += optind; if (ac > 0 && !host) { - if (strrchr(*av, '@')) { + int tport; + char *tuser; + switch (parse_ssh_uri(*av, &tuser, &host, &tport)) { + case -1: + usage(); + break; + case 0: + if (options.user == NULL) { + options.user = tuser; + tuser = NULL; + } + free(tuser); + if (options.port == -1 && tport != -1) + options.port = tport; + break; + default: p = xstrdup(*av); cp = strrchr(p, '@'); - if (cp == NULL || cp == p) - usage(); - options.user = p; - *cp = '\0'; - host = xstrdup(++cp); - } else - host = xstrdup(*av); + if (cp != NULL) { + if (cp == p) + usage(); + if (options.user == NULL) { + options.user = p; + p = NULL; + } + *cp++ = '\0'; + host = xstrdup(cp); + free(p); + } else + host = p; + break; + } if (ac > 1 && !opt_terminated) { optind = optreset = 1; goto again; @@ -994,9 +1074,9 @@ main(int ac, char **av) if (logfile != NULL) log_redirect_stderr_to(logfile); log_init(argv0, - options.log_level == SYSLOG_LEVEL_NOT_SET ? + options.log_level == SYSLOG_LEVEL_NOT_SET ? SYSLOG_LEVEL_INFO : options.log_level, - options.log_facility == SYSLOG_FACILITY_NOT_SET ? + options.log_facility == SYSLOG_FACILITY_NOT_SET ? SYSLOG_FACILITY_USER : options.log_facility, !use_syslog); @@ -1026,16 +1106,22 @@ main(int ac, char **av) options.hostname = xstrdup(host); } - /* If canonicalization requested then try to apply it */ - lowercase(host); - if (options.canonicalize_hostname != SSH_CANONICALISE_NO) + /* Don't lowercase addresses, they will be explicitly canonicalised */ + if ((was_addr = is_addr(host)) == 0) + lowercase(host); + + /* + * Try to canonicalize if requested by configuration or the + * hostname is an address. + */ + if (options.canonicalize_hostname != SSH_CANONICALISE_NO || was_addr) addrs = resolve_canonicalize(&host, options.port); /* * If CanonicalizePermittedCNAMEs have been specified but * other canonicalization did not happen (by not being requested * or by failing with fallback) then the hostname may still be changed - * as a result of CNAME following. + * as a result of CNAME following. * * Try to resolve the bare hostname name using the system resolver's * usual search rules and then apply the CNAME follow rules. @@ -1177,6 +1263,7 @@ main(int ac, char **av) if (options.user == NULL) options.user = xstrdup(pw->pw_name); + /* Set up strings used to percent_expand() arguments */ if (gethostname(thishost, sizeof(thishost)) == -1) fatal("gethostname: %s", strerror(errno)); strlcpy(shorthost, thishost, sizeof(shorthost)); @@ -1194,24 +1281,11 @@ main(int ac, char **av) ssh_digest_free(md); conn_hash_hex = tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA1)); - if (options.local_command != NULL) { - debug3("expanding LocalCommand: %s", options.local_command); - cp = options.local_command; - options.local_command = percent_expand(cp, - "C", conn_hash_hex, - "L", shorthost, - "d", pw->pw_dir, - "h", host, - "l", thishost, - "n", host_arg, - "p", portstr, - "r", options.user, - "u", pw->pw_name, - (char *)NULL); - debug3("expanded LocalCommand: %s", options.local_command); - free(cp); - } - + /* + * Expand tokens in arguments. NB. LocalCommand is expanded later, + * after port-forwarding is set up, so it may pick up any local + * tunnel interface name allocated. + */ if (options.remote_command != NULL) { debug3("expanding RemoteCommand: %s", options.remote_command); cp = options.remote_command; @@ -1230,7 +1304,6 @@ main(int ac, char **av) free(cp); buffer_append(&command, options.remote_command, strlen(options.remote_command)); - } if (options.control_path != NULL) { @@ -1311,7 +1384,7 @@ main(int ac, char **av) sensitive_data.keys = NULL; sensitive_data.external_keysign = 0; if (options.hostbased_authentication) { - sensitive_data.nkeys = 9; + sensitive_data.nkeys = 11; sensitive_data.keys = xcalloc(sensitive_data.nkeys, sizeof(struct sshkey)); /* XXX */ for (i = 0; i < sensitive_data.nkeys; i++) @@ -1338,6 +1411,10 @@ main(int ac, char **av) _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); sensitive_data.keys[8] = key_load_private_type(KEY_DSA, _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); + sensitive_data.keys[9] = key_load_private_cert(KEY_XMSS, + _PATH_HOST_XMSS_KEY_FILE, "", NULL); + sensitive_data.keys[10] = key_load_private_type(KEY_XMSS, + _PATH_HOST_XMSS_KEY_FILE, "", NULL, NULL); PRIV_END; if (options.hostbased_authentication == 1 && @@ -1345,7 +1422,8 @@ main(int ac, char **av) sensitive_data.keys[5] == NULL && sensitive_data.keys[6] == NULL && sensitive_data.keys[7] == NULL && - sensitive_data.keys[8] == NULL) { + sensitive_data.keys[8] == NULL && + sensitive_data.keys[9] == NULL) { #ifdef OPENSSL_HAS_ECC sensitive_data.keys[1] = key_load_cert( _PATH_HOST_ECDSA_KEY_FILE); @@ -1366,6 +1444,10 @@ main(int ac, char **av) _PATH_HOST_RSA_KEY_FILE, NULL); sensitive_data.keys[8] = key_load_public( _PATH_HOST_DSA_KEY_FILE, NULL); + sensitive_data.keys[9] = key_load_cert( + _PATH_HOST_XMSS_KEY_FILE); + sensitive_data.keys[10] = key_load_public( + _PATH_HOST_XMSS_KEY_FILE, NULL); sensitive_data.external_keysign = 1; } } @@ -1401,7 +1483,7 @@ main(int ac, char **av) } } /* load options.identity_files */ - load_public_identity_files(); + load_public_identity_files(pw); /* optionally set the SSH_AUTHSOCKET_ENV_NAME varibale */ if (options.identity_agent && @@ -1465,7 +1547,7 @@ main(int ac, char **av) } skip_connect: - exit_status = ssh_session2(ssh); + exit_status = ssh_session2(ssh, pw); packet_close(); if (options.control_path != NULL && muxserver_sock != -1) @@ -1485,29 +1567,29 @@ control_persist_detach(void) debug("%s: backgrounding master process", __func__); - /* - * master (current process) into the background, and make the - * foreground process a client of the backgrounded master. - */ + /* + * master (current process) into the background, and make the + * foreground process a client of the backgrounded master. + */ switch ((pid = fork())) { case -1: fatal("%s: fork: %s", __func__, strerror(errno)); case 0: /* Child: master process continues mainloop */ - break; - default: + break; + default: /* Parent: set up mux slave to connect to backgrounded master */ debug2("%s: background process is %ld", __func__, (long)pid); stdin_null_flag = ostdin_null_flag; options.request_tty = orequest_tty; tty_flag = otty_flag; - close(muxserver_sock); - muxserver_sock = -1; + close(muxserver_sock); + muxserver_sock = -1; options.control_master = SSHCTL_MASTER_NO; - muxclient(options.control_path); + muxclient(options.control_path); /* muxclient() doesn't return on success. */ - fatal("Failed to connect to new control master"); - } + fatal("Failed to connect to new control master"); + } if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) { error("%s: open(\"/dev/null\"): %s", __func__, strerror(errno)); @@ -1562,7 +1644,7 @@ ssh_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt) channel_update_permitted_opens(ssh, rfwd->handle, -1); } } - + if (type == SSH2_MSG_REQUEST_FAILURE) { if (options.exit_on_forward_failure) { if (rfwd->listen_path != NULL) @@ -1624,7 +1706,7 @@ ssh_init_stdio_forwarding(struct ssh *ssh) } static void -ssh_init_forwarding(struct ssh *ssh) +ssh_init_forwarding(struct ssh *ssh, char **ifname) { int success = 0; int i; @@ -1682,14 +1764,15 @@ ssh_init_forwarding(struct ssh *ssh) /* Initiate tunnel forwarding. */ if (options.tun_open != SSH_TUNMODE_NO) { - if (client_request_tun_fwd(ssh, options.tun_open, - options.tun_local, options.tun_remote) == -1) { + if ((*ifname = client_request_tun_fwd(ssh, + options.tun_open, options.tun_local, + options.tun_remote)) == NULL) { if (options.exit_on_forward_failure) fatal("Could not request tunnel forwarding."); else error("Could not request tunnel forwarding."); } - } + } } static void @@ -1798,20 +1881,41 @@ ssh_session2_open(struct ssh *ssh) } static int -ssh_session2(struct ssh *ssh) +ssh_session2(struct ssh *ssh, struct passwd *pw) { - int id = -1; + int devnull, id = -1; + char *cp, *tun_fwd_ifname = NULL; /* XXX should be pre-session */ if (!options.control_persist) ssh_init_stdio_forwarding(ssh); - ssh_init_forwarding(ssh); + + ssh_init_forwarding(ssh, &tun_fwd_ifname); + + if (options.local_command != NULL) { + debug3("expanding LocalCommand: %s", options.local_command); + cp = options.local_command; + options.local_command = percent_expand(cp, + "C", conn_hash_hex, + "L", shorthost, + "d", pw->pw_dir, + "h", host, + "l", thishost, + "n", host_arg, + "p", portstr, + "r", options.user, + "u", pw->pw_name, + "T", tun_fwd_ifname == NULL ? "NONE" : tun_fwd_ifname, + (char *)NULL); + debug3("expanded LocalCommand: %s", options.local_command); + free(cp); + } /* Start listening for multiplex clients */ if (!packet_get_mux()) muxserver_listen(ssh); - /* + /* * If we are in control persist mode and have a working mux listen * socket, then prepare to background ourselves and have a foreground * client attach as a control slave. @@ -1820,18 +1924,18 @@ ssh_session2(struct ssh *ssh) * after the connection is fully established (in particular, * async rfwd replies have been received for ExitOnForwardFailure). */ - if (options.control_persist && muxserver_sock != -1) { + if (options.control_persist && muxserver_sock != -1) { ostdin_null_flag = stdin_null_flag; ono_shell_flag = no_shell_flag; orequest_tty = options.request_tty; otty_flag = tty_flag; - stdin_null_flag = 1; - no_shell_flag = 1; - tty_flag = 0; + stdin_null_flag = 1; + no_shell_flag = 1; + tty_flag = 0; if (!fork_after_authentication_flag) need_controlpersist_detach = 1; fork_after_authentication_flag = 1; - } + } /* * ControlPersist mux listen socket setup failed, attempt the * stdio forward setup that we skipped earlier. @@ -1839,7 +1943,7 @@ ssh_session2(struct ssh *ssh) if (options.control_persist && muxserver_sock == -1) ssh_init_stdio_forwarding(ssh); - if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) + if (!no_shell_flag) id = ssh_session2_open(ssh); else { packet_set_interactive( @@ -1862,6 +1966,22 @@ ssh_session2(struct ssh *ssh) options.permit_local_command) ssh_local_cmd(options.local_command); + /* + * stdout is now owned by the session channel; clobber it here + * so future channel closes are propagated to the local fd. + * NB. this can only happen after LocalCommand has completed, + * as it may want to write to stdout. + */ + if (!need_controlpersist_detach) { + if ((devnull = open(_PATH_DEVNULL, O_WRONLY)) == -1) + error("%s: open %s: %s", __func__, + _PATH_DEVNULL, strerror(errno)); + if (dup2(devnull, STDOUT_FILENO) < 0) + fatal("%s: dup2() stdout failed", __func__); + if (devnull > STDERR_FILENO) + close(devnull); + } + /* * If requested and we are not interested in replies to remote * forwarding requests, then let ssh continue in the background. @@ -1881,12 +2001,10 @@ ssh_session2(struct ssh *ssh) /* Loads all IdentityFile and CertificateFile keys */ static void -load_public_identity_files(void) +load_public_identity_files(struct passwd *pw) { - char *filename, *cp, thishost[NI_MAXHOST]; - char *pwdir = NULL, *pwname = NULL; + char *filename, *cp; struct sshkey *public; - struct passwd *pw; int i; u_int n_ids, n_certs; char *identity_files[SSH_MAX_IDENTITY_FILES]; @@ -1925,11 +2043,6 @@ load_public_identity_files(void) #endif /* ENABLE_PKCS11 */ if ((pw = getpwuid(original_real_uid)) == NULL) fatal("load_public_identity_files: getpwuid failed"); - pwname = xstrdup(pw->pw_name); - pwdir = xstrdup(pw->pw_dir); - if (gethostname(thishost, sizeof(thishost)) == -1) - fatal("load_public_identity_files: gethostname: %s", - strerror(errno)); for (i = 0; i < options.num_identity_files; i++) { if (n_ids >= SSH_MAX_IDENTITY_FILES || strcasecmp(options.identity_files[i], "none") == 0) { @@ -1939,8 +2052,8 @@ load_public_identity_files(void) } cp = tilde_expand_filename(options.identity_files[i], original_real_uid); - filename = percent_expand(cp, "d", pwdir, - "u", pwname, "l", thishost, "h", host, + filename = percent_expand(cp, "d", pw->pw_dir, + "u", pw->pw_name, "l", thishost, "h", host, "r", options.user, (char *)NULL); free(cp); public = key_load_public(filename, NULL); @@ -1985,8 +2098,8 @@ load_public_identity_files(void) for (i = 0; i < options.num_certificate_files; i++) { cp = tilde_expand_filename(options.certificate_files[i], original_real_uid); - filename = percent_expand(cp, "d", pwdir, - "u", pwname, "l", thishost, "h", host, + filename = percent_expand(cp, "d", pw->pw_dir, + "u", pw->pw_name, "l", thishost, "h", host, "r", options.user, (char *)NULL); free(cp); @@ -2019,11 +2132,6 @@ load_public_identity_files(void) memcpy(options.certificate_files, certificate_files, sizeof(certificate_files)); memcpy(options.certificates, certificates, sizeof(certificates)); - - explicit_bzero(pwname, strlen(pwname)); - free(pwname); - explicit_bzero(pwdir, strlen(pwdir)); - free(pwdir); } static void @@ -2036,7 +2144,5 @@ main_sigchld_handler(int sig) while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || (pid < 0 && errno == EINTR)) ; - - signal(sig, main_sigchld_handler); errno = save_errno; } diff --git a/ssh_config.0 b/ssh_config.0 index 9493953ab187..4109b1909038 100644 --- a/ssh_config.0 +++ b/ssh_config.0 @@ -112,6 +112,11 @@ DESCRIPTION one address. Note that this option does not work if UsePrivilegedPort is set to yes. + BindInterface + Use the address of the specified interface on the local machine + as the source address of the connection. Note that this option + does not work if UsePrivilegedPort is set to yes. + CanonicalDomains When CanonicalizeHostname is enabled, this option specifies the list of domain suffixes in which to search for the specified @@ -583,7 +588,10 @@ DESCRIPTION curve25519-sha256,curve25519-sha256@libssh.org, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, + diffie-hellman-group16-sha512, + diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, + diffie-hellman-group14-sha256, diffie-hellman-group14-sha1 The list of available key exchange algorithms may also be @@ -652,12 +660,8 @@ DESCRIPTION "ssh -Q mac". NoHostAuthenticationForLocalhost - This option can be used if the home directory is shared across - machines. In this case localhost will refer to a different - machine on each of the machines and the user will get many - warnings about changed host keys. However, this option disables - host authentication for localhost. The argument to this keyword - must be yes or no (the default). + Disable host authentication for localhost (loopback addresses). + The argument to this keyword must be yes or no (the default). NumberOfPasswordPrompts Specifies the number of password prompts before giving up. The @@ -713,12 +717,12 @@ DESCRIPTION ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p ProxyJump - Specifies one or more jump proxies as [user@]host[:port]. - Multiple proxies may be separated by comma characters and will be - visited sequentially. Setting this option will cause ssh(1) to - connect to the target host by first making a ssh(1) connection to - the specified ProxyJump host and then establishing a TCP - forwarding to the ultimate target from there. + Specifies one or more jump proxies as either [user@]host[:port] + or an ssh URI. Multiple proxies may be separated by comma + characters and will be visited sequentially. Setting this option + will cause ssh(1) to connect to the target host by first making a + ssh(1) connection to the specified ProxyJump host and then + establishing a TCP forwarding to the ultimate target from there. Note that this option will compete with the ProxyCommand option - whichever is specified first will prevent later instances of the @@ -883,8 +887,8 @@ DESCRIPTION If this flag is set to yes, ssh(1) will never automatically add host keys to the ~/.ssh/known_hosts file, and refuses to connect to hosts whose host key has changed. This provides maximum - protection against trojan horse attacks, though it can be - annoying when the /etc/ssh/ssh_known_hosts file is poorly + protection against man-in-the-middle (MITM) attacks, though it + can be annoying when the /etc/ssh/ssh_known_hosts file is poorly maintained or when connections to new hosts are frequently made. This option forces the user to manually add all new hosts. @@ -918,6 +922,7 @@ DESCRIPTION dies. This is important in scripts, and many users want it too. To disable TCP keepalive messages, the value should be set to no. + See also ServerAliveInterval for protocol-level keepalives. Tunnel Request tun(4) device forwarding between the client and the server. The argument must be yes, point-to-point (layer 3), @@ -1012,12 +1017,23 @@ PATTERNS from="!*.dialup.example.com,*.example.com" + Note that a negated match will never produce a positive result by itself. + For example, attempting to match "host3" against the following pattern- + list will fail: + + from="!host1,!host2" + + The solution here is to include a term that will yield a positive match, + such as a wildcard: + + from="!host1,!host2,*" + TOKENS Arguments to some keywords can make use of tokens, which are expanded at runtime: %% A literal M-bM-^@M-^X%M-bM-^@M-^Y. - %C Shorthand for %l%h%p%r. + %C Hash of %l%h%p%r. %d Local user's home directory. %h The remote hostname. %i The local user ID. @@ -1026,6 +1042,8 @@ TOKENS %n The original remote hostname, as given on the command line. %p The remote port. %r The remote username. + %T The local tun(4) or tap(4) network interface assigned if + tunnel forwarding was requested, or "NONE" otherwise. %u The local username. Match exec accepts the tokens %%, %h, %L, %l, %n, %p, %r, and %u. @@ -1040,7 +1058,8 @@ TOKENS IdentityAgent and IdentityFile accept the tokens %%, %d, %h, %l, %r, and %u. - LocalCommand accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u. + LocalCommand accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, %T, and + %u. ProxyCommand accepts the tokens %%, %h, %p, and %r. @@ -1070,4 +1089,4 @@ AUTHORS created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 6.2 September 21, 2017 OpenBSD 6.2 +OpenBSD 6.2 February 23, 2018 OpenBSD 6.2 diff --git a/ssh_config.5 b/ssh_config.5 index eab8dd01c22a..71705cabddaa 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.256 2017/09/21 19:16:53 markus Exp $ -.Dd $Mdocdate: September 21 2017 $ +.\" $OpenBSD: ssh_config.5,v 1.268 2018/02/23 07:38:09 jmc Exp $ +.Dd $Mdocdate: February 23 2018 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -262,6 +262,13 @@ Note that this option does not work if .Cm UsePrivilegedPort is set to .Cm yes . +.It Cm BindInterface +Use the address of the specified interface on the local machine as the +source address of the connection. +Note that this option does not work if +.Cm UsePrivilegedPort +is set to +.Cm yes . .It Cm CanonicalDomains When .Cm CanonicalizeHostname @@ -1015,7 +1022,10 @@ The default is: curve25519-sha256,curve25519-sha256@libssh.org, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, +diffie-hellman-group16-sha512, +diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, +diffie-hellman-group14-sha256, diffie-hellman-group14-sha1 .Ed .Pp @@ -1107,10 +1117,7 @@ hmac-sha2-256,hmac-sha2-512,hmac-sha1 The list of available MAC algorithms may also be obtained using .Qq ssh -Q mac . .It Cm NoHostAuthenticationForLocalhost -This option can be used if the home directory is shared across machines. -In this case localhost will refer to a different machine on each of -the machines and the user will get many warnings about changed host keys. -However, this option disables host authentication for localhost. +Disable host authentication for localhost (loopback addresses). The argument to this keyword must be .Cm yes or @@ -1198,13 +1205,14 @@ For example, the following directive would connect via an HTTP proxy at ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p .Ed .It Cm ProxyJump -Specifies one or more jump proxies as +Specifies one or more jump proxies as either .Xo .Sm off .Op Ar user No @ .Ar host .Op : Ns Ar port .Sm on +or an ssh URI .Xc . Multiple proxies may be separated by comma characters and will be visited sequentially. @@ -1457,7 +1465,7 @@ If this flag is set to will never automatically add host keys to the .Pa ~/.ssh/known_hosts file, and refuses to connect to hosts whose host key has changed. -This provides maximum protection against trojan horse attacks, +This provides maximum protection against man-in-the-middle (MITM) attacks, though it can be annoying when the .Pa /etc/ssh/ssh_known_hosts file is poorly maintained or when connections to new hosts are @@ -1509,6 +1517,9 @@ This is important in scripts, and many users want it too. .Pp To disable TCP keepalive messages, the value should be set to .Cm no . +See also +.Cm ServerAliveInterval +for protocol-level keepalives. .It Cm Tunnel Request .Xr tun 4 @@ -1674,6 +1685,18 @@ pool, the following entry (in authorized_keys) could be used: .Pp .Dl from=\&"!*.dialup.example.com,*.example.com\&" +.Pp +Note that a negated match will never produce a positive result by itself. +For example, attempting to match +.Qq host3 +against the following pattern-list will fail: +.Pp +.Dl from=\&"!host1,!host2\&" +.Pp +The solution here is to include a term that will yield a positive match, +such as a wildcard: +.Pp +.Dl from=\&"!host1,!host2,*\&" .Sh TOKENS Arguments to some keywords can make use of tokens, which are expanded at runtime: @@ -1683,7 +1706,7 @@ which are expanded at runtime: A literal .Sq % . .It \&%C -Shorthand for %l%h%p%r. +Hash of %l%h%p%r. .It %d Local user's home directory. .It %h @@ -1700,6 +1723,15 @@ The original remote hostname, as given on the command line. The remote port. .It %r The remote username. +.It \&%T +The local +.Xr tun 4 +or +.Xr tap 4 +network interface assigned if +tunnel forwarding was requested, or +.Qq NONE +otherwise. .It %u The local username. .El @@ -1722,7 +1754,7 @@ and accept the tokens %%, %d, %h, %l, %r, and %u. .Pp .Cm LocalCommand -accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u. +accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, %T, and %u. .Pp .Cm ProxyCommand accepts the tokens %%, %h, %p, and %r. diff --git a/sshconnect.c b/sshconnect.c index dc7a704d2a2d..3805d35d9845 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.287 2017/09/14 04:32:21 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.297 2018/02/23 15:58:38 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -23,6 +23,7 @@ # include #endif +#include #include #include @@ -43,6 +44,9 @@ #include #include #include +#ifdef HAVE_IFADDRS_H +# include +#endif #include "xmalloc.h" #include "key.h" @@ -270,14 +274,83 @@ ssh_kill_proxy_command(void) kill(proxy_command_pid, SIGHUP); } +#ifdef HAVE_IFADDRS_H +/* + * Search a interface address list (returned from getifaddrs(3)) for an + * address that matches the desired address family on the specifed interface. + * Returns 0 and fills in *resultp and *rlenp on success. Returns -1 on failure. + */ +static int +check_ifaddrs(const char *ifname, int af, const struct ifaddrs *ifaddrs, + struct sockaddr_storage *resultp, socklen_t *rlenp) +{ + struct sockaddr_in6 *sa6; + struct sockaddr_in *sa; + struct in6_addr *v6addr; + const struct ifaddrs *ifa; + int allow_local; + + /* + * Prefer addresses that are not loopback or linklocal, but use them + * if nothing else matches. + */ + for (allow_local = 0; allow_local < 2; allow_local++) { + for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) { + if (ifa->ifa_addr == NULL || ifa->ifa_name == NULL || + (ifa->ifa_flags & IFF_UP) == 0 || + ifa->ifa_addr->sa_family != af || + strcmp(ifa->ifa_name, options.bind_interface) != 0) + continue; + switch (ifa->ifa_addr->sa_family) { + case AF_INET: + sa = (struct sockaddr_in *)ifa->ifa_addr; + if (!allow_local && sa->sin_addr.s_addr == + htonl(INADDR_LOOPBACK)) + continue; + if (*rlenp < sizeof(struct sockaddr_in)) { + error("%s: v4 addr doesn't fit", + __func__); + return -1; + } + *rlenp = sizeof(struct sockaddr_in); + memcpy(resultp, sa, *rlenp); + return 0; + case AF_INET6: + sa6 = (struct sockaddr_in6 *)ifa->ifa_addr; + v6addr = &sa6->sin6_addr; + if (!allow_local && + (IN6_IS_ADDR_LINKLOCAL(v6addr) || + IN6_IS_ADDR_LOOPBACK(v6addr))) + continue; + if (*rlenp < sizeof(struct sockaddr_in6)) { + error("%s: v6 addr doesn't fit", + __func__); + return -1; + } + *rlenp = sizeof(struct sockaddr_in6); + memcpy(resultp, sa6, *rlenp); + return 0; + } + } + } + return -1; +} +#endif + /* * Creates a (possibly privileged) socket for use as the ssh connection. */ static int ssh_create_socket(int privileged, struct addrinfo *ai) { - int sock, r, gaierr; + int sock, r, oerrno; + struct sockaddr_storage bindaddr; + socklen_t bindaddrlen = 0; struct addrinfo hints, *res = NULL; +#ifdef HAVE_IFADDRS_H + struct ifaddrs *ifaddrs = NULL; +#endif + char ntop[NI_MAXHOST]; sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); if (sock < 0) { @@ -287,22 +360,55 @@ ssh_create_socket(int privileged, struct addrinfo *ai) fcntl(sock, F_SETFD, FD_CLOEXEC); /* Bind the socket to an alternative local IP address */ - if (options.bind_address == NULL && !privileged) + if (options.bind_address == NULL && options.bind_interface == NULL && + !privileged) return sock; - if (options.bind_address) { + if (options.bind_address != NULL) { memset(&hints, 0, sizeof(hints)); hints.ai_family = ai->ai_family; hints.ai_socktype = ai->ai_socktype; hints.ai_protocol = ai->ai_protocol; hints.ai_flags = AI_PASSIVE; - gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res); - if (gaierr) { + if ((r = getaddrinfo(options.bind_address, NULL, + &hints, &res)) != 0) { error("getaddrinfo: %s: %s", options.bind_address, - ssh_gai_strerror(gaierr)); - close(sock); - return -1; + ssh_gai_strerror(r)); + goto fail; + } + if (res == NULL) { + error("getaddrinfo: no addrs"); + goto fail; } + if (res->ai_addrlen > sizeof(bindaddr)) { + error("%s: addr doesn't fit", __func__); + goto fail; + } + memcpy(&bindaddr, res->ai_addr, res->ai_addrlen); + bindaddrlen = res->ai_addrlen; + } else if (options.bind_interface != NULL) { +#ifdef HAVE_IFADDRS_H + if ((r = getifaddrs(&ifaddrs)) != 0) { + error("getifaddrs: %s: %s", options.bind_interface, + strerror(errno)); + goto fail; + } + bindaddrlen = sizeof(bindaddr); + if (check_ifaddrs(options.bind_interface, ai->ai_family, + ifaddrs, &bindaddr, &bindaddrlen) != 0) { + logit("getifaddrs: %s: no suitable addresses", + options.bind_interface); + goto fail; + } +#else + error("BindInterface not supported on this platform."); +#endif + } + if ((r = getnameinfo((struct sockaddr *)&bindaddr, bindaddrlen, + ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST)) != 0) { + error("%s: getnameinfo failed: %s", __func__, + ssh_gai_strerror(r)); + goto fail; } /* * If we are running as root and want to connect to a privileged @@ -310,25 +416,32 @@ ssh_create_socket(int privileged, struct addrinfo *ai) */ if (privileged) { PRIV_START; - r = bindresvport_sa(sock, res ? res->ai_addr : NULL); + r = bindresvport_sa(sock, + bindaddrlen == 0 ? NULL : (struct sockaddr *)&bindaddr); + oerrno = errno; PRIV_END; if (r < 0) { - error("bindresvport_sa: af=%d %s", ai->ai_family, - strerror(errno)); + error("bindresvport_sa %s: %s", ntop, + strerror(oerrno)); goto fail; } - } else { - if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) { - error("bind: %s: %s", options.bind_address, - strerror(errno)); - fail: - close(sock); - freeaddrinfo(res); - return -1; - } + } else if (bind(sock, (struct sockaddr *)&bindaddr, bindaddrlen) != 0) { + error("bind %s: %s", ntop, strerror(errno)); + goto fail; } + debug("%s: bound to %s", __func__, ntop); + /* success */ + goto out; +fail: + close(sock); + sock = -1; + out: if (res != NULL) freeaddrinfo(res); +#ifdef HAVE_IFADDRS_H + if (ifaddrs != NULL) + freeifaddrs(ifaddrs); +#endif return sock; } @@ -344,7 +457,7 @@ waitrfd(int fd, int *timeoutp) struct timeval t_start; int oerrno, r; - gettimeofday(&t_start, NULL); + monotime_tv(&t_start); pfd.fd = fd; pfd.events = POLLIN; for (; *timeoutp >= 0;) { @@ -416,7 +529,7 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, int connection_attempts, int *timeout_ms, int want_keepalive, int needpriv) { int on = 1; - int sock = -1, attempt; + int oerrno, sock = -1, attempt; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; struct addrinfo *ai; @@ -436,12 +549,16 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, */ for (ai = aitop; ai; ai = ai->ai_next) { if (ai->ai_family != AF_INET && - ai->ai_family != AF_INET6) + ai->ai_family != AF_INET6) { + errno = EAFNOSUPPORT; continue; + } if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop), strport, sizeof(strport), NI_NUMERICHOST|NI_NUMERICSERV) != 0) { + oerrno = errno; error("%s: getnameinfo failed", __func__); + errno = oerrno; continue; } debug("Connecting to %.200s [%.100s] port %s.", @@ -449,9 +566,11 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, /* Create a socket for connecting. */ sock = ssh_create_socket(needpriv, ai); - if (sock < 0) + if (sock < 0) { /* Any error is already output */ + errno = 0; continue; + } if (timeout_connect(sock, ai->ai_addr, ai->ai_addrlen, timeout_ms) >= 0) { @@ -459,10 +578,12 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen); break; } else { + oerrno = errno; debug("connect to address %s port %s: %s", ntop, strport, strerror(errno)); close(sock); sock = -1; + errno = oerrno; } } if (sock != -1) @@ -472,8 +593,8 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, /* Return failure if we didn't get a successful connection. */ if (sock == -1) { error("ssh: connect to host %s port %s: %s", - host, strport, strerror(errno)); - return (-1); + host, strport, errno == 0 ? "failure" : strerror(errno)); + return -1; } debug("Connection established."); @@ -610,9 +731,6 @@ ssh_exchange_identification(int timeout_ms) if (mismatch) fatal("Protocol major versions differ: %d vs. %d", PROTOCOL_MAJOR_2, remote_major); - if ((datafellows & SSH_BUG_DERIVEKEY) != 0) - fatal("Server version \"%.100s\" uses unsafe key agreement; " - "refusing connection", remote_version); if ((datafellows & SSH_BUG_RSASIGMD5) != 0) logit("Server version \"%.100s\" uses unsafe RSA signature " "scheme; disabling use of RSA keys", remote_version); @@ -631,11 +749,12 @@ confirm(const char *prompt) return 0; for (msg = prompt;;msg = again) { p = read_passphrase(msg, RP_ECHO); - if (p == NULL || - (p[0] == '\0') || (p[0] == '\n') || - strncasecmp(p, "no", 2) == 0) + if (p == NULL) + return 0; + p[strcspn(p, "\n")] = '\0'; + if (p[0] == '\0' || strcasecmp(p, "no") == 0) ret = 0; - if (p && strncasecmp(p, "yes", 3) == 0) + else if (strcasecmp(p, "yes") == 0) ret = 1; free(p); if (ret != -1) @@ -1171,8 +1290,7 @@ fail: host_key = raw_key; goto retry; } - if (raw_key != NULL) - sshkey_free(raw_key); + sshkey_free(raw_key); free(ip); free(host); if (host_hostkeys != NULL) @@ -1357,6 +1475,7 @@ show_other_keys(struct hostkeys *hostkeys, struct sshkey *key) KEY_DSA, KEY_ECDSA, KEY_ED25519, + KEY_XMSS, -1 }; int i, ret = 0; @@ -1453,8 +1572,8 @@ ssh_local_cmd(const char *args) } void -maybe_add_key_to_agent(char *authfile, struct sshkey *private, char *comment, - char *passphrase) +maybe_add_key_to_agent(char *authfile, const struct sshkey *private, + char *comment, char *passphrase) { int auth_sock = -1, r; @@ -1474,7 +1593,7 @@ maybe_add_key_to_agent(char *authfile, struct sshkey *private, char *comment, } if ((r = ssh_add_identity_constrained(auth_sock, private, comment, 0, - (options.add_keys_to_agent == 3))) == 0) + (options.add_keys_to_agent == 3), 0)) == 0) debug("identity added to agent: %s", authfile); else debug("could not add identity to agent: %s (%d)", authfile, r); diff --git a/sshconnect.h b/sshconnect.h index b5029e2347e0..dd648b096e9e 100644 --- a/sshconnect.h +++ b/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.31 2017/09/12 06:32:07 djm Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.32 2018/02/10 09:25:35 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -57,7 +57,7 @@ void ssh_userauth2(const char *, const char *, char *, Sensitive *); void ssh_put_password(char *); int ssh_local_cmd(const char *); -void maybe_add_key_to_agent(char *, struct sshkey *, char *, char *); +void maybe_add_key_to_agent(char *, const struct sshkey *, char *, char *); /* * Macros to raise/lower permissions. diff --git a/sshconnect2.c b/sshconnect2.c index be9397e481bd..1f4a74cf46f8 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.266 2017/08/27 00:38:41 dtucker Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.270 2018/03/24 19:28:43 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -578,7 +578,6 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) Authctxt *authctxt = ssh->authctxt; struct sshkey *key = NULL; Identity *id = NULL; - Buffer b; int pktype, sent = 0; u_int alen, blen; char *pkalg, *fp; @@ -586,18 +585,9 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) if (authctxt == NULL) fatal("input_userauth_pk_ok: no authentication context"); - if (datafellows & SSH_BUG_PKOK) { - /* this is similar to SSH_BUG_PKAUTH */ - debug2("input_userauth_pk_ok: SSH_BUG_PKOK"); - pkblob = packet_get_string(&blen); - buffer_init(&b); - buffer_append(&b, pkblob, blen); - pkalg = buffer_get_string(&b, &alen); - buffer_free(&b); - } else { - pkalg = packet_get_string(&alen); - pkblob = packet_get_string(&blen); - } + + pkalg = packet_get_string(&alen); + pkblob = packet_get_string(&blen); packet_check_eom(); debug("Server accepts key: pkalg %s blen %u", pkalg, blen); @@ -634,8 +624,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) } } done: - if (key != NULL) - key_free(key); + key_free(key); free(pkalg); free(pkblob); @@ -1013,17 +1002,46 @@ key_sign_encode(const struct sshkey *key) return key_ssh_name(key); } +/* + * Some agents will return ssh-rsa signatures when asked to make a + * rsa-sha2-* signature. Check what they actually gave back and warn the + * user if the agent has returned an unexpected type. + */ +static int +check_sigtype(const struct sshkey *key, const u_char *sig, size_t len) +{ + int r; + char *sigtype = NULL; + const char *alg = key_sign_encode(key); + + if (sshkey_is_cert(key)) + return 0; + if ((r = sshkey_sigtype(sig, len, &sigtype)) != 0) + return r; + if (strcmp(sigtype, alg) != 0) { + logit("warning: agent returned different signature type %s " + "(expected %s)", sigtype, alg); + } + free(sigtype); + /* Incorrect signature types aren't an error ... yet */ + return 0; +} + static int identity_sign(struct identity *id, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat) { struct sshkey *prv; - int ret; + int r; /* the agent supports this key */ - if (id->key != NULL && id->agent_fd != -1) - return ssh_agent_sign(id->agent_fd, id->key, sigp, lenp, - data, datalen, key_sign_encode(id->key), compat); + if (id->key != NULL && id->agent_fd != -1) { + if ((r = ssh_agent_sign(id->agent_fd, id->key, sigp, lenp, + data, datalen, key_sign_encode(id->key), compat)) != 0 || + (r = check_sigtype(id->key, *sigp, *lenp)) != 0) + return r; + return 0; + } /* * we have already loaded the private key or @@ -1042,10 +1060,10 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp, __func__, id->filename); return SSH_ERR_KEY_NOT_FOUND; } - ret = sshkey_sign(prv, sigp, lenp, data, datalen, + r = sshkey_sign(prv, sigp, lenp, data, datalen, key_sign_encode(prv), compat); sshkey_free(prv); - return (ret); + return r; } static int @@ -1100,17 +1118,10 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) } buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); buffer_put_cstring(&b, authctxt->server_user); - buffer_put_cstring(&b, - datafellows & SSH_BUG_PKSERVICE ? - "ssh-userauth" : - authctxt->service); - if (datafellows & SSH_BUG_PKAUTH) { - buffer_put_char(&b, have_sig); - } else { - buffer_put_cstring(&b, authctxt->method->name); - buffer_put_char(&b, have_sig); - buffer_put_cstring(&b, key_sign_encode(id->key)); - } + buffer_put_cstring(&b, authctxt->service); + buffer_put_cstring(&b, authctxt->method->name); + buffer_put_char(&b, have_sig); + buffer_put_cstring(&b, key_sign_encode(id->key)); buffer_put_string(&b, blob, bloblen); /* @@ -1170,19 +1181,6 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) #ifdef DEBUG_PK buffer_dump(&b); #endif - if (datafellows & SSH_BUG_PKSERVICE) { - buffer_clear(&b); - buffer_append(&b, session_id2, session_id2_len); - skip = session_id2_len; - buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); - buffer_put_cstring(&b, authctxt->server_user); - buffer_put_cstring(&b, authctxt->service); - buffer_put_cstring(&b, authctxt->method->name); - buffer_put_char(&b, have_sig); - if (!(datafellows & SSH_BUG_PKAUTH)) - buffer_put_cstring(&b, key_ssh_name(id->key)); - buffer_put_string(&b, blob, bloblen); - } free(blob); /* append signature */ @@ -1224,8 +1222,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id) packet_put_cstring(authctxt->service); packet_put_cstring(authctxt->method->name); packet_put_char(have_sig); - if (!(datafellows & SSH_BUG_PKAUTH)) - packet_put_cstring(key_sign_encode(id->key)); + packet_put_cstring(key_sign_encode(id->key)); packet_put_string(blob, bloblen); free(blob); packet_send(); @@ -1741,7 +1738,6 @@ userauth_hostbased(Authctxt *authctxt) struct ssh *ssh = active_state; struct sshkey *private = NULL; struct sshbuf *b = NULL; - const char *service; u_char *sig = NULL, *keyblob = NULL; char *fp = NULL, *chost = NULL, *lname = NULL; size_t siglen = 0, keylen = 0; @@ -1812,9 +1808,6 @@ userauth_hostbased(Authctxt *authctxt) xasprintf(&chost, "%s.", lname); debug2("%s: chost %s", __func__, chost); - service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : - authctxt->service; - /* construct data */ if ((b = sshbuf_new()) == NULL) { error("%s: sshbuf_new failed", __func__); @@ -1827,7 +1820,7 @@ userauth_hostbased(Authctxt *authctxt) if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || (r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 || - (r = sshbuf_put_cstring(b, service)) != 0 || + (r = sshbuf_put_cstring(b, authctxt->service)) != 0 || (r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 || (r = sshbuf_put_cstring(b, key_ssh_name(private))) != 0 || (r = sshbuf_put_string(b, keyblob, keylen)) != 0 || diff --git a/sshd.0 b/sshd.0 index 92c8ec53306c..999d160bf8dd 100644 --- a/sshd.0 +++ b/sshd.0 @@ -33,12 +33,14 @@ DESCRIPTION -C connection_spec Specify the connection parameters to use for the -T extended test mode. If provided, any Match directives in the configuration - file that would apply to the specified user, host, and address - will be set before the configuration is written to standard - output. The connection parameters are supplied as keyword=value - pairs. The keywords are M-bM-^@M-^\userM-bM-^@M-^], M-bM-^@M-^\hostM-bM-^@M-^], M-bM-^@M-^\laddrM-bM-^@M-^], M-bM-^@M-^\lportM-bM-^@M-^], and - M-bM-^@M-^\addrM-bM-^@M-^]. All are required and may be supplied in any order, + file that would apply are applied before the configuration is + written to standard output. The connection parameters are + supplied as keyword=value pairs and may be supplied in any order, either with multiple -C options or as a comma-separated list. + The keywords are M-bM-^@M-^\addr,M-bM-^@M-^] M-bM-^@M-^\userM-bM-^@M-^], M-bM-^@M-^\hostM-bM-^@M-^], M-bM-^@M-^\laddrM-bM-^@M-^], M-bM-^@M-^\lportM-bM-^@M-^], and + M-bM-^@M-^\rdomainM-bM-^@M-^] and correspond to source address, user, resolved source + host name, local address, local port number and routing domain + respectively. -c host_certificate_file Specifies a path to a certificate file to identify sshd during @@ -75,10 +77,9 @@ DESCRIPTION Specifies a file from which a host key is read. This option must be given if sshd is not run as root (as the normal host key files are normally not readable by anyone but root). The default is - /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key, - /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key. It - is possible to have multiple host key files for the different - host key algorithms. + /etc/ssh/ssh_host_ecdsa_key, /etc/ssh/ssh_host_ed25519_key and + /etc/ssh/ssh_host_rsa_key. It is possible to have multiple host + key files for the different host key algorithms. -i Specifies that sshd is being run from inetd(8). @@ -247,7 +248,7 @@ AUTHORIZED_KEYS FILE FORMAT You don't want to type them in; instead, copy the id_dsa.pub, id_ecdsa.pub, id_ed25519.pub, or the id_rsa.pub file and edit it. - sshd enforces a minimum RSA key modulus size of 768 bits. + sshd enforces a minimum RSA key modulus size of 1024 bits. The options (if present) consist of comma-separated option specifications. No spaces are permitted, except within double quotes. @@ -299,6 +300,11 @@ AUTHORIZED_KEYS FILE FORMAT this type are permitted. Environment processing is disabled by default and is controlled via the PermitUserEnvironment option. + expiry-time="timespec" + Specifies a time after which the key will not be accepted. The + time may be specified as a YYYYMMDD date or a YYYYMMDDHHMM[SS] + time in the system time-zone. + from="pattern-list" Specifies that in addition to public key authentication, either the canonical name of the remote host or its IP address must be @@ -346,6 +352,7 @@ AUTHORIZED_KEYS FILE FORMAT port-forwarding Enable port forwarding previously disabled by the restrict + option. principals="principals" On a cert-authority line, specifies allowed principals for @@ -567,7 +574,6 @@ FILES allows host-based authentication without permitting login with rlogin/rsh. - /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key /etc/ssh/ssh_host_rsa_key @@ -576,7 +582,6 @@ FILES not accessible to others. Note that sshd does not start if these files are group/world-accessible. - /etc/ssh/ssh_host_dsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ed25519_key.pub /etc/ssh/ssh_host_rsa_key.pub @@ -629,4 +634,4 @@ AUTHORS versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support for privilege separation. -OpenBSD 6.2 June 24, 2017 OpenBSD 6.2 +OpenBSD 6.2 March 14, 2018 OpenBSD 6.2 diff --git a/sshd.8 b/sshd.8 index a4201146bc23..968ba66bbe8d 100644 --- a/sshd.8 +++ b/sshd.8 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.291 2017/06/24 06:28:50 jmc Exp $ -.Dd $Mdocdate: June 24 2017 $ +.\" $OpenBSD: sshd.8,v 1.299 2018/03/14 06:56:20 jmc Exp $ +.Dd $Mdocdate: March 14 2018 $ .Dt SSHD 8 .Os .Sh NAME @@ -100,20 +100,22 @@ Specify the connection parameters to use for the extended test mode. If provided, any .Cm Match -directives in the configuration file -that would apply to the specified user, host, and address will be set before -the configuration is written to standard output. -The connection parameters are supplied as keyword=value pairs. +directives in the configuration file that would apply are applied before the +configuration is written to standard output. +The connection parameters are supplied as keyword=value pairs and may be +supplied in any order, either with multiple +.Fl C +options or as a comma-separated list. The keywords are +.Dq addr, .Dq user , .Dq host , .Dq laddr , .Dq lport , and -.Dq addr . -All are required and may be supplied in any order, either with multiple -.Fl C -options or as a comma-separated list. +.Dq rdomain +and correspond to source address, user, resolved source host name, +local address, local port number and routing domain respectively. .It Fl c Ar host_certificate_file Specifies a path to a certificate file to identify .Nm @@ -164,7 +166,6 @@ This option must be given if is not run as root (as the normal host key files are normally not readable by anyone but root). The default is -.Pa /etc/ssh/ssh_host_dsa_key , .Pa /etc/ssh/ssh_host_ecdsa_key , .Pa /etc/ssh/ssh_host_ed25519_key and @@ -452,7 +453,7 @@ or the file and edit it. .Pp .Nm -enforces a minimum RSA key modulus size of 768 bits. +enforces a minimum RSA key modulus size of 1024 bits. .Pp The options (if present) consist of comma-separated option specifications. @@ -512,6 +513,10 @@ Environment processing is disabled by default and is controlled via the .Cm PermitUserEnvironment option. +.It Cm expiry-time="timespec" +Specifies a time after which the key will not be accepted. +The time may be specified as a YYYYMMDD date or a YYYYMMDDHHMM[SS] time +in the system time-zone. .It Cm from="pattern-list" Specifies that in addition to public key authentication, either the canonical name of the remote host or its IP address must be present in the @@ -566,6 +571,7 @@ matches any port. .It Cm port-forwarding Enable port forwarding previously disabled by the .Cm restrict +option. .It Cm principals="principals" On a .Cm cert-authority @@ -871,7 +877,6 @@ This file is used in exactly the same way as but allows host-based authentication without permitting login with rlogin/rsh. .Pp -.It Pa /etc/ssh/ssh_host_dsa_key .It Pa /etc/ssh/ssh_host_ecdsa_key .It Pa /etc/ssh/ssh_host_ed25519_key .It Pa /etc/ssh/ssh_host_rsa_key @@ -882,7 +887,6 @@ Note that .Nm does not start if these files are group/world-accessible. .Pp -.It Pa /etc/ssh/ssh_host_dsa_key.pub .It Pa /etc/ssh/ssh_host_ecdsa_key.pub .It Pa /etc/ssh/ssh_host_ed25519_key.pub .It Pa /etc/ssh/ssh_host_rsa_key.pub diff --git a/sshd.c b/sshd.c index 51a1aaf6ec86..fd95b681b7c5 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.492 2017/09/12 06:32:07 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.506 2018/03/03 03:15:51 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -119,6 +119,7 @@ #endif #include "monitor_wrap.h" #include "ssh-sandbox.h" +#include "auth-options.h" #include "version.h" #include "ssherr.h" @@ -144,7 +145,12 @@ char *config_file_name = _PATH_SERVER_CONFIG_FILE; */ int debug_flag = 0; -/* Flag indicating that the daemon should only test the configuration and keys. */ +/* + * Indicating that the daemon should only test the configuration and keys. + * If test_flag > 1 ("-T" flag), then sshd will also dump the effective + * configuration, optionally using connection information provided by the + * "-C" flag. + */ int test_flag = 0; /* Flag indicating that the daemon is being started from inetd. */ @@ -227,6 +233,9 @@ static int privsep_chroot = 1; /* global authentication context */ Authctxt *the_authctxt = NULL; +/* global key/cert auth options. XXX move to permanent ssh->authctxt? */ +struct sshauthopt *auth_opts = NULL; + /* sshd_config buffer */ Buffer cfg; @@ -278,7 +287,6 @@ sighup_handler(int sig) int save_errno = errno; received_sighup = 1; - signal(SIGHUP, sighup_handler); errno = save_errno; } @@ -328,8 +336,6 @@ main_sigchld_handler(int sig) while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || (pid < 0 && errno == EINTR)) ; - - signal(SIGCHLD, main_sigchld_handler); errno = save_errno; } @@ -441,16 +447,12 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) logit("Client version \"%.100s\" uses unsafe RSA signature " "scheme; disabling use of RSA keys", remote_version); } - if ((ssh->compat & SSH_BUG_DERIVEKEY) != 0) { - fatal("Client version \"%.100s\" uses unsafe key agreement; " - "refusing connection", remote_version); - } chop(server_version_string); debug("Local version string %.200s", server_version_string); - if (remote_major != 2 || - (remote_major == 1 && remote_minor != 99)) { + if (remote_major != 2 && + !(remote_major == 1 && remote_minor == 99)) { s = "Protocol major versions differ.\n"; (void) atomicio(vwrite, sock_out, s, strlen(s)); close(sock_in); @@ -467,7 +469,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) void destroy_sensitive_data(void) { - int i; + u_int i; for (i = 0; i < options.num_host_key_files; i++) { if (sensitive_data.host_keys[i]) { @@ -486,7 +488,7 @@ void demote_sensitive_data(void) { struct sshkey *tmp; - int i; + u_int i; for (i = 0; i < options.num_host_key_files; i++) { if (sensitive_data.host_keys[i]) { @@ -685,7 +687,7 @@ list_hostkey_types(void) Buffer b; const char *p; char *ret; - int i; + u_int i; struct sshkey *key; buffer_init(&b); @@ -707,6 +709,7 @@ list_hostkey_types(void) case KEY_DSA: case KEY_ECDSA: case KEY_ED25519: + case KEY_XMSS: if (buffer_len(&b) > 0) buffer_append(&b, ",", 1); p = key_ssh_name(key); @@ -728,6 +731,7 @@ list_hostkey_types(void) case KEY_DSA_CERT: case KEY_ECDSA_CERT: case KEY_ED25519_CERT: + case KEY_XMSS_CERT: if (buffer_len(&b) > 0) buffer_append(&b, ",", 1); p = key_ssh_name(key); @@ -745,7 +749,7 @@ list_hostkey_types(void) static struct sshkey * get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh) { - int i; + u_int i; struct sshkey *key; for (i = 0; i < options.num_host_key_files; i++) { @@ -754,6 +758,7 @@ get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh) case KEY_DSA_CERT: case KEY_ECDSA_CERT: case KEY_ED25519_CERT: + case KEY_XMSS_CERT: key = sensitive_data.host_certificates[i]; break; default: @@ -785,7 +790,7 @@ get_hostkey_private_by_type(int type, int nid, struct ssh *ssh) struct sshkey * get_hostkey_by_index(int ind) { - if (ind < 0 || ind >= options.num_host_key_files) + if (ind < 0 || (u_int)ind >= options.num_host_key_files) return (NULL); return (sensitive_data.host_keys[ind]); } @@ -793,7 +798,7 @@ get_hostkey_by_index(int ind) struct sshkey * get_hostkey_public_by_index(int ind, struct ssh *ssh) { - if (ind < 0 || ind >= options.num_host_key_files) + if (ind < 0 || (u_int)ind >= options.num_host_key_files) return (NULL); return (sensitive_data.host_pubkeys[ind]); } @@ -801,7 +806,7 @@ get_hostkey_public_by_index(int ind, struct ssh *ssh) int get_hostkey_index(struct sshkey *key, int compare, struct ssh *ssh) { - int i; + u_int i; for (i = 0; i < options.num_host_key_files; i++) { if (key_is_cert(key)) { @@ -830,7 +835,8 @@ notify_hostkeys(struct ssh *ssh) { struct sshbuf *buf; struct sshkey *key; - int i, nkeys, r; + u_int i, nkeys; + int r; char *fp; /* Some clients cannot cope with the hostkeys message, skip those. */ @@ -861,7 +867,7 @@ notify_hostkeys(struct ssh *ssh) packet_put_string(sshbuf_ptr(buf), sshbuf_len(buf)); nkeys++; } - debug3("%s: sent %d hostkeys", __func__, nkeys); + debug3("%s: sent %u hostkeys", __func__, nkeys); if (nkeys == 0) fatal("%s: no hostkeys", __func__); packet_send(); @@ -1014,13 +1020,13 @@ server_accept_inetd(int *sock_in, int *sock_out) * Listen for TCP connections */ static void -server_listen(void) +listen_on_addrs(struct listenaddr *la) { - int ret, listen_sock, on = 1; + int ret, listen_sock; struct addrinfo *ai; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; - for (ai = options.listen_addrs; ai; ai = ai->ai_next) { + for (ai = la->addrs; ai; ai = ai->ai_next) { if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) continue; if (num_listen_socks >= MAX_LISTEN_SOCKS) @@ -1050,13 +1056,13 @@ server_listen(void) close(listen_sock); continue; } - /* - * Set socket options. - * Allow local port reuse in TIME_WAIT. - */ - if (setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, - &on, sizeof(on)) == -1) - error("setsockopt SO_REUSEADDR: %s", strerror(errno)); + /* Socket options */ + set_reuseaddr(listen_sock); + if (la->rdomain != NULL && + set_rdomain(listen_sock, la->rdomain) == -1) { + close(listen_sock); + continue; + } /* Only communicate in IPv6 over AF_INET6 sockets. */ if (ai->ai_family == AF_INET6) @@ -1078,9 +1084,28 @@ server_listen(void) if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0) fatal("listen on [%s]:%s: %.100s", ntop, strport, strerror(errno)); - logit("Server listening on %s port %s.", ntop, strport); + logit("Server listening on %s port %s%s%s.", + ntop, strport, + la->rdomain == NULL ? "" : " rdomain ", + la->rdomain == NULL ? "" : la->rdomain); + } +} + +static void +server_listen(void) +{ + u_int i; + + for (i = 0; i < options.num_listen_addrs; i++) { + listen_on_addrs(&options.listen_addrs[i]); + freeaddrinfo(options.listen_addrs[i].addrs); + free(options.listen_addrs[i].rdomain); + memset(&options.listen_addrs[i], 0, + sizeof(options.listen_addrs[i])); } - freeaddrinfo(options.listen_addrs); + free(options.listen_addrs); + options.listen_addrs = NULL; + options.num_listen_addrs = 0; if (!num_listen_socks) fatal("Cannot bind any address."); @@ -1348,6 +1373,46 @@ check_ip_options(struct ssh *ssh) #endif /* IP_OPTIONS */ } +/* Set the routing domain for this process */ +static void +set_process_rdomain(struct ssh *ssh, const char *name) +{ +#if defined(HAVE_SYS_SET_PROCESS_RDOMAIN) + if (name == NULL) + return; /* default */ + + if (strcmp(name, "%D") == 0) { + /* "expands" to routing domain of connection */ + if ((name = ssh_packet_rdomain_in(ssh)) == NULL) + return; + } + /* NB. We don't pass 'ssh' to sys_set_process_rdomain() */ + return sys_set_process_rdomain(name); +#elif defined(__OpenBSD__) + int rtable, ortable = getrtable(); + const char *errstr; + + if (name == NULL) + return; /* default */ + + if (strcmp(name, "%D") == 0) { + /* "expands" to routing domain of connection */ + if ((name = ssh_packet_rdomain_in(ssh)) == NULL) + return; + } + + rtable = (int)strtonum(name, 0, 255, &errstr); + if (errstr != NULL) /* Shouldn't happen */ + fatal("Invalid routing domain \"%s\": %s", name, errstr); + if (rtable != ortable && setrtable(rtable) != 0) + fatal("Unable to set routing domain %d: %s", + rtable, strerror(errno)); + debug("%s: set routing domain %d (was %d)", __func__, rtable, ortable); +#else /* defined(__OpenBSD__) */ + fatal("Unable to set routing domain: not supported in this platform"); +#endif +} + /* * Main program for the daemon. */ @@ -1357,20 +1422,19 @@ main(int ac, char **av) struct ssh *ssh = NULL; extern char *optarg; extern int optind; - int r, opt, i, j, on = 1, already_daemon; + int r, opt, on = 1, already_daemon, remote_port; int sock_in = -1, sock_out = -1, newsock = -1; - const char *remote_ip; - int remote_port; + const char *remote_ip, *rdomain; char *fp, *line, *laddr, *logfile = NULL; int config_s[2] = { -1 , -1 }; - u_int n; + u_int i, j; u_int64_t ibytes, obytes; mode_t new_umask; struct sshkey *key; struct sshkey *pubkey; int keytype; Authctxt *authctxt; - struct connection_info *connection_info = get_connection_info(0, 0); + struct connection_info *connection_info = NULL; ssh_malloc_init(); /* must be called before any mallocs */ @@ -1383,7 +1447,7 @@ main(int ac, char **av) saved_argc = ac; rexec_argc = ac; saved_argv = xcalloc(ac + 1, sizeof(*saved_argv)); - for (i = 0; i < ac; i++) + for (i = 0; (int)i < ac; i++) saved_argv[i] = xstrdup(av[i]); saved_argv[i] = NULL; @@ -1416,12 +1480,8 @@ main(int ac, char **av) config_file_name = optarg; break; case 'c': - if (options.num_host_cert_files >= MAX_HOSTCERTS) { - fprintf(stderr, "too many host certificates.\n"); - exit(1); - } - options.host_cert_files[options.num_host_cert_files++] = - derelativise_path(optarg); + servconf_add_hostcert("[command-line]", 0, + &options, optarg); break; case 'd': if (debug_flag == 0) { @@ -1480,12 +1540,8 @@ main(int ac, char **av) /* protocol 1, ignored */ break; case 'h': - if (options.num_host_key_files >= MAX_HOSTKEYS) { - fprintf(stderr, "too many host keys.\n"); - exit(1); - } - options.host_key_files[options.num_host_key_files++] = - derelativise_path(optarg); + servconf_add_hostkey("[command-line]", 0, + &options, optarg); break; case 't': test_flag = 1; @@ -1494,6 +1550,7 @@ main(int ac, char **av) test_flag = 2; break; case 'C': + connection_info = get_connection_info(0, 0); if (parse_server_match_testspec(connection_info, optarg) == -1) exit(1); @@ -1552,24 +1609,13 @@ main(int ac, char **av) if (getenv("KRB5CCNAME") != NULL) (void) unsetenv("KRB5CCNAME"); -#ifdef _UNICOS - /* Cray can define user privs drop all privs now! - * Not needed on PRIV_SU systems! - */ - drop_cray_privs(); -#endif - sensitive_data.have_ssh2_key = 0; /* - * If we're doing an extended config test, make sure we have all of - * the parameters we need. If we're not doing an extended test, - * do not silently ignore connection test params. + * If we're not doing an extended test do not silently ignore connection + * test params. */ - if (test_flag >= 2 && server_match_spec_complete(connection_info) == 0) - fatal("user, host and addr are all required when testing " - "Match configs"); - if (test_flag < 2 && server_match_spec_complete(connection_info) >= 0) + if (test_flag < 2 && connection_info != NULL) fatal("Config test connection parameter (-C) provided without " "test mode (-T)"); @@ -1611,12 +1657,12 @@ main(int ac, char **av) * and warns for trivial misconfigurations that could break login. */ if (options.num_auth_methods != 0) { - for (n = 0; n < options.num_auth_methods; n++) { - if (auth2_methods_valid(options.auth_methods[n], + for (i = 0; i < options.num_auth_methods; i++) { + if (auth2_methods_valid(options.auth_methods[i], 1) == 0) break; } - if (n >= options.num_auth_methods) + if (i >= options.num_auth_methods) fatal("AuthenticationMethods cannot be satisfied by " "enabled authentication methods"); } @@ -1642,10 +1688,8 @@ main(int ac, char **av) fatal("Privilege separation user %s does not exist", SSH_PRIVSEP_USER); } else { - explicit_bzero(privsep_pw->pw_passwd, - strlen(privsep_pw->pw_passwd)); privsep_pw = pwcopy(privsep_pw); - free(privsep_pw->pw_passwd); + freezero(privsep_pw->pw_passwd, strlen(privsep_pw->pw_passwd)); privsep_pw->pw_passwd = xstrdup("*"); } endpwent(); @@ -1697,6 +1741,7 @@ main(int ac, char **av) case KEY_DSA: case KEY_ECDSA: case KEY_ED25519: + case KEY_XMSS: if (have_agent || key != NULL) sensitive_data.have_ssh2_key = 1; break; @@ -1752,7 +1797,7 @@ main(int ac, char **av) continue; } sensitive_data.host_certificates[j] = key; - debug("host certificate: #%d type %d %s", j, key->type, + debug("host certificate: #%u type %d %s", j, key->type, key_type(key)); } @@ -1776,8 +1821,13 @@ main(int ac, char **av) } if (test_flag > 1) { - if (server_match_spec_complete(connection_info) == 1) - parse_server_match_config(&options, connection_info); + /* + * If no connection info was provided by -C then use + * use a blank one that will cause no predicate to match. + */ + if (connection_info == NULL) + connection_info = get_connection_info(0, 0); + parse_server_match_config(&options, connection_info); dump_config(&options); } @@ -1796,8 +1846,10 @@ main(int ac, char **av) debug("setgroups() failed: %.200s", strerror(errno)); if (rexec_flag) { + if (rexec_argc < 0) + fatal("rexec_argc %d < 0", rexec_argc); rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *)); - for (i = 0; i < rexec_argc; i++) { + for (i = 0; i < (u_int)rexec_argc; i++) { debug("rexec_argv[%d]='%s'", i, saved_argv[i]); rexec_argv[i] = saved_argv[i]; } @@ -1970,6 +2022,9 @@ main(int ac, char **av) cleanup_exit(255); } + if (options.routing_domain != NULL) + set_process_rdomain(ssh, options.routing_domain); + /* * The rest of the code depends on the fact that * ssh_remote_ipaddr() caches the remote ip, even if @@ -1981,10 +2036,15 @@ main(int ac, char **av) audit_connection_from(remote_ip, remote_port); #endif + rdomain = ssh_packet_rdomain_in(ssh); + /* Log the connection. */ laddr = get_local_ipaddr(sock_in); - verbose("Connection from %s port %d on %s port %d", - remote_ip, remote_port, laddr, ssh_local_port(ssh)); + verbose("Connection from %s port %d on %s port %d%s%s%s", + remote_ip, remote_port, laddr, ssh_local_port(ssh), + rdomain == NULL ? "" : " rdomain \"", + rdomain == NULL ? "" : rdomain, + rdomain == NULL ? "" : "\""); free(laddr); /* @@ -2010,6 +2070,10 @@ main(int ac, char **av) /* XXX global for cleanup, access from other modules */ the_authctxt = authctxt; + /* Set default key authentication options */ + if ((auth_opts = sshauthopt_new_with_keys_defaults()) == NULL) + fatal("allocation failed"); + /* prepare buffer to collect messages to display to user after login */ buffer_init(&loginmsg); auth_debug_reset(); @@ -2066,7 +2130,7 @@ main(int ac, char **av) #ifdef USE_PAM if (options.use_pam) { do_pam_setcred(1); - do_pam_session(); + do_pam_session(ssh); } #endif diff --git a/sshd_config b/sshd_config index 4eb2e02e0448..3109d5d73754 100644 --- a/sshd_config +++ b/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $ +# $OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -16,7 +16,6 @@ #ListenAddress :: #HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key diff --git a/sshd_config.0 b/sshd_config.0 index 678ee14b4d3d..95c17fc8ddf0 100644 --- a/sshd_config.0 +++ b/sshd_config.0 @@ -6,9 +6,10 @@ NAME DESCRIPTION sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file specified with -f on the command line). The file contains keyword- - argument pairs, one per line. Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines - are interpreted as comments. Arguments may optionally be enclosed in - double quotes (") in order to represent arguments containing spaces. + argument pairs, one per line. For each keyword, the first obtained value + will be used. Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are interpreted as + comments. Arguments may optionally be enclosed in double quotes (") in + order to represent arguments containing spaces. The possible keywords and their meanings are as follows (note that keywords are case-insensitive and arguments are case-sensitive): @@ -422,9 +423,8 @@ DESCRIPTION HostKey Specifies a file containing a private host key used by SSH. The - defaults are /etc/ssh/ssh_host_dsa_key, - /etc/ssh/ssh_host_ecdsa_key, /etc/ssh/ssh_host_ed25519_key and - /etc/ssh/ssh_host_rsa_key. + defaults are /etc/ssh/ssh_host_ecdsa_key, + /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key. Note that sshd(8) will refuse to use a file if it is group/world- accessible and that the HostKeyAlgorithms option restricts which @@ -465,8 +465,9 @@ DESCRIPTION IgnoreUserKnownHosts Specifies whether sshd(8) should ignore the user's - ~/.ssh/known_hosts during HostbasedAuthentication. The default - is no. + ~/.ssh/known_hosts during HostbasedAuthentication and use only + the system-wide known hosts file /etc/ssh/known_hosts. The + default is no. IPQoS Specifies the IPv4 type-of-service or DSCP class for the connection. Accepted values are af11, af12, af13, af21, af22, @@ -521,6 +522,9 @@ DESCRIPTION curve25519-sha256@libssh.org diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 + diffie-hellman-group14-sha256 + diffie-hellman-group16-sha512 + diffie-hellman-group18-sha512 diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 @@ -532,7 +536,8 @@ DESCRIPTION curve25519-sha256,curve25519-sha256@libssh.org, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, - diffie-hellman-group14-sha1 + diffie-hellman-group16-sha512,diffie-hellman-group18-sha512, + diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 The list of available key exchange algorithms may also be obtained using "ssh -Q kex". @@ -541,13 +546,18 @@ DESCRIPTION Specifies the local addresses sshd(8) should listen on. The following forms may be used: - ListenAddress host|IPv4_addr|IPv6_addr - ListenAddress host|IPv4_addr:port - ListenAddress [host|IPv6_addr]:port + ListenAddress hostname|address [rdomain domain] + ListenAddress hostname:port [rdomain domain] + ListenAddress IPv4_address:port [rdomain domain] + ListenAddress [hostname|address]:port [rdomain domain] - If port is not specified, sshd will listen on the address and all - Port options specified. The default is to listen on all local - addresses. Multiple ListenAddress options are permitted. + The optional rdomain qualifier requests sshd(8) listen in an + explicit routing domain. If port is not specified, sshd will + listen on the address and all Port options specified. The + default is to listen on all local addresses on the current + default routing domain. Multiple ListenAddress options are + permitted. For more information on routing domains, see + rdomain(4). LoginGraceTime The server disconnects after this time if the user has not @@ -612,10 +622,13 @@ DESCRIPTION The arguments to Match are one or more criteria-pattern pairs or the single token All which matches all criteria. The available - criteria are User, Group, Host, LocalAddress, LocalPort, and - Address. The match patterns may consist of single entries or - comma-separated lists and may use the wildcard and negation - operators described in the PATTERNS section of ssh_config(5). + criteria are User, Group, Host, LocalAddress, LocalPort, RDomain, + and Address (with RDomain representing the rdomain(4) on which + the connection was received.) + + The match patterns may consist of single entries or comma- + separated lists and may use the wildcard and negation operators + described in the PATTERNS section of ssh_config(5). The patterns in an Address criteria may additionally contain addresses to match in CIDR address/masklen format, such as @@ -640,7 +653,7 @@ DESCRIPTION MaxAuthTries, MaxSessions, PasswordAuthentication, PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTTY, PermitTunnel, PermitUserRC, PubkeyAcceptedKeyTypes, - PubkeyAuthentication, RekeyLimit, RevokedKeys, + PubkeyAuthentication, RekeyLimit, RevokedKeys, RDomain, StreamLocalBindMask, StreamLocalBindUnlink, TrustedUserCAKeys, X11DisplayOffset, X11Forwarding and X11UseLocalHost. @@ -700,12 +713,12 @@ DESCRIPTION PermitRootLogin Specifies whether root can log in using ssh(1). The argument - must be yes, prohibit-password, without-password, - forced-commands-only, or no. The default is prohibit-password. + must be yes, prohibit-password, forced-commands-only, or no. The + default is prohibit-password. - If this option is set to prohibit-password or without-password, - password and keyboard-interactive authentication are disabled for - root. + If this option is set to prohibit-password (or its deprecated + alias, without-password), password and keyboard-interactive + authentication are disabled for root. If this option is set to forced-commands-only, root login with public key authentication will be allowed, but only if the @@ -807,6 +820,13 @@ DESCRIPTION ssh-keygen(1). For more information on KRLs, see the KEY REVOCATION LISTS section in ssh-keygen(1). + RDomain + Specifies an explicit routing domain that is applied after + authentication has completed. The user session, as well and any + forwarded or listening IP sockets, will be bound to this + rdomain(4). If the routing domain is set to %D, then the domain + in which the incoming connection was received will be applied. + StreamLocalBindMask Sets the octal file creation mode mask (umask) used when creating a Unix-domain socket file for local or remote port forwarding. @@ -980,6 +1000,8 @@ TOKENS runtime: %% A literal M-bM-^@M-^X%M-bM-^@M-^Y. + %D The routing domain in which the incoming connection was + received. %F The fingerprint of the CA key. %f The fingerprint of the key or certificate. %h The home directory of the user. @@ -1002,6 +1024,8 @@ TOKENS ChrootDirectory accepts the tokens %%, %h, and %u. + RoutingDomain accepts the token %D. + FILES /etc/ssh/sshd_config Contains configuration data for sshd(8). This file should be @@ -1019,4 +1043,4 @@ AUTHORS versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support for privilege separation. -OpenBSD 6.2 September 27, 2017 OpenBSD 6.2 +OpenBSD 6.2 February 16, 2018 OpenBSD 6.2 diff --git a/sshd_config.5 b/sshd_config.5 index 251b7467fd28..e3c7c3936dd3 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.253 2017/09/27 06:45:53 jmc Exp $ -.Dd $Mdocdate: September 27 2017 $ +.\" $OpenBSD: sshd_config.5,v 1.263 2018/02/16 02:40:45 djm Exp $ +.Dd $Mdocdate: February 16 2018 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -48,6 +48,7 @@ reads configuration data from .Fl f on the command line). The file contains keyword-argument pairs, one per line. +For each keyword, the first obtained value will be used. Lines starting with .Ql # and empty lines are interpreted as comments. @@ -713,7 +714,6 @@ is not to load any certificates. Specifies a file containing a private host key used by SSH. The defaults are -.Pa /etc/ssh/ssh_host_dsa_key , .Pa /etc/ssh/ssh_host_ecdsa_key , .Pa /etc/ssh/ssh_host_ed25519_key and @@ -776,7 +776,9 @@ Specifies whether should ignore the user's .Pa ~/.ssh/known_hosts during -.Cm HostbasedAuthentication . +.Cm HostbasedAuthentication +and use only the system-wide known hosts file +.Pa /etc/ssh/known_hosts . The default is .Cm no . .It Cm IPQoS @@ -877,6 +879,12 @@ diffie-hellman-group1-sha1 .It diffie-hellman-group14-sha1 .It +diffie-hellman-group14-sha256 +.It +diffie-hellman-group16-sha512 +.It +diffie-hellman-group18-sha512 +.It diffie-hellman-group-exchange-sha1 .It diffie-hellman-group-exchange-sha256 @@ -893,7 +901,8 @@ The default is: curve25519-sha256,curve25519-sha256@libssh.org, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, -diffie-hellman-group14-sha1 +diffie-hellman-group16-sha512,diffie-hellman-group18-sha512, +diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 .Ed .Pp The list of available key exchange algorithms may also be obtained using @@ -908,31 +917,47 @@ The following forms may be used: .It .Cm ListenAddress .Sm off -.Ar host | Ar IPv4_addr | Ar IPv6_addr +.Ar hostname | address +.Sm on +.Op Cm rdomain Ar domain +.It +.Cm ListenAddress +.Sm off +.Ar hostname : port .Sm on +.Op Cm rdomain Ar domain .It .Cm ListenAddress .Sm off -.Ar host | Ar IPv4_addr : Ar port +.Ar IPv4_address : port .Sm on +.Op Cm rdomain Ar domain .It .Cm ListenAddress .Sm off -.Oo -.Ar host | Ar IPv6_addr Oc : Ar port +.Oo Ar hostname | address Oc : Ar port .Sm on +.Op Cm rdomain Ar domain .El .Pp +The optional +.Cm rdomain +qualifier requests +.Xr sshd 8 +listen in an explicit routing domain. If .Ar port is not specified, sshd will listen on the address and all .Cm Port options specified. -The default is to listen on all local addresses. +The default is to listen on all local addresses on the current default +routing domain. Multiple .Cm ListenAddress options are permitted. +For more information on routing domains, see +.Xr rdomain 4 . .It Cm LoginGraceTime The server disconnects after this time if the user has not successfully logged in. @@ -1036,8 +1061,15 @@ The available criteria are .Cm Host , .Cm LocalAddress , .Cm LocalPort , +.Cm RDomain , and -.Cm Address . +.Cm Address +(with +.Cm RDomain +representing the +.Xr rdomain 4 +on which the connection was received.) +.Pp The match patterns may consist of single entries or comma-separated lists and may use the wildcard and negation operators described in the .Sx PATTERNS @@ -1100,6 +1132,7 @@ Available keywords are .Cm PubkeyAuthentication , .Cm RekeyLimit , .Cm RevokedKeys , +.Cm RDomain , .Cm StreamLocalBindMask , .Cm StreamLocalBindUnlink , .Cm TrustedUserCAKeys , @@ -1188,7 +1221,6 @@ Specifies whether root can log in using The argument must be .Cm yes , .Cm prohibit-password , -.Cm without-password , .Cm forced-commands-only , or .Cm no . @@ -1197,8 +1229,8 @@ The default is .Pp If this option is set to .Cm prohibit-password -or -.Cm without-password , +(or its deprecated alias, +.Cm without-password ) , password and keyboard-interactive authentication are disabled for root. .Pp If this option is set to @@ -1361,6 +1393,15 @@ an OpenSSH Key Revocation List (KRL) as generated by .Xr ssh-keygen 1 . For more information on KRLs, see the KEY REVOCATION LISTS section in .Xr ssh-keygen 1 . +.It Cm RDomain +Specifies an explicit routing domain that is applied after authentication +has completed. +The user session, as well and any forwarded or listening IP sockets, +will be bound to this +.Xr rdomain 4 . +If the routing domain is set to +.Cm \&%D , +then the domain in which the incoming connection was received will be applied. .It Cm StreamLocalBindMask Sets the octal file creation mode mask .Pq umask @@ -1626,6 +1667,8 @@ which are expanded at runtime: .It %% A literal .Sq % . +.It \&%D +The routing domain in which the incoming connection was received. .It %F The fingerprint of the CA key. .It %f @@ -1662,6 +1705,9 @@ accepts the tokens %%, %h, and %u. .Pp .Cm ChrootDirectory accepts the tokens %%, %h, and %u. +.Pp +.Cm RoutingDomain +accepts the token %D. .Sh FILES .Bl -tag -width Ds .It Pa /etc/ssh/sshd_config diff --git a/sshkey-xmss.c b/sshkey-xmss.c new file mode 100644 index 000000000000..5d66ee790350 --- /dev/null +++ b/sshkey-xmss.c @@ -0,0 +1,1055 @@ +/* $OpenBSD: sshkey-xmss.c,v 1.1 2018/02/23 15:58:38 markus Exp $ */ +/* + * Copyright (c) 2017 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" +#ifdef WITH_XMSS + +#include +#include + +#include +#include +#include +#include +#include +#ifdef HAVE_SYS_FILE_H +# include +#endif + +#include "ssh2.h" +#include "ssherr.h" +#include "sshbuf.h" +#include "cipher.h" +#include "sshkey.h" +#include "sshkey-xmss.h" +#include "atomicio.h" + +#include "xmss_fast.h" + +/* opaque internal XMSS state */ +#define XMSS_MAGIC "xmss-state-v1" +#define XMSS_CIPHERNAME "aes256-gcm@openssh.com" +struct ssh_xmss_state { + xmss_params params; + u_int32_t n, w, h, k; + + bds_state bds; + u_char *stack; + u_int32_t stackoffset; + u_char *stacklevels; + u_char *auth; + u_char *keep; + u_char *th_nodes; + u_char *retain; + treehash_inst *treehash; + + u_int32_t idx; /* state read from file */ + u_int32_t maxidx; /* resticted # of signatures */ + int have_state; /* .state file exists */ + int lockfd; /* locked in sshkey_xmss_get_state() */ + int allow_update; /* allow sshkey_xmss_update_state() */ + char *enc_ciphername;/* encrypt state with cipher */ + u_char *enc_keyiv; /* encrypt state with key */ + u_int32_t enc_keyiv_len; /* length of enc_keyiv */ +}; + +int sshkey_xmss_init_bds_state(struct sshkey *); +int sshkey_xmss_init_enc_key(struct sshkey *, const char *); +void sshkey_xmss_free_bds(struct sshkey *); +int sshkey_xmss_get_state_from_file(struct sshkey *, const char *, + int *, sshkey_printfn *); +int sshkey_xmss_encrypt_state(const struct sshkey *, struct sshbuf *, + struct sshbuf **); +int sshkey_xmss_decrypt_state(const struct sshkey *, struct sshbuf *, + struct sshbuf **); +int sshkey_xmss_serialize_enc_key(const struct sshkey *, struct sshbuf *); +int sshkey_xmss_deserialize_enc_key(struct sshkey *, struct sshbuf *); + +#define PRINT(s...) do { if (pr) pr(s); } while (0) + +int +sshkey_xmss_init(struct sshkey *key, const char *name) +{ + struct ssh_xmss_state *state; + + if (key->xmss_state != NULL) + return SSH_ERR_INVALID_FORMAT; + if (name == NULL) + return SSH_ERR_INVALID_FORMAT; + state = calloc(sizeof(struct ssh_xmss_state), 1); + if (state == NULL) + return SSH_ERR_ALLOC_FAIL; + if (strcmp(name, XMSS_SHA2_256_W16_H10_NAME) == 0) { + state->n = 32; + state->w = 16; + state->h = 10; + } else if (strcmp(name, XMSS_SHA2_256_W16_H16_NAME) == 0) { + state->n = 32; + state->w = 16; + state->h = 16; + } else if (strcmp(name, XMSS_SHA2_256_W16_H20_NAME) == 0) { + state->n = 32; + state->w = 16; + state->h = 20; + } else { + free(state); + return SSH_ERR_KEY_TYPE_UNKNOWN; + } + if ((key->xmss_name = strdup(name)) == NULL) { + free(state); + return SSH_ERR_ALLOC_FAIL; + } + state->k = 2; /* XXX hardcoded */ + state->lockfd = -1; + if (xmss_set_params(&state->params, state->n, state->h, state->w, + state->k) != 0) { + free(state); + return SSH_ERR_INVALID_FORMAT; + } + key->xmss_state = state; + return 0; +} + +void +sshkey_xmss_free_state(struct sshkey *key) +{ + struct ssh_xmss_state *state = key->xmss_state; + + sshkey_xmss_free_bds(key); + if (state) { + if (state->enc_keyiv) { + explicit_bzero(state->enc_keyiv, state->enc_keyiv_len); + free(state->enc_keyiv); + } + free(state->enc_ciphername); + free(state); + } + key->xmss_state = NULL; +} + +#define SSH_XMSS_K2_MAGIC "k=2" +#define num_stack(x) ((x->h+1)*(x->n)) +#define num_stacklevels(x) (x->h+1) +#define num_auth(x) ((x->h)*(x->n)) +#define num_keep(x) ((x->h >> 1)*(x->n)) +#define num_th_nodes(x) ((x->h - x->k)*(x->n)) +#define num_retain(x) (((1ULL << x->k) - x->k - 1) * (x->n)) +#define num_treehash(x) ((x->h) - (x->k)) + +int +sshkey_xmss_init_bds_state(struct sshkey *key) +{ + struct ssh_xmss_state *state = key->xmss_state; + u_int32_t i; + + state->stackoffset = 0; + if ((state->stack = calloc(num_stack(state), 1)) == NULL || + (state->stacklevels = calloc(num_stacklevels(state), 1))== NULL || + (state->auth = calloc(num_auth(state), 1)) == NULL || + (state->keep = calloc(num_keep(state), 1)) == NULL || + (state->th_nodes = calloc(num_th_nodes(state), 1)) == NULL || + (state->retain = calloc(num_retain(state), 1)) == NULL || + (state->treehash = calloc(num_treehash(state), + sizeof(treehash_inst))) == NULL) { + sshkey_xmss_free_bds(key); + return SSH_ERR_ALLOC_FAIL; + } + for (i = 0; i < state->h - state->k; i++) + state->treehash[i].node = &state->th_nodes[state->n*i]; + xmss_set_bds_state(&state->bds, state->stack, state->stackoffset, + state->stacklevels, state->auth, state->keep, state->treehash, + state->retain, 0); + return 0; +} + +void +sshkey_xmss_free_bds(struct sshkey *key) +{ + struct ssh_xmss_state *state = key->xmss_state; + + if (state == NULL) + return; + free(state->stack); + free(state->stacklevels); + free(state->auth); + free(state->keep); + free(state->th_nodes); + free(state->retain); + free(state->treehash); + state->stack = NULL; + state->stacklevels = NULL; + state->auth = NULL; + state->keep = NULL; + state->th_nodes = NULL; + state->retain = NULL; + state->treehash = NULL; +} + +void * +sshkey_xmss_params(const struct sshkey *key) +{ + struct ssh_xmss_state *state = key->xmss_state; + + if (state == NULL) + return NULL; + return &state->params; +} + +void * +sshkey_xmss_bds_state(const struct sshkey *key) +{ + struct ssh_xmss_state *state = key->xmss_state; + + if (state == NULL) + return NULL; + return &state->bds; +} + +int +sshkey_xmss_siglen(const struct sshkey *key, size_t *lenp) +{ + struct ssh_xmss_state *state = key->xmss_state; + + if (lenp == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if (state == NULL) + return SSH_ERR_INVALID_FORMAT; + *lenp = 4 + state->n + + state->params.wots_par.keysize + + state->h * state->n; + return 0; +} + +size_t +sshkey_xmss_pklen(const struct sshkey *key) +{ + struct ssh_xmss_state *state = key->xmss_state; + + if (state == NULL) + return 0; + return state->n * 2; +} + +size_t +sshkey_xmss_sklen(const struct sshkey *key) +{ + struct ssh_xmss_state *state = key->xmss_state; + + if (state == NULL) + return 0; + return state->n * 4 + 4; +} + +int +sshkey_xmss_init_enc_key(struct sshkey *k, const char *ciphername) +{ + struct ssh_xmss_state *state = k->xmss_state; + const struct sshcipher *cipher; + size_t keylen = 0, ivlen = 0; + + if (state == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if ((cipher = cipher_by_name(ciphername)) == NULL) + return SSH_ERR_INTERNAL_ERROR; + if ((state->enc_ciphername = strdup(ciphername)) == NULL) + return SSH_ERR_ALLOC_FAIL; + keylen = cipher_keylen(cipher); + ivlen = cipher_ivlen(cipher); + state->enc_keyiv_len = keylen + ivlen; + if ((state->enc_keyiv = calloc(state->enc_keyiv_len, 1)) == NULL) { + free(state->enc_ciphername); + state->enc_ciphername = NULL; + return SSH_ERR_ALLOC_FAIL; + } + arc4random_buf(state->enc_keyiv, state->enc_keyiv_len); + return 0; +} + +int +sshkey_xmss_serialize_enc_key(const struct sshkey *k, struct sshbuf *b) +{ + struct ssh_xmss_state *state = k->xmss_state; + int r; + + if (state == NULL || state->enc_keyiv == NULL || + state->enc_ciphername == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if ((r = sshbuf_put_cstring(b, state->enc_ciphername)) != 0 || + (r = sshbuf_put_string(b, state->enc_keyiv, + state->enc_keyiv_len)) != 0) + return r; + return 0; +} + +int +sshkey_xmss_deserialize_enc_key(struct sshkey *k, struct sshbuf *b) +{ + struct ssh_xmss_state *state = k->xmss_state; + size_t len; + int r; + + if (state == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if ((r = sshbuf_get_cstring(b, &state->enc_ciphername, NULL)) != 0 || + (r = sshbuf_get_string(b, &state->enc_keyiv, &len)) != 0) + return r; + state->enc_keyiv_len = len; + return 0; +} + +int +sshkey_xmss_serialize_pk_info(const struct sshkey *k, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + struct ssh_xmss_state *state = k->xmss_state; + u_char have_info = 1; + u_int32_t idx; + int r; + + if (state == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if (opts != SSHKEY_SERIALIZE_INFO) + return 0; + idx = k->xmss_sk ? PEEK_U32(k->xmss_sk) : state->idx; + if ((r = sshbuf_put_u8(b, have_info)) != 0 || + (r = sshbuf_put_u32(b, idx)) != 0 || + (r = sshbuf_put_u32(b, state->maxidx)) != 0) + return r; + return 0; +} + +int +sshkey_xmss_deserialize_pk_info(struct sshkey *k, struct sshbuf *b) +{ + struct ssh_xmss_state *state = k->xmss_state; + u_char have_info; + int r; + + if (state == NULL) + return SSH_ERR_INVALID_ARGUMENT; + /* optional */ + if (sshbuf_len(b) == 0) + return 0; + if ((r = sshbuf_get_u8(b, &have_info)) != 0) + return r; + if (have_info != 1) + return SSH_ERR_INVALID_ARGUMENT; + if ((r = sshbuf_get_u32(b, &state->idx)) != 0 || + (r = sshbuf_get_u32(b, &state->maxidx)) != 0) + return r; + return 0; +} + +int +sshkey_xmss_generate_private_key(struct sshkey *k, u_int bits) +{ + int r; + const char *name; + + if (bits == 10) { + name = XMSS_SHA2_256_W16_H10_NAME; + } else if (bits == 16) { + name = XMSS_SHA2_256_W16_H16_NAME; + } else if (bits == 20) { + name = XMSS_SHA2_256_W16_H20_NAME; + } else { + name = XMSS_DEFAULT_NAME; + } + if ((r = sshkey_xmss_init(k, name)) != 0 || + (r = sshkey_xmss_init_bds_state(k)) != 0 || + (r = sshkey_xmss_init_enc_key(k, XMSS_CIPHERNAME)) != 0) + return r; + if ((k->xmss_pk = malloc(sshkey_xmss_pklen(k))) == NULL || + (k->xmss_sk = malloc(sshkey_xmss_sklen(k))) == NULL) { + return SSH_ERR_ALLOC_FAIL; + } + xmss_keypair(k->xmss_pk, k->xmss_sk, sshkey_xmss_bds_state(k), + sshkey_xmss_params(k)); + return 0; +} + +int +sshkey_xmss_get_state_from_file(struct sshkey *k, const char *filename, + int *have_file, sshkey_printfn *pr) +{ + struct sshbuf *b = NULL, *enc = NULL; + int ret = SSH_ERR_SYSTEM_ERROR, r, fd = -1; + u_int32_t len; + unsigned char buf[4], *data = NULL; + + *have_file = 0; + if ((fd = open(filename, O_RDONLY)) >= 0) { + *have_file = 1; + if (atomicio(read, fd, buf, sizeof(buf)) != sizeof(buf)) { + PRINT("%s: corrupt state file: %s", __func__, filename); + goto done; + } + len = PEEK_U32(buf); + if ((data = calloc(len, 1)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto done; + } + if (atomicio(read, fd, data, len) != len) { + PRINT("%s: cannot read blob: %s", __func__, filename); + goto done; + } + if ((enc = sshbuf_from(data, len)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto done; + } + sshkey_xmss_free_bds(k); + if ((r = sshkey_xmss_decrypt_state(k, enc, &b)) != 0) { + ret = r; + goto done; + } + if ((r = sshkey_xmss_deserialize_state(k, b)) != 0) { + ret = r; + goto done; + } + ret = 0; + } +done: + if (fd != -1) + close(fd); + free(data); + sshbuf_free(enc); + sshbuf_free(b); + return ret; +} + +int +sshkey_xmss_get_state(const struct sshkey *k, sshkey_printfn *pr) +{ + struct ssh_xmss_state *state = k->xmss_state; + u_int32_t idx = 0; + char *filename = NULL; + char *statefile = NULL, *ostatefile = NULL, *lockfile = NULL; + int lockfd = -1, have_state = 0, have_ostate, tries = 0; + int ret = SSH_ERR_INVALID_ARGUMENT, r; + + if (state == NULL) + goto done; + /* + * If maxidx is set, then we are allowed a limited number + * of signatures, but don't need to access the disk. + * Otherwise we need to deal with the on-disk state. + */ + if (state->maxidx) { + /* xmss_sk always contains the current state */ + idx = PEEK_U32(k->xmss_sk); + if (idx < state->maxidx) { + state->allow_update = 1; + return 0; + } + return SSH_ERR_INVALID_ARGUMENT; + } + if ((filename = k->xmss_filename) == NULL) + goto done; + if (asprintf(&lockfile, "%s.lock", filename) < 0 || + asprintf(&statefile, "%s.state", filename) < 0 || + asprintf(&ostatefile, "%s.ostate", filename) < 0) { + ret = SSH_ERR_ALLOC_FAIL; + goto done; + } + if ((lockfd = open(lockfile, O_CREAT|O_RDONLY, 0600)) < 0) { + ret = SSH_ERR_SYSTEM_ERROR; + PRINT("%s: cannot open/create: %s", __func__, lockfile); + goto done; + } + while (flock(lockfd, LOCK_EX|LOCK_NB) < 0) { + if (errno != EWOULDBLOCK) { + ret = SSH_ERR_SYSTEM_ERROR; + PRINT("%s: cannot lock: %s", __func__, lockfile); + goto done; + } + if (++tries > 10) { + ret = SSH_ERR_SYSTEM_ERROR; + PRINT("%s: giving up on: %s", __func__, lockfile); + goto done; + } + usleep(1000*100*tries); + } + /* XXX no longer const */ + if ((r = sshkey_xmss_get_state_from_file((struct sshkey *)k, + statefile, &have_state, pr)) != 0) { + if ((r = sshkey_xmss_get_state_from_file((struct sshkey *)k, + ostatefile, &have_ostate, pr)) == 0) { + state->allow_update = 1; + r = sshkey_xmss_forward_state(k, 1); + state->idx = PEEK_U32(k->xmss_sk); + state->allow_update = 0; + } + } + if (!have_state && !have_ostate) { + /* check that bds state is initialized */ + if (state->bds.auth == NULL) + goto done; + PRINT("%s: start from scratch idx 0: %u", __func__, state->idx); + } else if (r != 0) { + ret = r; + goto done; + } + if (state->idx + 1 < state->idx) { + PRINT("%s: state wrap: %u", __func__, state->idx); + goto done; + } + state->have_state = have_state; + state->lockfd = lockfd; + state->allow_update = 1; + lockfd = -1; + ret = 0; +done: + if (lockfd != -1) + close(lockfd); + free(lockfile); + free(statefile); + free(ostatefile); + return ret; +} + +int +sshkey_xmss_forward_state(const struct sshkey *k, u_int32_t reserve) +{ + struct ssh_xmss_state *state = k->xmss_state; + u_char *sig = NULL; + size_t required_siglen; + unsigned long long smlen; + u_char data; + int ret, r; + + if (state == NULL || !state->allow_update) + return SSH_ERR_INVALID_ARGUMENT; + if (reserve == 0) + return SSH_ERR_INVALID_ARGUMENT; + if (state->idx + reserve <= state->idx) + return SSH_ERR_INVALID_ARGUMENT; + if ((r = sshkey_xmss_siglen(k, &required_siglen)) != 0) + return r; + if ((sig = malloc(required_siglen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + while (reserve-- > 0) { + state->idx = PEEK_U32(k->xmss_sk); + smlen = required_siglen; + if ((ret = xmss_sign(k->xmss_sk, sshkey_xmss_bds_state(k), + sig, &smlen, &data, 0, sshkey_xmss_params(k))) != 0) { + r = SSH_ERR_INVALID_ARGUMENT; + break; + } + } + free(sig); + return r; +} + +int +sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr) +{ + struct ssh_xmss_state *state = k->xmss_state; + struct sshbuf *b = NULL, *enc = NULL; + u_int32_t idx = 0; + unsigned char buf[4]; + char *filename = NULL; + char *statefile = NULL, *ostatefile = NULL, *nstatefile = NULL; + int fd = -1; + int ret = SSH_ERR_INVALID_ARGUMENT; + + if (state == NULL || !state->allow_update) + return ret; + if (state->maxidx) { + /* no update since the number of signatures is limited */ + ret = 0; + goto done; + } + idx = PEEK_U32(k->xmss_sk); + if (idx == state->idx) { + /* no signature happend, no need to update */ + ret = 0; + goto done; + } else if (idx != state->idx + 1) { + PRINT("%s: more than one signature happened: idx %u state %u", + __func__, idx, state->idx); + goto done; + } + state->idx = idx; + if ((filename = k->xmss_filename) == NULL) + goto done; + if (asprintf(&statefile, "%s.state", filename) < 0 || + asprintf(&ostatefile, "%s.ostate", filename) < 0 || + asprintf(&nstatefile, "%s.nstate", filename) < 0) { + ret = SSH_ERR_ALLOC_FAIL; + goto done; + } + unlink(nstatefile); + if ((b = sshbuf_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto done; + } + if ((ret = sshkey_xmss_serialize_state(k, b)) != 0) { + PRINT("%s: SERLIALIZE FAILED: %d", __func__, ret); + goto done; + } + if ((ret = sshkey_xmss_encrypt_state(k, b, &enc)) != 0) { + PRINT("%s: ENCRYPT FAILED: %d", __func__, ret); + goto done; + } + if ((fd = open(nstatefile, O_CREAT|O_WRONLY|O_EXCL, 0600)) < 0) { + ret = SSH_ERR_SYSTEM_ERROR; + PRINT("%s: open new state file: %s", __func__, nstatefile); + goto done; + } + POKE_U32(buf, sshbuf_len(enc)); + if (atomicio(vwrite, fd, buf, sizeof(buf)) != sizeof(buf)) { + ret = SSH_ERR_SYSTEM_ERROR; + PRINT("%s: write new state file hdr: %s", __func__, nstatefile); + close(fd); + goto done; + } + if (atomicio(vwrite, fd, (void *)sshbuf_ptr(enc), sshbuf_len(enc)) != + sshbuf_len(enc)) { + ret = SSH_ERR_SYSTEM_ERROR; + PRINT("%s: write new state file data: %s", __func__, nstatefile); + close(fd); + goto done; + } + if (fsync(fd) < 0) { + ret = SSH_ERR_SYSTEM_ERROR; + PRINT("%s: sync new state file: %s", __func__, nstatefile); + close(fd); + goto done; + } + if (close(fd) < 0) { + ret = SSH_ERR_SYSTEM_ERROR; + PRINT("%s: close new state file: %s", __func__, nstatefile); + goto done; + } + if (state->have_state) { + unlink(ostatefile); + if (link(statefile, ostatefile)) { + ret = SSH_ERR_SYSTEM_ERROR; + PRINT("%s: backup state %s to %s", __func__, statefile, + ostatefile); + goto done; + } + } + if (rename(nstatefile, statefile) < 0) { + ret = SSH_ERR_SYSTEM_ERROR; + PRINT("%s: rename %s to %s", __func__, nstatefile, statefile); + goto done; + } + ret = 0; +done: + if (state->lockfd != -1) { + close(state->lockfd); + state->lockfd = -1; + } + if (nstatefile) + unlink(nstatefile); + free(statefile); + free(ostatefile); + free(nstatefile); + sshbuf_free(b); + sshbuf_free(enc); + return ret; +} + +int +sshkey_xmss_serialize_state(const struct sshkey *k, struct sshbuf *b) +{ + struct ssh_xmss_state *state = k->xmss_state; + treehash_inst *th; + u_int32_t i, node; + int r; + + if (state == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if (state->stack == NULL) + return SSH_ERR_INVALID_ARGUMENT; + state->stackoffset = state->bds.stackoffset; /* copy back */ + if ((r = sshbuf_put_cstring(b, SSH_XMSS_K2_MAGIC)) != 0 || + (r = sshbuf_put_u32(b, state->idx)) != 0 || + (r = sshbuf_put_string(b, state->stack, num_stack(state))) != 0 || + (r = sshbuf_put_u32(b, state->stackoffset)) != 0 || + (r = sshbuf_put_string(b, state->stacklevels, num_stacklevels(state))) != 0 || + (r = sshbuf_put_string(b, state->auth, num_auth(state))) != 0 || + (r = sshbuf_put_string(b, state->keep, num_keep(state))) != 0 || + (r = sshbuf_put_string(b, state->th_nodes, num_th_nodes(state))) != 0 || + (r = sshbuf_put_string(b, state->retain, num_retain(state))) != 0 || + (r = sshbuf_put_u32(b, num_treehash(state))) != 0) + return r; + for (i = 0; i < num_treehash(state); i++) { + th = &state->treehash[i]; + node = th->node - state->th_nodes; + if ((r = sshbuf_put_u32(b, th->h)) != 0 || + (r = sshbuf_put_u32(b, th->next_idx)) != 0 || + (r = sshbuf_put_u32(b, th->stackusage)) != 0 || + (r = sshbuf_put_u8(b, th->completed)) != 0 || + (r = sshbuf_put_u32(b, node)) != 0) + return r; + } + return 0; +} + +int +sshkey_xmss_serialize_state_opt(const struct sshkey *k, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + struct ssh_xmss_state *state = k->xmss_state; + int r = SSH_ERR_INVALID_ARGUMENT; + + if (state == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if ((r = sshbuf_put_u8(b, opts)) != 0) + return r; + switch (opts) { + case SSHKEY_SERIALIZE_STATE: + r = sshkey_xmss_serialize_state(k, b); + break; + case SSHKEY_SERIALIZE_FULL: + if ((r = sshkey_xmss_serialize_enc_key(k, b)) != 0) + break; + r = sshkey_xmss_serialize_state(k, b); + break; + case SSHKEY_SERIALIZE_DEFAULT: + r = 0; + break; + default: + r = SSH_ERR_INVALID_ARGUMENT; + break; + } + return r; +} + +int +sshkey_xmss_deserialize_state(struct sshkey *k, struct sshbuf *b) +{ + struct ssh_xmss_state *state = k->xmss_state; + treehash_inst *th; + u_int32_t i, lh, node; + size_t ls, lsl, la, lk, ln, lr; + char *magic; + int r; + + if (state == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if (k->xmss_sk == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if ((state->treehash = calloc(num_treehash(state), + sizeof(treehash_inst))) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshbuf_get_cstring(b, &magic, NULL)) != 0 || + (r = sshbuf_get_u32(b, &state->idx)) != 0 || + (r = sshbuf_get_string(b, &state->stack, &ls)) != 0 || + (r = sshbuf_get_u32(b, &state->stackoffset)) != 0 || + (r = sshbuf_get_string(b, &state->stacklevels, &lsl)) != 0 || + (r = sshbuf_get_string(b, &state->auth, &la)) != 0 || + (r = sshbuf_get_string(b, &state->keep, &lk)) != 0 || + (r = sshbuf_get_string(b, &state->th_nodes, &ln)) != 0 || + (r = sshbuf_get_string(b, &state->retain, &lr)) != 0 || + (r = sshbuf_get_u32(b, &lh)) != 0) + return r; + if (strcmp(magic, SSH_XMSS_K2_MAGIC) != 0) + return SSH_ERR_INVALID_ARGUMENT; + /* XXX check stackoffset */ + if (ls != num_stack(state) || + lsl != num_stacklevels(state) || + la != num_auth(state) || + lk != num_keep(state) || + ln != num_th_nodes(state) || + lr != num_retain(state) || + lh != num_treehash(state)) + return SSH_ERR_INVALID_ARGUMENT; + for (i = 0; i < num_treehash(state); i++) { + th = &state->treehash[i]; + if ((r = sshbuf_get_u32(b, &th->h)) != 0 || + (r = sshbuf_get_u32(b, &th->next_idx)) != 0 || + (r = sshbuf_get_u32(b, &th->stackusage)) != 0 || + (r = sshbuf_get_u8(b, &th->completed)) != 0 || + (r = sshbuf_get_u32(b, &node)) != 0) + return r; + if (node < num_th_nodes(state)) + th->node = &state->th_nodes[node]; + } + POKE_U32(k->xmss_sk, state->idx); + xmss_set_bds_state(&state->bds, state->stack, state->stackoffset, + state->stacklevels, state->auth, state->keep, state->treehash, + state->retain, 0); + return 0; +} + +int +sshkey_xmss_deserialize_state_opt(struct sshkey *k, struct sshbuf *b) +{ + enum sshkey_serialize_rep opts; + u_char have_state; + int r; + + if ((r = sshbuf_get_u8(b, &have_state)) != 0) + return r; + + opts = have_state; + switch (opts) { + case SSHKEY_SERIALIZE_DEFAULT: + r = 0; + break; + case SSHKEY_SERIALIZE_STATE: + if ((r = sshkey_xmss_deserialize_state(k, b)) != 0) + return r; + break; + case SSHKEY_SERIALIZE_FULL: + if ((r = sshkey_xmss_deserialize_enc_key(k, b)) != 0 || + (r = sshkey_xmss_deserialize_state(k, b)) != 0) + return r; + break; + default: + r = SSH_ERR_INVALID_FORMAT; + break; + } + return r; +} + +int +sshkey_xmss_encrypt_state(const struct sshkey *k, struct sshbuf *b, + struct sshbuf **retp) +{ + struct ssh_xmss_state *state = k->xmss_state; + struct sshbuf *encrypted = NULL, *encoded = NULL, *padded = NULL; + struct sshcipher_ctx *ciphercontext = NULL; + const struct sshcipher *cipher; + u_char *cp, *key, *iv = NULL; + size_t i, keylen, ivlen, blocksize, authlen, encrypted_len, aadlen; + int r = SSH_ERR_INTERNAL_ERROR; + + if (retp != NULL) + *retp = NULL; + if (state == NULL || + state->enc_keyiv == NULL || + state->enc_ciphername == NULL) + return SSH_ERR_INTERNAL_ERROR; + if ((cipher = cipher_by_name(state->enc_ciphername)) == NULL) { + r = SSH_ERR_INTERNAL_ERROR; + goto out; + } + blocksize = cipher_blocksize(cipher); + keylen = cipher_keylen(cipher); + ivlen = cipher_ivlen(cipher); + authlen = cipher_authlen(cipher); + if (state->enc_keyiv_len != keylen + ivlen) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + key = state->enc_keyiv; + if ((encrypted = sshbuf_new()) == NULL || + (encoded = sshbuf_new()) == NULL || + (padded = sshbuf_new()) == NULL || + (iv = malloc(ivlen)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + + /* replace first 4 bytes of IV with index to ensure uniqueness */ + memcpy(iv, key + keylen, ivlen); + POKE_U32(iv, state->idx); + + if ((r = sshbuf_put(encoded, XMSS_MAGIC, sizeof(XMSS_MAGIC))) != 0 || + (r = sshbuf_put_u32(encoded, state->idx)) != 0) + goto out; + + /* padded state will be encrypted */ + if ((r = sshbuf_putb(padded, b)) != 0) + goto out; + i = 0; + while (sshbuf_len(padded) % blocksize) { + if ((r = sshbuf_put_u8(padded, ++i & 0xff)) != 0) + goto out; + } + encrypted_len = sshbuf_len(padded); + + /* header including the length of state is used as AAD */ + if ((r = sshbuf_put_u32(encoded, encrypted_len)) != 0) + goto out; + aadlen = sshbuf_len(encoded); + + /* concat header and state */ + if ((r = sshbuf_putb(encoded, padded)) != 0) + goto out; + + /* reserve space for encryption of encoded data plus auth tag */ + /* encrypt at offset addlen */ + if ((r = sshbuf_reserve(encrypted, + encrypted_len + aadlen + authlen, &cp)) != 0 || + (r = cipher_init(&ciphercontext, cipher, key, keylen, + iv, ivlen, 1)) != 0 || + (r = cipher_crypt(ciphercontext, 0, cp, sshbuf_ptr(encoded), + encrypted_len, aadlen, authlen)) != 0) + goto out; + + /* success */ + r = 0; + out: + if (retp != NULL) { + *retp = encrypted; + encrypted = NULL; + } + sshbuf_free(padded); + sshbuf_free(encoded); + sshbuf_free(encrypted); + cipher_free(ciphercontext); + free(iv); + return r; +} + +int +sshkey_xmss_decrypt_state(const struct sshkey *k, struct sshbuf *encoded, + struct sshbuf **retp) +{ + struct ssh_xmss_state *state = k->xmss_state; + struct sshbuf *copy = NULL, *decrypted = NULL; + struct sshcipher_ctx *ciphercontext = NULL; + const struct sshcipher *cipher = NULL; + u_char *key, *iv = NULL, *dp; + size_t keylen, ivlen, authlen, aadlen; + u_int blocksize, encrypted_len, index; + int r = SSH_ERR_INTERNAL_ERROR; + + if (retp != NULL) + *retp = NULL; + if (state == NULL || + state->enc_keyiv == NULL || + state->enc_ciphername == NULL) + return SSH_ERR_INTERNAL_ERROR; + if ((cipher = cipher_by_name(state->enc_ciphername)) == NULL) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + blocksize = cipher_blocksize(cipher); + keylen = cipher_keylen(cipher); + ivlen = cipher_ivlen(cipher); + authlen = cipher_authlen(cipher); + if (state->enc_keyiv_len != keylen + ivlen) { + r = SSH_ERR_INTERNAL_ERROR; + goto out; + } + key = state->enc_keyiv; + + if ((copy = sshbuf_fromb(encoded)) == NULL || + (decrypted = sshbuf_new()) == NULL || + (iv = malloc(ivlen)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + + /* check magic */ + if (sshbuf_len(encoded) < sizeof(XMSS_MAGIC) || + memcmp(sshbuf_ptr(encoded), XMSS_MAGIC, sizeof(XMSS_MAGIC))) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + /* parse public portion */ + if ((r = sshbuf_consume(encoded, sizeof(XMSS_MAGIC))) != 0 || + (r = sshbuf_get_u32(encoded, &index)) != 0 || + (r = sshbuf_get_u32(encoded, &encrypted_len)) != 0) + goto out; + + /* check size of encrypted key blob */ + if (encrypted_len < blocksize || (encrypted_len % blocksize) != 0) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + /* check that an appropriate amount of auth data is present */ + if (sshbuf_len(encoded) < encrypted_len + authlen) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + + aadlen = sshbuf_len(copy) - sshbuf_len(encoded); + + /* replace first 4 bytes of IV with index to ensure uniqueness */ + memcpy(iv, key + keylen, ivlen); + POKE_U32(iv, index); + + /* decrypt private state of key */ + if ((r = sshbuf_reserve(decrypted, aadlen + encrypted_len, &dp)) != 0 || + (r = cipher_init(&ciphercontext, cipher, key, keylen, + iv, ivlen, 0)) != 0 || + (r = cipher_crypt(ciphercontext, 0, dp, sshbuf_ptr(copy), + encrypted_len, aadlen, authlen)) != 0) + goto out; + + /* there should be no trailing data */ + if ((r = sshbuf_consume(encoded, encrypted_len + authlen)) != 0) + goto out; + if (sshbuf_len(encoded) != 0) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + + /* remove AAD */ + if ((r = sshbuf_consume(decrypted, aadlen)) != 0) + goto out; + /* XXX encrypted includes unchecked padding */ + + /* success */ + r = 0; + if (retp != NULL) { + *retp = decrypted; + decrypted = NULL; + } + out: + cipher_free(ciphercontext); + sshbuf_free(copy); + sshbuf_free(decrypted); + free(iv); + return r; +} + +u_int32_t +sshkey_xmss_signatures_left(const struct sshkey *k) +{ + struct ssh_xmss_state *state = k->xmss_state; + u_int32_t idx; + + if (sshkey_type_plain(k->type) == KEY_XMSS && state && + state->maxidx) { + idx = k->xmss_sk ? PEEK_U32(k->xmss_sk) : state->idx; + if (idx < state->maxidx) + return state->maxidx - idx; + } + return 0; +} + +int +sshkey_xmss_enable_maxsign(struct sshkey *k, u_int32_t maxsign) +{ + struct ssh_xmss_state *state = k->xmss_state; + + if (sshkey_type_plain(k->type) != KEY_XMSS) + return SSH_ERR_INVALID_ARGUMENT; + if (maxsign == 0) + return 0; + if (state->idx + maxsign < state->idx) + return SSH_ERR_INVALID_ARGUMENT; + state->maxidx = state->idx + maxsign; + return 0; +} +#endif /* WITH_XMSS */ diff --git a/sshkey-xmss.h b/sshkey-xmss.h new file mode 100644 index 000000000000..b9f8ead1047f --- /dev/null +++ b/sshkey-xmss.h @@ -0,0 +1,56 @@ +/* $OpenBSD: sshkey-xmss.h,v 1.1 2018/02/23 15:58:38 markus Exp $ */ +/* + * Copyright (c) 2017 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef SSHKEY_XMSS_H +#define SSHKEY_XMSS_H + +#define XMSS_SHA2_256_W16_H10_NAME "XMSS_SHA2-256_W16_H10" +#define XMSS_SHA2_256_W16_H16_NAME "XMSS_SHA2-256_W16_H16" +#define XMSS_SHA2_256_W16_H20_NAME "XMSS_SHA2-256_W16_H20" +#define XMSS_DEFAULT_NAME XMSS_SHA2_256_W16_H10_NAME + +size_t sshkey_xmss_pklen(const struct sshkey *); +size_t sshkey_xmss_sklen(const struct sshkey *); +int sshkey_xmss_init(struct sshkey *, const char *); +void sshkey_xmss_free_state(struct sshkey *); +int sshkey_xmss_generate_private_key(struct sshkey *, u_int); +int sshkey_xmss_serialize_state(const struct sshkey *, struct sshbuf *); +int sshkey_xmss_serialize_state_opt(const struct sshkey *, struct sshbuf *, + enum sshkey_serialize_rep); +int sshkey_xmss_serialize_pk_info(const struct sshkey *, struct sshbuf *, + enum sshkey_serialize_rep); +int sshkey_xmss_deserialize_state(struct sshkey *, struct sshbuf *); +int sshkey_xmss_deserialize_state_opt(struct sshkey *, struct sshbuf *); +int sshkey_xmss_deserialize_pk_info(struct sshkey *, struct sshbuf *); + +int sshkey_xmss_siglen(const struct sshkey *, size_t *); +void *sshkey_xmss_params(const struct sshkey *); +void *sshkey_xmss_bds_state(const struct sshkey *); +int sshkey_xmss_get_state(const struct sshkey *, sshkey_printfn *); +int sshkey_xmss_enable_maxsign(struct sshkey *, u_int32_t); +int sshkey_xmss_forward_state(const struct sshkey *, u_int32_t); +int sshkey_xmss_update_state(const struct sshkey *, sshkey_printfn *); +u_int32_t sshkey_xmss_signatures_left(const struct sshkey *); + +#endif /* SSHKEY_XMSS_H */ diff --git a/sshkey.c b/sshkey.c index e91c54f53bbd..7712fba2363b 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.56 2017/08/12 06:42:52 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.64 2018/03/22 07:05:48 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -55,8 +55,11 @@ #include "digest.h" #define SSHKEY_INTERNAL #include "sshkey.h" +#include "sshkey-xmss.h" #include "match.h" +#include "xmss_fast.h" + /* openssh private key file format */ #define MARK_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----\n" #define MARK_END "-----END OPENSSH PRIVATE KEY-----\n" @@ -71,6 +74,8 @@ /* Version identification string for SSH v1 identity files. */ #define LEGACY_BEGIN "SSH PRIVATE KEY FILE FORMAT 1.1\n" +int sshkey_private_serialize_opt(const struct sshkey *key, + struct sshbuf *buf, enum sshkey_serialize_rep); static int sshkey_from_blob_internal(struct sshbuf *buf, struct sshkey **keyp, int allow_cert); @@ -87,6 +92,11 @@ static const struct keytype keytypes[] = { { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0, 0 }, { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", KEY_ED25519_CERT, 0, 1, 0 }, +#ifdef WITH_XMSS + { "ssh-xmss@openssh.com", "XMSS", KEY_XMSS, 0, 0, 0 }, + { "ssh-xmss-cert-v01@openssh.com", "XMSS-CERT", + KEY_XMSS_CERT, 0, 1, 0 }, +#endif /* WITH_XMSS */ #ifdef WITH_OPENSSL { "ssh-rsa", "RSA", KEY_RSA, 0, 0, 0 }, { "rsa-sha2-256", "RSA", KEY_RSA, 0, 0, 1 }, @@ -274,6 +284,8 @@ sshkey_size(const struct sshkey *k) #endif /* WITH_OPENSSL */ case KEY_ED25519: case KEY_ED25519_CERT: + case KEY_XMSS: + case KEY_XMSS_CERT: return 256; /* XXX */ } return 0; @@ -287,6 +299,7 @@ sshkey_type_is_valid_ca(int type) case KEY_DSA: case KEY_ECDSA: case KEY_ED25519: + case KEY_XMSS: return 1; default: return 0; @@ -314,6 +327,8 @@ sshkey_type_plain(int type) return KEY_ECDSA; case KEY_ED25519_CERT: return KEY_ED25519; + case KEY_XMSS_CERT: + return KEY_XMSS; default: return type; } @@ -420,8 +435,7 @@ cert_free(struct sshkey_cert *cert) free(cert->principals[i]); free(cert->principals); sshkey_free(cert->signature_key); - explicit_bzero(cert, sizeof(*cert)); - free(cert); + freezero(cert, sizeof(*cert)); } static struct sshkey_cert * @@ -462,6 +476,8 @@ sshkey_new(int type) k->cert = NULL; k->ed25519_sk = NULL; k->ed25519_pk = NULL; + k->xmss_sk = NULL; + k->xmss_pk = NULL; switch (k->type) { #ifdef WITH_OPENSSL case KEY_RSA: @@ -469,8 +485,7 @@ sshkey_new(int type) if ((rsa = RSA_new()) == NULL || (rsa->n = BN_new()) == NULL || (rsa->e = BN_new()) == NULL) { - if (rsa != NULL) - RSA_free(rsa); + RSA_free(rsa); free(k); return NULL; } @@ -483,8 +498,7 @@ sshkey_new(int type) (dsa->q = BN_new()) == NULL || (dsa->g = BN_new()) == NULL || (dsa->pub_key = BN_new()) == NULL) { - if (dsa != NULL) - DSA_free(dsa); + DSA_free(dsa); free(k); return NULL; } @@ -497,6 +511,8 @@ sshkey_new(int type) #endif /* WITH_OPENSSL */ case KEY_ED25519: case KEY_ED25519_CERT: + case KEY_XMSS: + case KEY_XMSS_CERT: /* no need to prealloc */ break; case KEY_UNSPEC: @@ -545,6 +561,8 @@ sshkey_add_private(struct sshkey *k) #endif /* WITH_OPENSSL */ case KEY_ED25519: case KEY_ED25519_CERT: + case KEY_XMSS: + case KEY_XMSS_CERT: /* no need to prealloc */ break; case KEY_UNSPEC: @@ -578,38 +596,43 @@ sshkey_free(struct sshkey *k) #ifdef WITH_OPENSSL case KEY_RSA: case KEY_RSA_CERT: - if (k->rsa != NULL) - RSA_free(k->rsa); + RSA_free(k->rsa); k->rsa = NULL; break; case KEY_DSA: case KEY_DSA_CERT: - if (k->dsa != NULL) - DSA_free(k->dsa); + DSA_free(k->dsa); k->dsa = NULL; break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: case KEY_ECDSA_CERT: - if (k->ecdsa != NULL) - EC_KEY_free(k->ecdsa); + EC_KEY_free(k->ecdsa); k->ecdsa = NULL; break; # endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ case KEY_ED25519: case KEY_ED25519_CERT: - if (k->ed25519_pk) { - explicit_bzero(k->ed25519_pk, ED25519_PK_SZ); - free(k->ed25519_pk); - k->ed25519_pk = NULL; - } - if (k->ed25519_sk) { - explicit_bzero(k->ed25519_sk, ED25519_SK_SZ); - free(k->ed25519_sk); - k->ed25519_sk = NULL; - } - break; + freezero(k->ed25519_pk, ED25519_PK_SZ); + k->ed25519_pk = NULL; + freezero(k->ed25519_sk, ED25519_SK_SZ); + k->ed25519_sk = NULL; + break; +#ifdef WITH_XMSS + case KEY_XMSS: + case KEY_XMSS_CERT: + freezero(k->xmss_pk, sshkey_xmss_pklen(k)); + k->xmss_pk = NULL; + freezero(k->xmss_sk, sshkey_xmss_sklen(k)); + k->xmss_sk = NULL; + sshkey_xmss_free_state(k); + free(k->xmss_name); + k->xmss_name = NULL; + free(k->xmss_filename); + k->xmss_filename = NULL; + break; +#endif /* WITH_XMSS */ case KEY_UNSPEC: break; default: @@ -617,8 +640,7 @@ sshkey_free(struct sshkey *k) } if (sshkey_is_cert(k)) cert_free(k->cert); - explicit_bzero(k, sizeof(*k)); - free(k); + freezero(k, sizeof(*k)); } static int @@ -690,6 +712,13 @@ sshkey_equal_public(const struct sshkey *a, const struct sshkey *b) case KEY_ED25519_CERT: return a->ed25519_pk != NULL && b->ed25519_pk != NULL && memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) == 0; +#ifdef WITH_XMSS + case KEY_XMSS: + case KEY_XMSS_CERT: + return a->xmss_pk != NULL && b->xmss_pk != NULL && + sshkey_xmss_pklen(a) == sshkey_xmss_pklen(b) && + memcmp(a->xmss_pk, b->xmss_pk, sshkey_xmss_pklen(a)) == 0; +#endif /* WITH_XMSS */ default: return 0; } @@ -709,7 +738,8 @@ sshkey_equal(const struct sshkey *a, const struct sshkey *b) } static int -to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain) +to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain, + enum sshkey_serialize_rep opts) { int type, ret = SSH_ERR_INTERNAL_ERROR; const char *typename; @@ -733,6 +763,9 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain) case KEY_RSA_CERT: #endif /* WITH_OPENSSL */ case KEY_ED25519_CERT: +#ifdef WITH_XMSS + case KEY_XMSS_CERT: +#endif /* WITH_XMSS */ /* Use the existing blob */ /* XXX modified flag? */ if ((ret = sshbuf_putb(b, key->cert->certblob)) != 0) @@ -777,6 +810,19 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain) key->ed25519_pk, ED25519_PK_SZ)) != 0) return ret; break; +#ifdef WITH_XMSS + case KEY_XMSS: + if (key->xmss_name == NULL || key->xmss_pk == NULL || + sshkey_xmss_pklen(key) == 0) + return SSH_ERR_INVALID_ARGUMENT; + if ((ret = sshbuf_put_cstring(b, typename)) != 0 || + (ret = sshbuf_put_cstring(b, key->xmss_name)) != 0 || + (ret = sshbuf_put_string(b, + key->xmss_pk, sshkey_xmss_pklen(key))) != 0 || + (ret = sshkey_xmss_serialize_pk_info(key, b, opts)) != 0) + return ret; + break; +#endif /* WITH_XMSS */ default: return SSH_ERR_KEY_TYPE_UNKNOWN; } @@ -786,32 +832,40 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain) int sshkey_putb(const struct sshkey *key, struct sshbuf *b) { - return to_blob_buf(key, b, 0); + return to_blob_buf(key, b, 0, SSHKEY_SERIALIZE_DEFAULT); } int -sshkey_puts(const struct sshkey *key, struct sshbuf *b) +sshkey_puts_opts(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) { struct sshbuf *tmp; int r; if ((tmp = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; - r = to_blob_buf(key, tmp, 0); + r = to_blob_buf(key, tmp, 0, opts); if (r == 0) r = sshbuf_put_stringb(b, tmp); sshbuf_free(tmp); return r; } +int +sshkey_puts(const struct sshkey *key, struct sshbuf *b) +{ + return sshkey_puts_opts(key, b, SSHKEY_SERIALIZE_DEFAULT); +} + int sshkey_putb_plain(const struct sshkey *key, struct sshbuf *b) { - return to_blob_buf(key, b, 1); + return to_blob_buf(key, b, 1, SSHKEY_SERIALIZE_DEFAULT); } static int -to_blob(const struct sshkey *key, u_char **blobp, size_t *lenp, int force_plain) +to_blob(const struct sshkey *key, u_char **blobp, size_t *lenp, int force_plain, + enum sshkey_serialize_rep opts) { int ret = SSH_ERR_INTERNAL_ERROR; size_t len; @@ -823,7 +877,7 @@ to_blob(const struct sshkey *key, u_char **blobp, size_t *lenp, int force_plain) *blobp = NULL; if ((b = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; - if ((ret = to_blob_buf(key, b, force_plain)) != 0) + if ((ret = to_blob_buf(key, b, force_plain, opts)) != 0) goto out; len = sshbuf_len(b); if (lenp != NULL) @@ -844,13 +898,13 @@ to_blob(const struct sshkey *key, u_char **blobp, size_t *lenp, int force_plain) int sshkey_to_blob(const struct sshkey *key, u_char **blobp, size_t *lenp) { - return to_blob(key, blobp, lenp, 0); + return to_blob(key, blobp, lenp, 0, SSHKEY_SERIALIZE_DEFAULT); } int sshkey_plain_to_blob(const struct sshkey *key, u_char **blobp, size_t *lenp) { - return to_blob(key, blobp, lenp, 1); + return to_blob(key, blobp, lenp, 1, SSHKEY_SERIALIZE_DEFAULT); } int @@ -869,7 +923,8 @@ sshkey_fingerprint_raw(const struct sshkey *k, int dgst_alg, r = SSH_ERR_INVALID_ARGUMENT; goto out; } - if ((r = to_blob(k, &blob, &blob_len, 1)) != 0) + if ((r = to_blob(k, &blob, &blob_len, 1, SSHKEY_SERIALIZE_DEFAULT)) + != 0) goto out; if ((ret = calloc(1, SSH_DIGEST_MAX_LENGTH)) == NULL) { r = SSH_ERR_ALLOC_FAIL; @@ -911,8 +966,7 @@ fingerprint_b64(const char *alg, u_char *dgst_raw, size_t dgst_raw_len) return ret; if ((r = b64_ntop(dgst_raw, dgst_raw_len, ret + plen, rlen - plen)) == -1) { - explicit_bzero(ret, rlen); - free(ret); + freezero(ret, rlen); return NULL; } /* Trim padding characters from end */ @@ -1161,22 +1215,37 @@ sshkey_fingerprint(const struct sshkey *k, int dgst_alg, return retval; } +static int +peek_type_nid(const char *s, size_t l, int *nid) +{ + const struct keytype *kt; + + for (kt = keytypes; kt->type != -1; kt++) { + if (kt->name == NULL || strlen(kt->name) != l) + continue; + if (memcmp(s, kt->name, l) == 0) { + *nid = -1; + if (kt->type == KEY_ECDSA || kt->type == KEY_ECDSA_CERT) + *nid = kt->nid; + return kt->type; + } + } + return KEY_UNSPEC; +} -/* returns 0 ok, and < 0 error */ +/* XXX this can now be made const char * */ int sshkey_read(struct sshkey *ret, char **cpp) { struct sshkey *k; - int retval = SSH_ERR_INVALID_FORMAT; - char *ep, *cp, *space; + char *cp, *blobcopy; + size_t space; int r, type, curve_nid = -1; struct sshbuf *blob; if (ret == NULL) return SSH_ERR_INVALID_ARGUMENT; - cp = *cpp; - switch (ret->type) { case KEY_UNSPEC: case KEY_RSA: @@ -1187,120 +1256,147 @@ sshkey_read(struct sshkey *ret, char **cpp) case KEY_ECDSA_CERT: case KEY_RSA_CERT: case KEY_ED25519_CERT: - space = strchr(cp, ' '); - if (space == NULL) - return SSH_ERR_INVALID_FORMAT; - *space = '\0'; - type = sshkey_type_from_name(cp); - if (sshkey_type_plain(type) == KEY_ECDSA && - (curve_nid = sshkey_ecdsa_nid_from_name(cp)) == -1) - return SSH_ERR_EC_CURVE_INVALID; - *space = ' '; - if (type == KEY_UNSPEC) - return SSH_ERR_INVALID_FORMAT; - cp = space+1; - if (*cp == '\0') - return SSH_ERR_INVALID_FORMAT; - if (ret->type != KEY_UNSPEC && ret->type != type) - return SSH_ERR_KEY_TYPE_MISMATCH; - if ((blob = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - /* trim comment */ - space = strchr(cp, ' '); - if (space) { - /* advance 'space': skip whitespace */ - *space++ = '\0'; - while (*space == ' ' || *space == '\t') - space++; - ep = space; - } else - ep = cp + strlen(cp); - if ((r = sshbuf_b64tod(blob, cp)) != 0) { - sshbuf_free(blob); - return r; - } - if ((r = sshkey_from_blob(sshbuf_ptr(blob), - sshbuf_len(blob), &k)) != 0) { - sshbuf_free(blob); - return r; - } +#ifdef WITH_XMSS + case KEY_XMSS: + case KEY_XMSS_CERT: +#endif /* WITH_XMSS */ + break; /* ok */ + default: + return SSH_ERR_INVALID_ARGUMENT; + } + + /* Decode type */ + cp = *cpp; + space = strcspn(cp, " \t"); + if (space == strlen(cp)) + return SSH_ERR_INVALID_FORMAT; + if ((type = peek_type_nid(cp, space, &curve_nid)) == KEY_UNSPEC) + return SSH_ERR_INVALID_FORMAT; + + /* skip whitespace */ + for (cp += space; *cp == ' ' || *cp == '\t'; cp++) + ; + if (*cp == '\0') + return SSH_ERR_INVALID_FORMAT; + if (ret->type != KEY_UNSPEC && ret->type != type) + return SSH_ERR_KEY_TYPE_MISMATCH; + if ((blob = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + + /* find end of keyblob and decode */ + space = strcspn(cp, " \t"); + if ((blobcopy = strndup(cp, space)) == NULL) { sshbuf_free(blob); - if (k->type != type) { - sshkey_free(k); - return SSH_ERR_KEY_TYPE_MISMATCH; - } - if (sshkey_type_plain(type) == KEY_ECDSA && - curve_nid != k->ecdsa_nid) { + return SSH_ERR_ALLOC_FAIL; + } + if ((r = sshbuf_b64tod(blob, blobcopy)) != 0) { + free(blobcopy); + sshbuf_free(blob); + return r; + } + free(blobcopy); + if ((r = sshkey_fromb(blob, &k)) != 0) { + sshbuf_free(blob); + return r; + } + sshbuf_free(blob); + + /* skip whitespace and leave cp at start of comment */ + for (cp += space; *cp == ' ' || *cp == '\t'; cp++) + ; + + /* ensure type of blob matches type at start of line */ + if (k->type != type) { + sshkey_free(k); + return SSH_ERR_KEY_TYPE_MISMATCH; + } + if (sshkey_type_plain(type) == KEY_ECDSA && curve_nid != k->ecdsa_nid) { + sshkey_free(k); + return SSH_ERR_EC_CURVE_MISMATCH; + } + + /* Fill in ret from parsed key */ + ret->type = type; + if (sshkey_is_cert(ret)) { + if (!sshkey_is_cert(k)) { sshkey_free(k); - return SSH_ERR_EC_CURVE_MISMATCH; - } - ret->type = type; - if (sshkey_is_cert(ret)) { - if (!sshkey_is_cert(k)) { - sshkey_free(k); - return SSH_ERR_EXPECTED_CERT; - } - if (ret->cert != NULL) - cert_free(ret->cert); - ret->cert = k->cert; - k->cert = NULL; + return SSH_ERR_EXPECTED_CERT; } - switch (sshkey_type_plain(ret->type)) { + if (ret->cert != NULL) + cert_free(ret->cert); + ret->cert = k->cert; + k->cert = NULL; + } + switch (sshkey_type_plain(ret->type)) { #ifdef WITH_OPENSSL - case KEY_RSA: - if (ret->rsa != NULL) - RSA_free(ret->rsa); - ret->rsa = k->rsa; - k->rsa = NULL; + case KEY_RSA: + RSA_free(ret->rsa); + ret->rsa = k->rsa; + k->rsa = NULL; #ifdef DEBUG_PK - RSA_print_fp(stderr, ret->rsa, 8); + RSA_print_fp(stderr, ret->rsa, 8); #endif - break; - case KEY_DSA: - if (ret->dsa != NULL) - DSA_free(ret->dsa); - ret->dsa = k->dsa; - k->dsa = NULL; + break; + case KEY_DSA: + DSA_free(ret->dsa); + ret->dsa = k->dsa; + k->dsa = NULL; #ifdef DEBUG_PK - DSA_print_fp(stderr, ret->dsa, 8); + DSA_print_fp(stderr, ret->dsa, 8); #endif - break; + break; # ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: - if (ret->ecdsa != NULL) - EC_KEY_free(ret->ecdsa); - ret->ecdsa = k->ecdsa; - ret->ecdsa_nid = k->ecdsa_nid; - k->ecdsa = NULL; - k->ecdsa_nid = -1; + case KEY_ECDSA: + EC_KEY_free(ret->ecdsa); + ret->ecdsa = k->ecdsa; + ret->ecdsa_nid = k->ecdsa_nid; + k->ecdsa = NULL; + k->ecdsa_nid = -1; #ifdef DEBUG_PK - sshkey_dump_ec_key(ret->ecdsa); + sshkey_dump_ec_key(ret->ecdsa); #endif - break; + break; # endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ - case KEY_ED25519: - free(ret->ed25519_pk); - ret->ed25519_pk = k->ed25519_pk; - k->ed25519_pk = NULL; + case KEY_ED25519: + freezero(ret->ed25519_pk, ED25519_PK_SZ); + ret->ed25519_pk = k->ed25519_pk; + k->ed25519_pk = NULL; #ifdef DEBUG_PK - /* XXX */ + /* XXX */ #endif - break; - } - *cpp = ep; - retval = 0; -/*XXXX*/ - sshkey_free(k); - if (retval != 0) - break; break; +#ifdef WITH_XMSS + case KEY_XMSS: + free(ret->xmss_pk); + ret->xmss_pk = k->xmss_pk; + k->xmss_pk = NULL; + free(ret->xmss_state); + ret->xmss_state = k->xmss_state; + k->xmss_state = NULL; + free(ret->xmss_name); + ret->xmss_name = k->xmss_name; + k->xmss_name = NULL; + free(ret->xmss_filename); + ret->xmss_filename = k->xmss_filename; + k->xmss_filename = NULL; +#ifdef DEBUG_PK + /* XXX */ +#endif + break; +#endif /* WITH_XMSS */ default: - return SSH_ERR_INVALID_ARGUMENT; + sshkey_free(k); + return SSH_ERR_INTERNAL_ERROR; } - return retval; + sshkey_free(k); + + /* success */ + *cpp = cp; + return 0; } + int sshkey_to_base64(const struct sshkey *key, char **b64p) { @@ -1410,10 +1506,8 @@ rsa_generate_private_key(u_int bits, RSA **rsap) private = NULL; ret = 0; out: - if (private != NULL) - RSA_free(private); - if (f4 != NULL) - BN_free(f4); + RSA_free(private); + BN_free(f4); return ret; } @@ -1441,8 +1535,7 @@ dsa_generate_private_key(u_int bits, DSA **dsap) private = NULL; ret = 0; out: - if (private != NULL) - DSA_free(private); + DSA_free(private); return ret; } @@ -1521,8 +1614,7 @@ ecdsa_generate_private_key(u_int bits, int *nid, EC_KEY **ecdsap) private = NULL; ret = 0; out: - if (private != NULL) - EC_KEY_free(private); + EC_KEY_free(private); return ret; } # endif /* OPENSSL_HAS_ECC */ @@ -1549,6 +1641,11 @@ sshkey_generate(int type, u_int bits, struct sshkey **keyp) crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk); ret = 0; break; +#ifdef WITH_XMSS + case KEY_XMSS: + ret = sshkey_xmss_generate_private_key(k, bits); + break; +#endif /* WITH_XMSS */ #ifdef WITH_OPENSSL case KEY_DSA: ret = dsa_generate_private_key(bits, &k->dsa); @@ -1692,6 +1789,29 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ); } break; +#ifdef WITH_XMSS + case KEY_XMSS: + case KEY_XMSS_CERT: + if ((n = sshkey_new(k->type)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((ret = sshkey_xmss_init(n, k->xmss_name)) != 0) { + sshkey_free(n); + return ret; + } + if (k->xmss_pk != NULL) { + size_t pklen = sshkey_xmss_pklen(k); + if (pklen == 0 || sshkey_xmss_pklen(n) != pklen) { + sshkey_free(n); + return SSH_ERR_INTERNAL_ERROR; + } + if ((n->xmss_pk = malloc(pklen)) == NULL) { + sshkey_free(n); + return SSH_ERR_ALLOC_FAIL; + } + memcpy(n->xmss_pk, k->xmss_pk, pklen); + } + break; +#endif /* WITH_XMSS */ default: return SSH_ERR_KEY_TYPE_UNKNOWN; } @@ -1814,7 +1934,7 @@ cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf) goto out; } if ((ret = sshkey_verify(key->cert->signature_key, sig, slen, - sshbuf_ptr(key->cert->certblob), signed_len, 0)) != 0) + sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0)) != 0) goto out; /* Success */ @@ -1833,7 +1953,7 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, int allow_cert) { int type, ret = SSH_ERR_INTERNAL_ERROR; - char *ktype = NULL, *curve = NULL; + char *ktype = NULL, *curve = NULL, *xmss_name = NULL; struct sshkey *key = NULL; size_t len; u_char *pk = NULL; @@ -1933,8 +2053,7 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, ret = SSH_ERR_EC_CURVE_MISMATCH; goto out; } - if (key->ecdsa != NULL) - EC_KEY_free(key->ecdsa); + EC_KEY_free(key->ecdsa); if ((key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid)) == NULL) { ret = SSH_ERR_EC_CURVE_INVALID; @@ -1985,6 +2104,36 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, key->ed25519_pk = pk; pk = NULL; break; +#ifdef WITH_XMSS + case KEY_XMSS_CERT: + /* Skip nonce */ + if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + /* FALLTHROUGH */ + case KEY_XMSS: + if ((ret = sshbuf_get_cstring(b, &xmss_name, NULL)) != 0) + goto out; + if ((key = sshkey_new(type)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((ret = sshkey_xmss_init(key, xmss_name)) != 0) + goto out; + if ((ret = sshbuf_get_string(b, &pk, &len)) != 0) + goto out; + if (len == 0 || len != sshkey_xmss_pklen(key)) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + key->xmss_pk = pk; + pk = NULL; + if (type != KEY_XMSS_CERT && + (ret = sshkey_xmss_deserialize_pk_info(key, b)) != 0) + goto out; + break; +#endif /* WITH_XMSS */ case KEY_UNSPEC: default: ret = SSH_ERR_KEY_TYPE_UNKNOWN; @@ -2007,12 +2156,12 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, out: sshbuf_free(copy); sshkey_free(key); + free(xmss_name); free(ktype); free(curve); free(pk); #if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) - if (q != NULL) - EC_POINT_free(q); + EC_POINT_free(q); #endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ return ret; } @@ -2049,6 +2198,31 @@ sshkey_froms(struct sshbuf *buf, struct sshkey **keyp) return r; } +int +sshkey_sigtype(const u_char *sig, size_t siglen, char **sigtypep) +{ + int r; + struct sshbuf *b = NULL; + char *sigtype = NULL; + + if (sigtypep != NULL) + *sigtypep = NULL; + if ((b = sshbuf_from(sig, siglen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshbuf_get_cstring(b, &sigtype, NULL)) != 0) + goto out; + /* success */ + if (sigtypep != NULL) { + *sigtypep = sigtype; + sigtype = NULL; + } + r = 0; + out: + free(sigtype); + sshbuf_free(b); + return r; +} + int sshkey_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, @@ -2077,6 +2251,11 @@ sshkey_sign(const struct sshkey *key, case KEY_ED25519: case KEY_ED25519_CERT: return ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat); +#ifdef WITH_XMSS + case KEY_XMSS: + case KEY_XMSS_CERT: + return ssh_xmss_sign(key, sigp, lenp, data, datalen, compat); +#endif /* WITH_XMSS */ default: return SSH_ERR_KEY_TYPE_UNKNOWN; } @@ -2084,11 +2263,12 @@ sshkey_sign(const struct sshkey *key, /* * ssh_key_verify returns 0 for a correct signature and < 0 on error. + * If "alg" specified, then the signature must use that algorithm. */ int sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen, - const u_char *data, size_t dlen, u_int compat) + const u_char *data, size_t dlen, const char *alg, u_int compat) { if (siglen == 0 || dlen > SSH_KEY_MAX_SIGN_DATA_SIZE) return SSH_ERR_INVALID_ARGUMENT; @@ -2104,11 +2284,16 @@ sshkey_verify(const struct sshkey *key, # endif /* OPENSSL_HAS_ECC */ case KEY_RSA_CERT: case KEY_RSA: - return ssh_rsa_verify(key, sig, siglen, data, dlen); + return ssh_rsa_verify(key, sig, siglen, data, dlen, alg); #endif /* WITH_OPENSSL */ case KEY_ED25519: case KEY_ED25519_CERT: return ssh_ed25519_verify(key, sig, siglen, data, dlen, compat); +#ifdef WITH_XMSS + case KEY_XMSS: + case KEY_XMSS_CERT: + return ssh_xmss_verify(key, sig, siglen, data, dlen, compat); +#endif /* WITH_XMSS */ default: return SSH_ERR_KEY_TYPE_UNKNOWN; } @@ -2132,6 +2317,8 @@ sshkey_demote(const struct sshkey *k, struct sshkey **dkp) pk->rsa = NULL; pk->ed25519_pk = NULL; pk->ed25519_sk = NULL; + pk->xmss_pk = NULL; + pk->xmss_sk = NULL; switch (k->type) { #ifdef WITH_OPENSSL @@ -2193,6 +2380,29 @@ sshkey_demote(const struct sshkey *k, struct sshkey **dkp) memcpy(pk->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ); } break; +#ifdef WITH_XMSS + case KEY_XMSS_CERT: + if ((ret = sshkey_cert_copy(k, pk)) != 0) + goto fail; + /* FALLTHROUGH */ + case KEY_XMSS: + if ((ret = sshkey_xmss_init(pk, k->xmss_name)) != 0) + goto fail; + if (k->xmss_pk != NULL) { + size_t pklen = sshkey_xmss_pklen(k); + + if (pklen == 0 || sshkey_xmss_pklen(pk) != pklen) { + ret = SSH_ERR_INTERNAL_ERROR; + goto fail; + } + if ((pk->xmss_pk = malloc(pklen)) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto fail; + } + memcpy(pk->xmss_pk, k->xmss_pk, pklen); + } + break; +#endif /* WITH_XMSS */ default: ret = SSH_ERR_KEY_TYPE_UNKNOWN; fail: @@ -2224,6 +2434,11 @@ sshkey_to_certified(struct sshkey *k) case KEY_ED25519: newtype = KEY_ED25519_CERT; break; +#ifdef WITH_XMSS + case KEY_XMSS: + newtype = KEY_XMSS_CERT; + break; +#endif /* WITH_XMSS */ default: return SSH_ERR_INVALID_ARGUMENT; } @@ -2308,6 +2523,18 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, k->ed25519_pk, ED25519_PK_SZ)) != 0) goto out; break; +#ifdef WITH_XMSS + case KEY_XMSS_CERT: + if (k->xmss_name == NULL) { + ret = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if ((ret = sshbuf_put_cstring(cert, k->xmss_name)) || + (ret = sshbuf_put_string(cert, + k->xmss_pk, sshkey_xmss_pklen(k))) != 0) + goto out; + break; +#endif /* WITH_XMSS */ default: ret = SSH_ERR_INVALID_ARGUMENT; goto out; @@ -2465,7 +2692,8 @@ sshkey_format_cert_validity(const struct sshkey_cert *cert, char *s, size_t l) } int -sshkey_private_serialize(const struct sshkey *key, struct sshbuf *b) +sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) { int r = SSH_ERR_INTERNAL_ERROR; @@ -2551,6 +2779,36 @@ sshkey_private_serialize(const struct sshkey *key, struct sshbuf *b) ED25519_SK_SZ)) != 0) goto out; break; +#ifdef WITH_XMSS + case KEY_XMSS: + if (key->xmss_name == NULL) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if ((r = sshbuf_put_cstring(b, key->xmss_name)) != 0 || + (r = sshbuf_put_string(b, key->xmss_pk, + sshkey_xmss_pklen(key))) != 0 || + (r = sshbuf_put_string(b, key->xmss_sk, + sshkey_xmss_sklen(key))) != 0 || + (r = sshkey_xmss_serialize_state_opt(key, b, opts)) != 0) + goto out; + break; + case KEY_XMSS_CERT: + if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0 || + key->xmss_name == NULL) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || + (r = sshbuf_put_cstring(b, key->xmss_name)) != 0 || + (r = sshbuf_put_string(b, key->xmss_pk, + sshkey_xmss_pklen(key))) != 0 || + (r = sshbuf_put_string(b, key->xmss_sk, + sshkey_xmss_sklen(key))) != 0 || + (r = sshkey_xmss_serialize_state_opt(key, b, opts)) != 0) + goto out; + break; +#endif /* WITH_XMSS */ default: r = SSH_ERR_INVALID_ARGUMENT; goto out; @@ -2561,14 +2819,22 @@ sshkey_private_serialize(const struct sshkey *key, struct sshbuf *b) return r; } +int +sshkey_private_serialize(const struct sshkey *key, struct sshbuf *b) +{ + return sshkey_private_serialize_opt(key, b, + SSHKEY_SERIALIZE_DEFAULT); +} + int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) { - char *tname = NULL, *curve = NULL; + char *tname = NULL, *curve = NULL, *xmss_name = NULL; struct sshkey *k = NULL; size_t pklen = 0, sklen = 0; int type, r = SSH_ERR_INTERNAL_ERROR; u_char *ed25519_pk = NULL, *ed25519_sk = NULL; + u_char *xmss_pk = NULL, *xmss_sk = NULL; #ifdef WITH_OPENSSL BIGNUM *exponent = NULL; #endif /* WITH_OPENSSL */ @@ -2713,6 +2979,53 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) k->ed25519_sk = ed25519_sk; ed25519_pk = ed25519_sk = NULL; break; +#ifdef WITH_XMSS + case KEY_XMSS: + if ((k = sshkey_new_private(type)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_get_cstring(buf, &xmss_name, NULL)) != 0 || + (r = sshkey_xmss_init(k, xmss_name)) != 0 || + (r = sshbuf_get_string(buf, &xmss_pk, &pklen)) != 0 || + (r = sshbuf_get_string(buf, &xmss_sk, &sklen)) != 0) + goto out; + if (pklen != sshkey_xmss_pklen(k) || + sklen != sshkey_xmss_sklen(k)) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + k->xmss_pk = xmss_pk; + k->xmss_sk = xmss_sk; + xmss_pk = xmss_sk = NULL; + /* optional internal state */ + if ((r = sshkey_xmss_deserialize_state_opt(k, buf)) != 0) + goto out; + break; + case KEY_XMSS_CERT: + if ((r = sshkey_froms(buf, &k)) != 0 || + (r = sshkey_add_private(k)) != 0 || + (r = sshbuf_get_cstring(buf, &xmss_name, NULL)) != 0 || + (r = sshbuf_get_string(buf, &xmss_pk, &pklen)) != 0 || + (r = sshbuf_get_string(buf, &xmss_sk, &sklen)) != 0) + goto out; + if (strcmp(xmss_name, k->xmss_name)) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (pklen != sshkey_xmss_pklen(k) || + sklen != sshkey_xmss_sklen(k)) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + k->xmss_pk = xmss_pk; + k->xmss_sk = xmss_sk; + xmss_pk = xmss_sk = NULL; + /* optional internal state */ + if ((r = sshkey_xmss_deserialize_state_opt(k, buf)) != 0) + goto out; + break; +#endif /* WITH_XMSS */ default: r = SSH_ERR_KEY_TYPE_UNKNOWN; goto out; @@ -2739,18 +3052,14 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) free(tname); free(curve); #ifdef WITH_OPENSSL - if (exponent != NULL) - BN_clear_free(exponent); + BN_clear_free(exponent); #endif /* WITH_OPENSSL */ sshkey_free(k); - if (ed25519_pk != NULL) { - explicit_bzero(ed25519_pk, pklen); - free(ed25519_pk); - } - if (ed25519_sk != NULL) { - explicit_bzero(ed25519_sk, sklen); - free(ed25519_sk); - } + freezero(ed25519_pk, pklen); + freezero(ed25519_sk, sklen); + free(xmss_name); + freezero(xmss_pk, pklen); + freezero(xmss_sk, sklen); return r; } @@ -2828,8 +3137,7 @@ sshkey_ec_validate_public(const EC_GROUP *group, const EC_POINT *public) ret = 0; out: BN_CTX_free(bnctx); - if (nq != NULL) - EC_POINT_free(nq); + EC_POINT_free(nq); return ret; } @@ -3006,7 +3314,8 @@ sshkey_private_to_blob2(const struct sshkey *prv, struct sshbuf *blob, goto out; /* append private key and comment*/ - if ((r = sshkey_private_serialize(prv, encrypted)) != 0 || + if ((r = sshkey_private_serialize_opt(prv, encrypted, + SSHKEY_SERIALIZE_FULL)) != 0 || (r = sshbuf_put_cstring(encrypted, comment)) != 0) goto out; @@ -3304,7 +3613,7 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *blob, int blen, len = strlen(_passphrase); u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL; const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL; - const u_char *bptr; + char *bptr; BIO *bio = NULL; if (len > 0 && len <= 4) @@ -3367,6 +3676,9 @@ sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, passphrase, comment); #endif /* WITH_OPENSSL */ case KEY_ED25519: +#ifdef WITH_XMSS + case KEY_XMSS: +#endif /* WITH_XMSS */ return sshkey_private_to_blob2(key, blob, passphrase, comment, new_format_cipher, new_format_rounds); default: @@ -3524,8 +3836,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, } out: BIO_free(bio); - if (pk != NULL) - EVP_PKEY_free(pk); + EVP_PKEY_free(pk); sshkey_free(prv); return r; } @@ -3551,6 +3862,9 @@ sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, passphrase, keyp); #endif /* WITH_OPENSSL */ case KEY_ED25519: +#ifdef WITH_XMSS + case KEY_XMSS: +#endif /* WITH_XMSS */ return sshkey_parse_private2(blob, type, passphrase, keyp, commentp); case KEY_UNSPEC: @@ -3582,3 +3896,90 @@ sshkey_parse_private_fileblob(struct sshbuf *buffer, const char *passphrase, return sshkey_parse_private_fileblob_type(buffer, KEY_UNSPEC, passphrase, keyp, commentp); } + +#ifdef WITH_XMSS +/* + * serialize the key with the current state and forward the state + * maxsign times. + */ +int +sshkey_private_serialize_maxsign(const struct sshkey *k, struct sshbuf *b, + u_int32_t maxsign, sshkey_printfn *pr) +{ + int r, rupdate; + + if (maxsign == 0 || + sshkey_type_plain(k->type) != KEY_XMSS) + return sshkey_private_serialize_opt(k, b, + SSHKEY_SERIALIZE_DEFAULT); + if ((r = sshkey_xmss_get_state(k, pr)) != 0 || + (r = sshkey_private_serialize_opt(k, b, + SSHKEY_SERIALIZE_STATE)) != 0 || + (r = sshkey_xmss_forward_state(k, maxsign)) != 0) + goto out; + r = 0; +out: + if ((rupdate = sshkey_xmss_update_state(k, pr)) != 0) { + if (r == 0) + r = rupdate; + } + return r; +} + +u_int32_t +sshkey_signatures_left(const struct sshkey *k) +{ + if (sshkey_type_plain(k->type) == KEY_XMSS) + return sshkey_xmss_signatures_left(k); + return 0; +} + +int +sshkey_enable_maxsign(struct sshkey *k, u_int32_t maxsign) +{ + if (sshkey_type_plain(k->type) != KEY_XMSS) + return SSH_ERR_INVALID_ARGUMENT; + return sshkey_xmss_enable_maxsign(k, maxsign); +} + +int +sshkey_set_filename(struct sshkey *k, const char *filename) +{ + if (k == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if (sshkey_type_plain(k->type) != KEY_XMSS) + return 0; + if (filename == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if ((k->xmss_filename = strdup(filename)) == NULL) + return SSH_ERR_ALLOC_FAIL; + return 0; +} +#else +int +sshkey_private_serialize_maxsign(const struct sshkey *k, struct sshbuf *b, + u_int32_t maxsign, sshkey_printfn *pr) +{ + return sshkey_private_serialize_opt(k, b, SSHKEY_SERIALIZE_DEFAULT); +} + +u_int32_t +sshkey_signatures_left(const struct sshkey *k) +{ + return 0; +} + +int +sshkey_enable_maxsign(struct sshkey *k, u_int32_t maxsign) +{ + return SSH_ERR_INVALID_ARGUMENT; +} + +int +sshkey_set_filename(struct sshkey *k, const char *filename) +{ + if (k == NULL) + return SSH_ERR_INVALID_ARGUMENT; + return 0; +} +#endif /* WITH_XMSS */ diff --git a/sshkey.h b/sshkey.h index 9093eac517d9..155cd45aea13 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.21 2017/07/01 13:50:45 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.24 2018/02/23 15:58:38 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -61,6 +61,8 @@ enum sshkey_types { KEY_DSA_CERT, KEY_ECDSA_CERT, KEY_ED25519_CERT, + KEY_XMSS, + KEY_XMSS_CERT, KEY_UNSPEC }; @@ -76,6 +78,14 @@ enum sshkey_fp_rep { SSH_FP_RANDOMART }; +/* Private key serialisation formats, used on the wire */ +enum sshkey_serialize_rep { + SSHKEY_SERIALIZE_DEFAULT = 0, + SSHKEY_SERIALIZE_STATE = 1, + SSHKEY_SERIALIZE_FULL = 2, + SSHKEY_SERIALIZE_INFO = 254, +}; + /* key is stored in external hardware */ #define SSHKEY_FLAG_EXT 0x0001 @@ -104,6 +114,11 @@ struct sshkey { EC_KEY *ecdsa; u_char *ed25519_sk; u_char *ed25519_pk; + char *xmss_name; + char *xmss_filename; /* for state file updates */ + void *xmss_state; /* depends on xmss_name, opaque */ + u_char *xmss_sk; + u_char *xmss_pk; struct sshkey_cert *cert; }; @@ -171,13 +186,16 @@ int sshkey_to_blob(const struct sshkey *, u_char **, size_t *); int sshkey_to_base64(const struct sshkey *, char **); int sshkey_putb(const struct sshkey *, struct sshbuf *); int sshkey_puts(const struct sshkey *, struct sshbuf *); +int sshkey_puts_opts(const struct sshkey *, struct sshbuf *, + enum sshkey_serialize_rep); int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); +int sshkey_sigtype(const u_char *, size_t, char **); int sshkey_sign(const struct sshkey *, u_char **, size_t *, const u_char *, size_t, const char *, u_int); int sshkey_verify(const struct sshkey *, const u_char *, size_t, - const u_char *, size_t, u_int); + const u_char *, size_t, const char *, u_int); /* for debug */ void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); @@ -185,6 +203,8 @@ void sshkey_dump_ec_key(const EC_KEY *); /* private key parsing and serialisation */ int sshkey_private_serialize(const struct sshkey *key, struct sshbuf *buf); +int sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *buf, + enum sshkey_serialize_rep); int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp); /* private key file format parsing and serialisation */ @@ -199,12 +219,26 @@ int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, /* XXX should be internal, but used by ssh-keygen */ int ssh_rsa_generate_additional_parameters(struct sshkey *); +/* stateful keys (e.g. XMSS) */ +#ifdef NO_ATTRIBUTE_ON_PROTOTYPE_ARGS +typedef void sshkey_printfn(const char *, ...); +#else +typedef void sshkey_printfn(const char *, ...) __attribute__((format(printf, 1, 2))); +#endif +int sshkey_set_filename(struct sshkey *, const char *); +int sshkey_enable_maxsign(struct sshkey *, u_int32_t); +u_int32_t sshkey_signatures_left(const struct sshkey *); +int sshkey_forward_state(const struct sshkey *, u_int32_t, sshkey_printfn *); +int sshkey_private_serialize_maxsign(const struct sshkey *key, struct sshbuf *buf, + u_int32_t maxsign, sshkey_printfn *pr); + #ifdef SSHKEY_INTERNAL int ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, const char *ident); int ssh_rsa_verify(const struct sshkey *key, - const u_char *sig, size_t siglen, const u_char *data, size_t datalen); + const u_char *sig, size_t siglen, const u_char *data, size_t datalen, + const char *alg); int ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat); int ssh_dss_verify(const struct sshkey *key, @@ -220,6 +254,11 @@ int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, int ssh_ed25519_verify(const struct sshkey *key, const u_char *signature, size_t signaturelen, const u_char *data, size_t datalen, u_int compat); +int ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, u_int compat); +int ssh_xmss_verify(const struct sshkey *key, + const u_char *signature, size_t signaturelen, + const u_char *data, size_t datalen, u_int compat); #endif #if !defined(WITH_OPENSSL) diff --git a/sshpty.c b/sshpty.c index fe2fb5aa2f28..4da84d05f7cd 100644 --- a/sshpty.c +++ b/sshpty.c @@ -100,30 +100,6 @@ pty_make_controlling_tty(int *ttyfd, const char *tty) { int fd; -#ifdef _UNICOS - if (setsid() < 0) - error("setsid: %.100s", strerror(errno)); - - fd = open(tty, O_RDWR|O_NOCTTY); - if (fd != -1) { - signal(SIGHUP, SIG_IGN); - ioctl(fd, TCVHUP, (char *)NULL); - signal(SIGHUP, SIG_DFL); - setpgid(0, 0); - close(fd); - } else { - error("Failed to disconnect from controlling tty."); - } - - debug("Setting controlling tty using TCSETCTTY."); - ioctl(*ttyfd, TCSETCTTY, NULL); - fd = open("/dev/tty", O_RDWR); - if (fd < 0) - error("%.100s: %.100s", tty, strerror(errno)); - close(*ttyfd); - *ttyfd = fd; -#else /* _UNICOS */ - /* First disconnect from the old controlling tty. */ #ifdef TIOCNOTTY fd = open(_PATH_TTY, O_RDWR | O_NOCTTY); @@ -167,7 +143,6 @@ pty_make_controlling_tty(int *ttyfd, const char *tty) strerror(errno)); else close(fd); -#endif /* _UNICOS */ } /* Changes the window size associated with the pty. */ diff --git a/ttymodes.c b/ttymodes.c index 8451396353c9..f9fdb92defab 100644 --- a/ttymodes.c +++ b/ttymodes.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ttymodes.c,v 1.32 2017/04/30 23:26:54 djm Exp $ */ +/* $OpenBSD: ttymodes.c,v 1.33 2018/02/16 04:43:11 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -56,6 +56,7 @@ #include "log.h" #include "compat.h" #include "buffer.h" +#include "compat.h" #define TTY_OP_END 0 /* @@ -308,9 +309,15 @@ tty_make_modes(int fd, struct termios *tiop) buffer_put_char(&buf, OP); \ buffer_put_int(&buf, special_char_encode(tio.c_cc[NAME])); +#define SSH_TTYMODE_IUTF8 42 /* for SSH_BUG_UTF8TTYMODE */ + #define TTYMODE(NAME, FIELD, OP) \ - buffer_put_char(&buf, OP); \ - buffer_put_int(&buf, ((tio.FIELD & NAME) != 0)); + if (OP == SSH_TTYMODE_IUTF8 && (datafellows & SSH_BUG_UTF8TTYMODE)) { \ + debug3("%s: SSH_BUG_UTF8TTYMODE", __func__); \ + } else { \ + buffer_put_char(&buf, OP); \ + buffer_put_int(&buf, ((tio.FIELD & NAME) != 0)); \ + } #include "ttymodes.h" diff --git a/umac.c b/umac.c index 9f2187c9af98..eab831072395 100644 --- a/umac.c +++ b/umac.c @@ -1,6 +1,6 @@ -/* $OpenBSD: umac.c,v 1.12 2017/05/31 08:09:45 markus Exp $ */ +/* $OpenBSD: umac.c,v 1.16 2017/12/12 15:06:12 naddy Exp $ */ /* ----------------------------------------------------------------------- - * + * * umac.c -- C Implementation UMAC Message Authentication * * Version 0.93b of rfc4418.txt -- 2006 July 18 @@ -10,7 +10,7 @@ * Please report bugs and suggestions to the UMAC webpage. * * Copyright (c) 1999-2006 Ted Krovetz - * + * * Permission to use, copy, modify, and distribute this software and * its documentation for any purpose and with or without fee, is hereby * granted provided that the above copyright notice appears in all copies @@ -18,10 +18,10 @@ * holder not be used in advertising or publicity pertaining to * distribution of the software without specific, written prior permission. * - * Comments should be directed to Ted Krovetz (tdk@acm.org) - * + * Comments should be directed to Ted Krovetz (tdk@acm.org) + * * ---------------------------------------------------------------------- */ - + /* ////////////////////// IMPORTANT NOTES ///////////////////////////////// * * 1) This version does not work properly on messages larger than 16MB @@ -47,7 +47,7 @@ * produced under gcc with optimizations set -O3 or higher. Dunno why. * /////////////////////////////////////////////////////////////////////// */ - + /* ---------------------------------------------------------------------- */ /* --- User Switches ---------------------------------------------------- */ /* ---------------------------------------------------------------------- */ @@ -187,11 +187,11 @@ static void kdf(void *bufp, aes_int_key key, UINT8 ndx, int nbytes) UINT8 out_buf[AES_BLOCK_LEN]; UINT8 *dst_buf = (UINT8 *)bufp; int i; - + /* Setup the initial value */ in_buf[AES_BLOCK_LEN-9] = ndx; in_buf[AES_BLOCK_LEN-1] = i = 1; - + while (nbytes >= AES_BLOCK_LEN) { aes_encryption(in_buf, out_buf, key); memcpy(dst_buf,out_buf,AES_BLOCK_LEN); @@ -208,7 +208,7 @@ static void kdf(void *bufp, aes_int_key key, UINT8 ndx, int nbytes) } /* The final UHASH result is XOR'd with the output of a pseudorandom - * function. Here, we use AES to generate random output and + * function. Here, we use AES to generate random output and * xor the appropriate bytes depending on the last bits of nonce. * This scheme is optimized for sequential, increasing big-endian nonces. */ @@ -222,10 +222,10 @@ typedef struct { static void pdf_init(pdf_ctx *pc, aes_int_key prf_key) { UINT8 buf[UMAC_KEY_LEN]; - + kdf(buf, prf_key, 0, UMAC_KEY_LEN); aes_key_setup(buf, pc->prf_key); - + /* Initialize pdf and cache */ memset(pc->nonce, 0, sizeof(pc->nonce)); aes_encryption(pc->nonce, pc->cache, pc->prf_key); @@ -238,7 +238,7 @@ static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8]) * of the AES output. If last time around we returned the ndx-1st * element, then we may have the result in the cache already. */ - + #if (UMAC_OUTPUT_LEN == 4) #define LOW_BIT_MASK 3 #elif (UMAC_OUTPUT_LEN == 8) @@ -255,7 +255,7 @@ static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8]) #endif *(UINT32 *)t.tmp_nonce_lo = ((const UINT32 *)nonce)[1]; t.tmp_nonce_lo[3] &= ~LOW_BIT_MASK; /* zero last bit */ - + if ( (((UINT32 *)t.tmp_nonce_lo)[0] != ((UINT32 *)pc->nonce)[1]) || (((const UINT32 *)nonce)[0] != ((UINT32 *)pc->nonce)[0]) ) { @@ -263,7 +263,7 @@ static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8]) ((UINT32 *)pc->nonce)[1] = ((UINT32 *)t.tmp_nonce_lo)[0]; aes_encryption(pc->nonce, pc->cache, pc->prf_key); } - + #if (UMAC_OUTPUT_LEN == 4) *((UINT32 *)buf) ^= ((UINT32 *)pc->cache)[ndx]; #elif (UMAC_OUTPUT_LEN == 8) @@ -284,28 +284,28 @@ static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8]) /* ---------------------------------------------------------------------- */ /* The NH-based hash functions used in UMAC are described in the UMAC paper - * and specification, both of which can be found at the UMAC website. - * The interface to this implementation has two + * and specification, both of which can be found at the UMAC website. + * The interface to this implementation has two * versions, one expects the entire message being hashed to be passed * in a single buffer and returns the hash result immediately. The second - * allows the message to be passed in a sequence of buffers. In the - * muliple-buffer interface, the client calls the routine nh_update() as - * many times as necessary. When there is no more data to be fed to the - * hash, the client calls nh_final() which calculates the hash output. - * Before beginning another hash calculation the nh_reset() routine - * must be called. The single-buffer routine, nh(), is equivalent to - * the sequence of calls nh_update() and nh_final(); however it is + * allows the message to be passed in a sequence of buffers. In the + * muliple-buffer interface, the client calls the routine nh_update() as + * many times as necessary. When there is no more data to be fed to the + * hash, the client calls nh_final() which calculates the hash output. + * Before beginning another hash calculation the nh_reset() routine + * must be called. The single-buffer routine, nh(), is equivalent to + * the sequence of calls nh_update() and nh_final(); however it is * optimized and should be prefered whenever the multiple-buffer interface - * is not necessary. When using either interface, it is the client's - * responsability to pass no more than L1_KEY_LEN bytes per hash result. - * - * The routine nh_init() initializes the nh_ctx data structure and - * must be called once, before any other PDF routine. + * is not necessary. When using either interface, it is the client's + * responsability to pass no more than L1_KEY_LEN bytes per hash result. + * + * The routine nh_init() initializes the nh_ctx data structure and + * must be called once, before any other PDF routine. */ - + /* The "nh_aux" routines do the actual NH hashing work. They * expect buffers to be multiples of L1_PAD_BOUNDARY. These routines - * produce output for all STREAMS NH iterations in one call, + * produce output for all STREAMS NH iterations in one call, * allowing the parallel implementation of the streams. */ @@ -328,10 +328,10 @@ typedef struct { #if (UMAC_OUTPUT_LEN == 4) static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) -/* NH hashing primitive. Previous (partial) hash result is loaded and +/* NH hashing primitive. Previous (partial) hash result is loaded and * then stored via hp pointer. The length of the data pointed at by "dp", * "dlen", is guaranteed to be divisible by L1_PAD_BOUNDARY (32). Key -* is expected to be endian compensated in memory at key setup. +* is expected to be endian compensated in memory at key setup. */ { UINT64 h; @@ -340,7 +340,7 @@ static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) const UINT32 *d = (const UINT32 *)dp; UINT32 d0,d1,d2,d3,d4,d5,d6,d7; UINT32 k0,k1,k2,k3,k4,k5,k6,k7; - + h = *((UINT64 *)hp); do { d0 = LOAD_UINT32_LITTLE(d+0); d1 = LOAD_UINT32_LITTLE(d+1); @@ -353,7 +353,7 @@ static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) h += MUL64((k1 + d1), (k5 + d5)); h += MUL64((k2 + d2), (k6 + d6)); h += MUL64((k3 + d3), (k7 + d7)); - + d += 8; k += 8; } while (--c); @@ -421,7 +421,7 @@ static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) UINT32 d0,d1,d2,d3,d4,d5,d6,d7; UINT32 k0,k1,k2,k3,k4,k5,k6,k7, k8,k9,k10,k11,k12,k13,k14,k15; - + h1 = *((UINT64 *)hp); h2 = *((UINT64 *)hp + 1); h3 = *((UINT64 *)hp + 2); @@ -434,26 +434,26 @@ static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) d6 = LOAD_UINT32_LITTLE(d+6); d7 = LOAD_UINT32_LITTLE(d+7); k8 = *(k+8); k9 = *(k+9); k10 = *(k+10); k11 = *(k+11); k12 = *(k+12); k13 = *(k+13); k14 = *(k+14); k15 = *(k+15); - + h1 += MUL64((k0 + d0), (k4 + d4)); h2 += MUL64((k4 + d0), (k8 + d4)); h3 += MUL64((k8 + d0), (k12 + d4)); - + h1 += MUL64((k1 + d1), (k5 + d5)); h2 += MUL64((k5 + d1), (k9 + d5)); h3 += MUL64((k9 + d1), (k13 + d5)); - + h1 += MUL64((k2 + d2), (k6 + d6)); h2 += MUL64((k6 + d2), (k10 + d6)); h3 += MUL64((k10 + d2), (k14 + d6)); - + h1 += MUL64((k3 + d3), (k7 + d7)); h2 += MUL64((k7 + d3), (k11 + d7)); h3 += MUL64((k11 + d3), (k15 + d7)); - + k0 = k8; k1 = k9; k2 = k10; k3 = k11; k4 = k12; k5 = k13; k6 = k14; k7 = k15; - + d += 8; k += 8; } while (--c); @@ -477,7 +477,7 @@ static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) UINT32 k0,k1,k2,k3,k4,k5,k6,k7, k8,k9,k10,k11,k12,k13,k14,k15, k16,k17,k18,k19; - + h1 = *((UINT64 *)hp); h2 = *((UINT64 *)hp + 1); h3 = *((UINT64 *)hp + 2); @@ -492,31 +492,31 @@ static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) k8 = *(k+8); k9 = *(k+9); k10 = *(k+10); k11 = *(k+11); k12 = *(k+12); k13 = *(k+13); k14 = *(k+14); k15 = *(k+15); k16 = *(k+16); k17 = *(k+17); k18 = *(k+18); k19 = *(k+19); - + h1 += MUL64((k0 + d0), (k4 + d4)); h2 += MUL64((k4 + d0), (k8 + d4)); h3 += MUL64((k8 + d0), (k12 + d4)); h4 += MUL64((k12 + d0), (k16 + d4)); - + h1 += MUL64((k1 + d1), (k5 + d5)); h2 += MUL64((k5 + d1), (k9 + d5)); h3 += MUL64((k9 + d1), (k13 + d5)); h4 += MUL64((k13 + d1), (k17 + d5)); - + h1 += MUL64((k2 + d2), (k6 + d6)); h2 += MUL64((k6 + d2), (k10 + d6)); h3 += MUL64((k10 + d2), (k14 + d6)); h4 += MUL64((k14 + d2), (k18 + d6)); - + h1 += MUL64((k3 + d3), (k7 + d7)); h2 += MUL64((k7 + d3), (k11 + d7)); h3 += MUL64((k11 + d3), (k15 + d7)); h4 += MUL64((k15 + d3), (k19 + d7)); - + k0 = k8; k1 = k9; k2 = k10; k3 = k11; k4 = k12; k5 = k13; k6 = k14; k7 = k15; k8 = k16; k9 = k17; k10 = k18; k11 = k19; - + d += 8; k += 8; } while (--c); @@ -541,7 +541,7 @@ static void nh_transform(nh_ctx *hc, const UINT8 *buf, UINT32 nbytes) */ { UINT8 *key; - + key = hc->nh_key + hc->bytes_hashed; nh_aux(key, buf, hc->state, nbytes); } @@ -613,7 +613,7 @@ static void nh_update(nh_ctx *hc, const UINT8 *buf, UINT32 nbytes) /* even multiple of HASH_BUF_BYTES. */ { UINT32 i,j; - + j = hc->next_data_empty; if ((j + nbytes) >= HASH_BUF_BYTES) { if (j) { @@ -677,12 +677,12 @@ static void nh_final(nh_ctx *hc, UINT8 *result) if (hc->next_data_empty != 0) { nh_len = ((hc->next_data_empty + (L1_PAD_BOUNDARY - 1)) & ~(L1_PAD_BOUNDARY - 1)); - zero_pad(hc->data + hc->next_data_empty, + zero_pad(hc->data + hc->next_data_empty, nh_len - hc->next_data_empty); nh_transform(hc, hc->data, nh_len); hc->bytes_hashed += hc->next_data_empty; } else if (hc->bytes_hashed == 0) { - nh_len = L1_PAD_BOUNDARY; + nh_len = L1_PAD_BOUNDARY; zero_pad(hc->data, L1_PAD_BOUNDARY); nh_transform(hc, hc->data, nh_len); } @@ -711,10 +711,10 @@ static void nh(nh_ctx *hc, const UINT8 *buf, UINT32 padded_len, */ { UINT32 nbits; - + /* Initialize the hash state */ nbits = (unpadded_len << 3); - + ((UINT64 *)result)[0] = nbits; #if (UMAC_OUTPUT_LEN >= 8) ((UINT64 *)result)[1] = nbits; @@ -725,7 +725,7 @@ static void nh(nh_ctx *hc, const UINT8 *buf, UINT32 padded_len, #if (UMAC_OUTPUT_LEN == 16) ((UINT64 *)result)[3] = nbits; #endif - + nh_aux(hc->nh_key, buf, result, padded_len); } @@ -744,16 +744,16 @@ static void nh(nh_ctx *hc, const UINT8 *buf, UINT32 padded_len, * buffers are presented sequentially. In the sequential interface, the * UHASH client calls the routine uhash_update() as many times as necessary. * When there is no more data to be fed to UHASH, the client calls - * uhash_final() which - * calculates the UHASH output. Before beginning another UHASH calculation - * the uhash_reset() routine must be called. The all-at-once UHASH routine, - * uhash(), is equivalent to the sequence of calls uhash_update() and - * uhash_final(); however it is optimized and should be - * used whenever the sequential interface is not necessary. - * - * The routine uhash_init() initializes the uhash_ctx data structure and + * uhash_final() which + * calculates the UHASH output. Before beginning another UHASH calculation + * the uhash_reset() routine must be called. The all-at-once UHASH routine, + * uhash(), is equivalent to the sequence of calls uhash_update() and + * uhash_final(); however it is optimized and should be + * used whenever the sequential interface is not necessary. + * + * The routine uhash_init() initializes the uhash_ctx data structure and * must be called once, before any other UHASH routine. - */ + */ /* ---------------------------------------------------------------------- */ /* ----- Constants and uhash_ctx ---------------------------------------- */ @@ -802,13 +802,13 @@ static UINT64 poly64(UINT64 cur, UINT64 key, UINT64 data) x_lo, x_hi; UINT64 X,T,res; - + X = MUL64(key_hi, cur_lo) + MUL64(cur_hi, key_lo); x_lo = (UINT32)X; x_hi = (UINT32)(X >> 32); - + res = (MUL64(key_hi, cur_hi) + x_hi) * 59 + MUL64(key_lo, cur_lo); - + T = ((UINT64)x_lo << 32); res += T; if (res < T) @@ -832,10 +832,10 @@ static void poly_hash(uhash_ctx_t hc, UINT32 data_in[]) { int i; UINT64 *data=(UINT64*)data_in; - + for (i = 0; i < STREAMS; i++) { if ((UINT32)(data[i] >> 32) == 0xfffffffful) { - hc->poly_accum[i] = poly64(hc->poly_accum[i], + hc->poly_accum[i] = poly64(hc->poly_accum[i], hc->poly_key_8[i], p64 - 1); hc->poly_accum[i] = poly64(hc->poly_accum[i], hc->poly_key_8[i], (data[i] - 59)); @@ -862,7 +862,7 @@ static UINT64 ip_aux(UINT64 t, UINT64 *ipkp, UINT64 data) t = t + ipkp[1] * (UINT64)(UINT16)(data >> 32); t = t + ipkp[2] * (UINT64)(UINT16)(data >> 16); t = t + ipkp[3] * (UINT64)(UINT16)(data); - + return t; } @@ -870,7 +870,7 @@ static UINT32 ip_reduce_p36(UINT64 t) { /* Divisionless modular reduction */ UINT64 ret; - + ret = (t & m36) + 5 * (t >> 36); if (ret >= p36) ret -= p36; @@ -888,7 +888,7 @@ static void ip_short(uhash_ctx_t ahc, UINT8 *nh_res, u_char *res) { UINT64 t; UINT64 *nhp = (UINT64 *)nh_res; - + t = ip_aux(0,ahc->ip_keys, nhp[0]); STORE_UINT32_BIG((UINT32 *)res+0, ip_reduce_p36(t) ^ ahc->ip_trans[0]); #if (UMAC_OUTPUT_LEN >= 8) @@ -919,7 +919,7 @@ static void ip_long(uhash_ctx_t ahc, u_char *res) if (ahc->poly_accum[i] >= p64) ahc->poly_accum[i] -= p64; t = ip_aux(0,ahc->ip_keys+(i*4), ahc->poly_accum[i]); - STORE_UINT32_BIG((UINT32 *)res+i, + STORE_UINT32_BIG((UINT32 *)res+i, ip_reduce_p36(t) ^ ahc->ip_trans[i]); } } @@ -958,13 +958,13 @@ static void uhash_init(uhash_ctx_t ahc, aes_int_key prf_key) { int i; UINT8 buf[(8*STREAMS+4)*sizeof(UINT64)]; - + /* Zero the entire uhash context */ memset(ahc, 0, sizeof(uhash_ctx)); /* Initialize the L1 hash */ nh_init(&ahc->hash, prf_key); - + /* Setup L2 hash variables */ kdf(buf, prf_key, 2, sizeof(buf)); /* Fill buffer with index 1 key */ for (i = 0; i < STREAMS; i++) { @@ -978,17 +978,17 @@ static void uhash_init(uhash_ctx_t ahc, aes_int_key prf_key) ahc->poly_key_8[i] &= ((UINT64)0x01ffffffu << 32) + 0x01ffffffu; ahc->poly_accum[i] = 1; /* Our polyhash prepends a non-zero word */ } - + /* Setup L3-1 hash variables */ kdf(buf, prf_key, 3, sizeof(buf)); /* Fill buffer with index 2 key */ for (i = 0; i < STREAMS; i++) memcpy(ahc->ip_keys+4*i, buf+(8*i+4)*sizeof(UINT64), 4*sizeof(UINT64)); - endian_convert_if_le(ahc->ip_keys, sizeof(UINT64), + endian_convert_if_le(ahc->ip_keys, sizeof(UINT64), sizeof(ahc->ip_keys)); for (i = 0; i < STREAMS*4; i++) ahc->ip_keys[i] %= p36; /* Bring into Z_p36 */ - + /* Setup L3-2 hash variables */ /* Fill buffer with index 4 key */ kdf(ahc->ip_trans, prf_key, 4, STREAMS * sizeof(UINT32)); @@ -1006,7 +1006,7 @@ static uhash_ctx_t uhash_alloc(u_char key[]) uhash_ctx_t ctx; u_char bytes_to_add; aes_int_key prf_key; - + ctx = (uhash_ctx_t)malloc(sizeof(uhash_ctx)+ALLOC_BOUNDARY); if (ctx) { if (ALLOC_BOUNDARY) { @@ -1029,7 +1029,7 @@ static int uhash_free(uhash_ctx_t ctx) { /* Free memory allocated by uhash_alloc */ u_char bytes_to_sub; - + if (ctx) { if (ALLOC_BOUNDARY) { bytes_to_sub = *((u_char *)ctx - 1); @@ -1050,12 +1050,12 @@ static int uhash_update(uhash_ctx_t ctx, const u_char *input, long len) UWORD bytes_hashed, bytes_remaining; UINT64 result_buf[STREAMS]; UINT8 *nh_result = (UINT8 *)&result_buf; - + if (ctx->msg_len + len <= L1_KEY_LEN) { nh_update(&ctx->hash, (const UINT8 *)input, len); ctx->msg_len += len; } else { - + bytes_hashed = ctx->msg_len % L1_KEY_LEN; if (ctx->msg_len == L1_KEY_LEN) bytes_hashed = L1_KEY_LEN; @@ -1128,15 +1128,15 @@ static int uhash(uhash_ctx_t ahc, u_char *msg, long len, u_char *res) UINT8 nh_result[STREAMS*sizeof(UINT64)]; UINT32 nh_len; int extra_zeroes_needed; - + /* If the message to be hashed is no longer than L1_HASH_LEN, we skip * the polyhash. */ if (len <= L1_KEY_LEN) { - if (len == 0) /* If zero length messages will not */ - nh_len = L1_PAD_BOUNDARY; /* be seen, comment out this case */ - else - nh_len = ((len + (L1_PAD_BOUNDARY - 1)) & ~(L1_PAD_BOUNDARY - 1)); + if (len == 0) /* If zero length messages will not */ + nh_len = L1_PAD_BOUNDARY; /* be seen, comment out this case */ + else + nh_len = ((len + (L1_PAD_BOUNDARY - 1)) & ~(L1_PAD_BOUNDARY - 1)); extra_zeroes_needed = nh_len - len; zero_pad((UINT8 *)msg + len, extra_zeroes_needed); nh(&ahc->hash, (UINT8 *)msg, nh_len, len, nh_result); @@ -1161,7 +1161,7 @@ static int uhash(uhash_ctx_t ahc, u_char *msg, long len, u_char *res) ip_long(ahc, res); } - + uhash_reset(ahc); return 1; } @@ -1175,9 +1175,9 @@ static int uhash(uhash_ctx_t ahc, u_char *msg, long len, u_char *res) /* The UMAC interface has two interfaces, an all-at-once interface where * the entire message to be authenticated is passed to UMAC in one buffer, - * and a sequential interface where the message is presented a little at a + * and a sequential interface where the message is presented a little at a * time. The all-at-once is more optimaized than the sequential version and - * should be preferred when the sequential interface is not required. + * should be preferred when the sequential interface is not required. */ struct umac_ctx { uhash_ctx hash; /* Hash function for message compression */ @@ -1213,14 +1213,14 @@ int umac_delete(struct umac_ctx *ctx) /* ---------------------------------------------------------------------- */ struct umac_ctx *umac_new(const u_char key[]) -/* Dynamically allocate a umac_ctx struct, initialize variables, +/* Dynamically allocate a umac_ctx struct, initialize variables, * generate subkeys from key. Align to 16-byte boundary. */ { struct umac_ctx *ctx, *octx; size_t bytes_to_add; aes_int_key prf_key; - + octx = ctx = xcalloc(1, sizeof(*ctx) + ALLOC_BOUNDARY); if (ctx) { if (ALLOC_BOUNDARY) { @@ -1234,7 +1234,7 @@ struct umac_ctx *umac_new(const u_char key[]) uhash_init(&ctx->hash, prf_key); explicit_bzero(prf_key, sizeof(prf_key)); } - + return (ctx); } @@ -1245,7 +1245,7 @@ int umac_final(struct umac_ctx *ctx, u_char tag[], const u_char nonce[8]) { uhash_final(&ctx->hash, (u_char *)tag); pdf_gen_xor(&ctx->pdf, (const UINT8 *)nonce, (UINT8 *)tag); - + return (1); } @@ -1263,14 +1263,14 @@ int umac_update(struct umac_ctx *ctx, const u_char *input, long len) /* ---------------------------------------------------------------------- */ #if 0 -int umac(struct umac_ctx *ctx, u_char *input, +int umac(struct umac_ctx *ctx, u_char *input, long len, u_char tag[], u_char nonce[8]) /* All-in-one version simply calls umac_update() and umac_final(). */ { uhash(&ctx->hash, input, len, (u_char *)tag); pdf_gen_xor(&ctx->pdf, (UINT8 *)nonce, (UINT8 *)tag); - + return (1); } #endif diff --git a/umac128.c b/umac128.c new file mode 100644 index 000000000000..f71792506264 --- /dev/null +++ b/umac128.c @@ -0,0 +1,10 @@ +/* $OpenBSD: umac128.c,v 1.2 2018/02/08 04:12:32 dtucker Exp $ */ + +#define UMAC_OUTPUT_LEN 16 +#define umac_new umac128_new +#define umac_update umac128_update +#define umac_final umac128_final +#define umac_delete umac128_delete +#define umac_ctx umac128_ctx + +#include "umac.c" diff --git a/version.h b/version.h index e093f623b227..ea52b26f5e3d 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ -/* $OpenBSD: version.h,v 1.80 2017/09/30 22:26:33 djm Exp $ */ +/* $OpenBSD: version.h,v 1.81 2018/03/24 19:29:03 markus Exp $ */ -#define SSH_VERSION "OpenSSH_7.6" +#define SSH_VERSION "OpenSSH_7.7" #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE diff --git a/xmss_commons.c b/xmss_commons.c new file mode 100644 index 000000000000..59486aead708 --- /dev/null +++ b/xmss_commons.c @@ -0,0 +1,36 @@ +/* $OpenBSD: xmss_commons.c,v 1.2 2018/02/26 03:56:44 dtucker Exp $ */ +/* +xmss_commons.c 20160722 +Andreas Hülsing +Joost Rijneveld +Public domain. +*/ + +#include "includes.h" +#ifdef WITH_XMSS + +#include "xmss_commons.h" +#include +#include +#ifdef HAVE_STDINT_H +#include +#endif + +void to_byte(unsigned char *out, unsigned long long in, uint32_t bytes) +{ + int32_t i; + for (i = bytes-1; i >= 0; i--) { + out[i] = in & 0xff; + in = in >> 8; + } +} + +#if 0 +void hexdump(const unsigned char *a, size_t len) +{ + size_t i; + for (i = 0; i < len; i++) + printf("%02x", a[i]); +} +#endif +#endif /* WITH_XMSS */ diff --git a/xmss_commons.h b/xmss_commons.h new file mode 100644 index 000000000000..a98e4799c425 --- /dev/null +++ b/xmss_commons.h @@ -0,0 +1,21 @@ +#ifdef WITH_XMSS +/* $OpenBSD: xmss_commons.h,v 1.3 2018/02/26 03:56:44 dtucker Exp $ */ +/* +xmss_commons.h 20160722 +Andreas Hülsing +Joost Rijneveld +Public domain. +*/ +#ifndef XMSS_COMMONS_H +#define XMSS_COMMONS_H + +#include +#ifdef HAVE_STDINT_H +#include +#endif +#endif +void to_byte(unsigned char *output, unsigned long long in, uint32_t bytes); +#if 0 +void hexdump(const unsigned char *a, size_t len); +#endif +#endif /* WITH_XMSS */ diff --git a/xmss_fast.c b/xmss_fast.c new file mode 100644 index 000000000000..e37447f60d8c --- /dev/null +++ b/xmss_fast.c @@ -0,0 +1,1106 @@ +/* $OpenBSD: xmss_fast.c,v 1.3 2018/03/22 07:06:11 markus Exp $ */ +/* +xmss_fast.c version 20160722 +Andreas Hülsing +Joost Rijneveld +Public domain. +*/ + +#include "includes.h" +#ifdef WITH_XMSS + +#include +#include +#ifdef HAVE_STDINT_H +#include +#endif + +#include "xmss_fast.h" +#include "crypto_api.h" +#include "xmss_wots.h" +#include "xmss_hash.h" + +#include "xmss_commons.h" +#include "xmss_hash_address.h" +// For testing +#include "stdio.h" + + + +/** + * Used for pseudorandom keygeneration, + * generates the seed for the WOTS keypair at address addr + * + * takes n byte sk_seed and returns n byte seed using 32 byte address addr. + */ +static void get_seed(unsigned char *seed, const unsigned char *sk_seed, int n, uint32_t addr[8]) +{ + unsigned char bytes[32]; + // Make sure that chain addr, hash addr, and key bit are 0! + setChainADRS(addr,0); + setHashADRS(addr,0); + setKeyAndMask(addr,0); + // Generate pseudorandom value + addr_to_byte(bytes, addr); + prf(seed, bytes, sk_seed, n); +} + +/** + * Initialize xmss params struct + * parameter names are the same as in the draft + * parameter k is K as used in the BDS algorithm + */ +int xmss_set_params(xmss_params *params, int n, int h, int w, int k) +{ + if (k >= h || k < 2 || (h - k) % 2) { + fprintf(stderr, "For BDS traversal, H - K must be even, with H > K >= 2!\n"); + return 1; + } + params->h = h; + params->n = n; + params->k = k; + wots_params wots_par; + wots_set_params(&wots_par, n, w); + params->wots_par = wots_par; + return 0; +} + +/** + * Initialize BDS state struct + * parameter names are the same as used in the description of the BDS traversal + */ +void xmss_set_bds_state(bds_state *state, unsigned char *stack, int stackoffset, unsigned char *stacklevels, unsigned char *auth, unsigned char *keep, treehash_inst *treehash, unsigned char *retain, int next_leaf) +{ + state->stack = stack; + state->stackoffset = stackoffset; + state->stacklevels = stacklevels; + state->auth = auth; + state->keep = keep; + state->treehash = treehash; + state->retain = retain; + state->next_leaf = next_leaf; +} + +/** + * Initialize xmssmt_params struct + * parameter names are the same as in the draft + * + * Especially h is the total tree height, i.e. the XMSS trees have height h/d + */ +int xmssmt_set_params(xmssmt_params *params, int n, int h, int d, int w, int k) +{ + if (h % d) { + fprintf(stderr, "d must divide h without remainder!\n"); + return 1; + } + params->h = h; + params->d = d; + params->n = n; + params->index_len = (h + 7) / 8; + xmss_params xmss_par; + if (xmss_set_params(&xmss_par, n, (h/d), w, k)) { + return 1; + } + params->xmss_par = xmss_par; + return 0; +} + +/** + * Computes a leaf from a WOTS public key using an L-tree. + */ +static void l_tree(unsigned char *leaf, unsigned char *wots_pk, const xmss_params *params, const unsigned char *pub_seed, uint32_t addr[8]) +{ + unsigned int l = params->wots_par.len; + unsigned int n = params->n; + uint32_t i = 0; + uint32_t height = 0; + uint32_t bound; + + //ADRS.setTreeHeight(0); + setTreeHeight(addr, height); + + while (l > 1) { + bound = l >> 1; //floor(l / 2); + for (i = 0; i < bound; i++) { + //ADRS.setTreeIndex(i); + setTreeIndex(addr, i); + //wots_pk[i] = RAND_HASH(pk[2i], pk[2i + 1], SEED, ADRS); + hash_h(wots_pk+i*n, wots_pk+i*2*n, pub_seed, addr, n); + } + //if ( l % 2 == 1 ) { + if (l & 1) { + //pk[floor(l / 2) + 1] = pk[l]; + memcpy(wots_pk+(l>>1)*n, wots_pk+(l-1)*n, n); + //l = ceil(l / 2); + l=(l>>1)+1; + } + else { + //l = ceil(l / 2); + l=(l>>1); + } + //ADRS.setTreeHeight(ADRS.getTreeHeight() + 1); + height++; + setTreeHeight(addr, height); + } + //return pk[0]; + memcpy(leaf, wots_pk, n); +} + +/** + * Computes the leaf at a given address. First generates the WOTS key pair, then computes leaf using l_tree. As this happens position independent, we only require that addr encodes the right ltree-address. + */ +static void gen_leaf_wots(unsigned char *leaf, const unsigned char *sk_seed, const xmss_params *params, const unsigned char *pub_seed, uint32_t ltree_addr[8], uint32_t ots_addr[8]) +{ + unsigned char seed[params->n]; + unsigned char pk[params->wots_par.keysize]; + + get_seed(seed, sk_seed, params->n, ots_addr); + wots_pkgen(pk, seed, &(params->wots_par), pub_seed, ots_addr); + + l_tree(leaf, pk, params, pub_seed, ltree_addr); +} + +static int treehash_minheight_on_stack(bds_state* state, const xmss_params *params, const treehash_inst *treehash) { + unsigned int r = params->h, i; + for (i = 0; i < treehash->stackusage; i++) { + if (state->stacklevels[state->stackoffset - i - 1] < r) { + r = state->stacklevels[state->stackoffset - i - 1]; + } + } + return r; +} + +/** + * Merkle's TreeHash algorithm. The address only needs to initialize the first 78 bits of addr. Everything else will be set by treehash. + * Currently only used for key generation. + * + */ +static void treehash_setup(unsigned char *node, int height, int index, bds_state *state, const unsigned char *sk_seed, const xmss_params *params, const unsigned char *pub_seed, const uint32_t addr[8]) +{ + unsigned int idx = index; + unsigned int n = params->n; + unsigned int h = params->h; + unsigned int k = params->k; + // use three different addresses because at this point we use all three formats in parallel + uint32_t ots_addr[8]; + uint32_t ltree_addr[8]; + uint32_t node_addr[8]; + // only copy layer and tree address parts + memcpy(ots_addr, addr, 12); + // type = ots + setType(ots_addr, 0); + memcpy(ltree_addr, addr, 12); + setType(ltree_addr, 1); + memcpy(node_addr, addr, 12); + setType(node_addr, 2); + + uint32_t lastnode, i; + unsigned char stack[(height+1)*n]; + unsigned int stacklevels[height+1]; + unsigned int stackoffset=0; + unsigned int nodeh; + + lastnode = idx+(1<treehash[i].h = i; + state->treehash[i].completed = 1; + state->treehash[i].stackusage = 0; + } + + i = 0; + for (; idx < lastnode; idx++) { + setLtreeADRS(ltree_addr, idx); + setOTSADRS(ots_addr, idx); + gen_leaf_wots(stack+stackoffset*n, sk_seed, params, pub_seed, ltree_addr, ots_addr); + stacklevels[stackoffset] = 0; + stackoffset++; + if (h - k > 0 && i == 3) { + memcpy(state->treehash[0].node, stack+stackoffset*n, n); + } + while (stackoffset>1 && stacklevels[stackoffset-1] == stacklevels[stackoffset-2]) + { + nodeh = stacklevels[stackoffset-1]; + if (i >> nodeh == 1) { + memcpy(state->auth + nodeh*n, stack+(stackoffset-1)*n, n); + } + else { + if (nodeh < h - k && i >> nodeh == 3) { + memcpy(state->treehash[nodeh].node, stack+(stackoffset-1)*n, n); + } + else if (nodeh >= h - k) { + memcpy(state->retain + ((1 << (h - 1 - nodeh)) + nodeh - h + (((i >> nodeh) - 3) >> 1)) * n, stack+(stackoffset-1)*n, n); + } + } + setTreeHeight(node_addr, stacklevels[stackoffset-1]); + setTreeIndex(node_addr, (idx >> (stacklevels[stackoffset-1]+1))); + hash_h(stack+(stackoffset-2)*n, stack+(stackoffset-2)*n, pub_seed, + node_addr, n); + stacklevels[stackoffset-2]++; + stackoffset--; + } + i++; + } + + for (i = 0; i < n; i++) + node[i] = stack[i]; +} + +static void treehash_update(treehash_inst *treehash, bds_state *state, const unsigned char *sk_seed, const xmss_params *params, const unsigned char *pub_seed, const uint32_t addr[8]) { + int n = params->n; + + uint32_t ots_addr[8]; + uint32_t ltree_addr[8]; + uint32_t node_addr[8]; + // only copy layer and tree address parts + memcpy(ots_addr, addr, 12); + // type = ots + setType(ots_addr, 0); + memcpy(ltree_addr, addr, 12); + setType(ltree_addr, 1); + memcpy(node_addr, addr, 12); + setType(node_addr, 2); + + setLtreeADRS(ltree_addr, treehash->next_idx); + setOTSADRS(ots_addr, treehash->next_idx); + + unsigned char nodebuffer[2 * n]; + unsigned int nodeheight = 0; + gen_leaf_wots(nodebuffer, sk_seed, params, pub_seed, ltree_addr, ots_addr); + while (treehash->stackusage > 0 && state->stacklevels[state->stackoffset-1] == nodeheight) { + memcpy(nodebuffer + n, nodebuffer, n); + memcpy(nodebuffer, state->stack + (state->stackoffset-1)*n, n); + setTreeHeight(node_addr, nodeheight); + setTreeIndex(node_addr, (treehash->next_idx >> (nodeheight+1))); + hash_h(nodebuffer, nodebuffer, pub_seed, node_addr, n); + nodeheight++; + treehash->stackusage--; + state->stackoffset--; + } + if (nodeheight == treehash->h) { // this also implies stackusage == 0 + memcpy(treehash->node, nodebuffer, n); + treehash->completed = 1; + } + else { + memcpy(state->stack + state->stackoffset*n, nodebuffer, n); + treehash->stackusage++; + state->stacklevels[state->stackoffset] = nodeheight; + state->stackoffset++; + treehash->next_idx++; + } +} + +/** + * Computes a root node given a leaf and an authapth + */ +static void validate_authpath(unsigned char *root, const unsigned char *leaf, unsigned long leafidx, const unsigned char *authpath, const xmss_params *params, const unsigned char *pub_seed, uint32_t addr[8]) +{ + unsigned int n = params->n; + + uint32_t i, j; + unsigned char buffer[2*n]; + + // If leafidx is odd (last bit = 1), current path element is a right child and authpath has to go to the left. + // Otherwise, it is the other way around + if (leafidx & 1) { + for (j = 0; j < n; j++) + buffer[n+j] = leaf[j]; + for (j = 0; j < n; j++) + buffer[j] = authpath[j]; + } + else { + for (j = 0; j < n; j++) + buffer[j] = leaf[j]; + for (j = 0; j < n; j++) + buffer[n+j] = authpath[j]; + } + authpath += n; + + for (i=0; i < params->h-1; i++) { + setTreeHeight(addr, i); + leafidx >>= 1; + setTreeIndex(addr, leafidx); + if (leafidx&1) { + hash_h(buffer+n, buffer, pub_seed, addr, n); + for (j = 0; j < n; j++) + buffer[j] = authpath[j]; + } + else { + hash_h(buffer, buffer, pub_seed, addr, n); + for (j = 0; j < n; j++) + buffer[j+n] = authpath[j]; + } + authpath += n; + } + setTreeHeight(addr, (params->h-1)); + leafidx >>= 1; + setTreeIndex(addr, leafidx); + hash_h(root, buffer, pub_seed, addr, n); +} + +/** + * Performs one treehash update on the instance that needs it the most. + * Returns 1 if such an instance was not found + **/ +static char bds_treehash_update(bds_state *state, unsigned int updates, const unsigned char *sk_seed, const xmss_params *params, unsigned char *pub_seed, const uint32_t addr[8]) { + uint32_t i, j; + unsigned int level, l_min, low; + unsigned int h = params->h; + unsigned int k = params->k; + unsigned int used = 0; + + for (j = 0; j < updates; j++) { + l_min = h; + level = h - k; + for (i = 0; i < h - k; i++) { + if (state->treehash[i].completed) { + low = h; + } + else if (state->treehash[i].stackusage == 0) { + low = i; + } + else { + low = treehash_minheight_on_stack(state, params, &(state->treehash[i])); + } + if (low < l_min) { + level = i; + l_min = low; + } + } + if (level == h - k) { + break; + } + treehash_update(&(state->treehash[level]), state, sk_seed, params, pub_seed, addr); + used++; + } + return updates - used; +} + +/** + * Updates the state (typically NEXT_i) by adding a leaf and updating the stack + * Returns 1 if all leaf nodes have already been processed + **/ +static char bds_state_update(bds_state *state, const unsigned char *sk_seed, const xmss_params *params, unsigned char *pub_seed, const uint32_t addr[8]) { + uint32_t ltree_addr[8]; + uint32_t node_addr[8]; + uint32_t ots_addr[8]; + + int n = params->n; + int h = params->h; + int k = params->k; + + int nodeh; + int idx = state->next_leaf; + if (idx == 1 << h) { + return 1; + } + + // only copy layer and tree address parts + memcpy(ots_addr, addr, 12); + // type = ots + setType(ots_addr, 0); + memcpy(ltree_addr, addr, 12); + setType(ltree_addr, 1); + memcpy(node_addr, addr, 12); + setType(node_addr, 2); + + setOTSADRS(ots_addr, idx); + setLtreeADRS(ltree_addr, idx); + + gen_leaf_wots(state->stack+state->stackoffset*n, sk_seed, params, pub_seed, ltree_addr, ots_addr); + + state->stacklevels[state->stackoffset] = 0; + state->stackoffset++; + if (h - k > 0 && idx == 3) { + memcpy(state->treehash[0].node, state->stack+state->stackoffset*n, n); + } + while (state->stackoffset>1 && state->stacklevels[state->stackoffset-1] == state->stacklevels[state->stackoffset-2]) { + nodeh = state->stacklevels[state->stackoffset-1]; + if (idx >> nodeh == 1) { + memcpy(state->auth + nodeh*n, state->stack+(state->stackoffset-1)*n, n); + } + else { + if (nodeh < h - k && idx >> nodeh == 3) { + memcpy(state->treehash[nodeh].node, state->stack+(state->stackoffset-1)*n, n); + } + else if (nodeh >= h - k) { + memcpy(state->retain + ((1 << (h - 1 - nodeh)) + nodeh - h + (((idx >> nodeh) - 3) >> 1)) * n, state->stack+(state->stackoffset-1)*n, n); + } + } + setTreeHeight(node_addr, state->stacklevels[state->stackoffset-1]); + setTreeIndex(node_addr, (idx >> (state->stacklevels[state->stackoffset-1]+1))); + hash_h(state->stack+(state->stackoffset-2)*n, state->stack+(state->stackoffset-2)*n, pub_seed, node_addr, n); + + state->stacklevels[state->stackoffset-2]++; + state->stackoffset--; + } + state->next_leaf++; + return 0; +} + +/** + * Returns the auth path for node leaf_idx and computes the auth path for the + * next leaf node, using the algorithm described by Buchmann, Dahmen and Szydlo + * in "Post Quantum Cryptography", Springer 2009. + */ +static void bds_round(bds_state *state, const unsigned long leaf_idx, const unsigned char *sk_seed, const xmss_params *params, unsigned char *pub_seed, uint32_t addr[8]) +{ + unsigned int i; + unsigned int n = params->n; + unsigned int h = params->h; + unsigned int k = params->k; + + unsigned int tau = h; + unsigned int startidx; + unsigned int offset, rowidx; + unsigned char buf[2 * n]; + + uint32_t ots_addr[8]; + uint32_t ltree_addr[8]; + uint32_t node_addr[8]; + // only copy layer and tree address parts + memcpy(ots_addr, addr, 12); + // type = ots + setType(ots_addr, 0); + memcpy(ltree_addr, addr, 12); + setType(ltree_addr, 1); + memcpy(node_addr, addr, 12); + setType(node_addr, 2); + + for (i = 0; i < h; i++) { + if (! ((leaf_idx >> i) & 1)) { + tau = i; + break; + } + } + + if (tau > 0) { + memcpy(buf, state->auth + (tau-1) * n, n); + // we need to do this before refreshing state->keep to prevent overwriting + memcpy(buf + n, state->keep + ((tau-1) >> 1) * n, n); + } + if (!((leaf_idx >> (tau + 1)) & 1) && (tau < h - 1)) { + memcpy(state->keep + (tau >> 1)*n, state->auth + tau*n, n); + } + if (tau == 0) { + setLtreeADRS(ltree_addr, leaf_idx); + setOTSADRS(ots_addr, leaf_idx); + gen_leaf_wots(state->auth, sk_seed, params, pub_seed, ltree_addr, ots_addr); + } + else { + setTreeHeight(node_addr, (tau-1)); + setTreeIndex(node_addr, leaf_idx >> tau); + hash_h(state->auth + tau * n, buf, pub_seed, node_addr, n); + for (i = 0; i < tau; i++) { + if (i < h - k) { + memcpy(state->auth + i * n, state->treehash[i].node, n); + } + else { + offset = (1 << (h - 1 - i)) + i - h; + rowidx = ((leaf_idx >> i) - 1) >> 1; + memcpy(state->auth + i * n, state->retain + (offset + rowidx) * n, n); + } + } + + for (i = 0; i < ((tau < h - k) ? tau : (h - k)); i++) { + startidx = leaf_idx + 1 + 3 * (1 << i); + if (startidx < 1U << h) { + state->treehash[i].h = i; + state->treehash[i].next_idx = startidx; + state->treehash[i].completed = 0; + state->treehash[i].stackusage = 0; + } + } + } +} + +/* + * Generates a XMSS key pair for a given parameter set. + * Format sk: [(32bit) idx || SK_SEED || SK_PRF || PUB_SEED || root] + * Format pk: [root || PUB_SEED] omitting algo oid. + */ +int xmss_keypair(unsigned char *pk, unsigned char *sk, bds_state *state, xmss_params *params) +{ + unsigned int n = params->n; + // Set idx = 0 + sk[0] = 0; + sk[1] = 0; + sk[2] = 0; + sk[3] = 0; + // Init SK_SEED (n byte), SK_PRF (n byte), and PUB_SEED (n byte) + randombytes(sk+4, 3*n); + // Copy PUB_SEED to public key + memcpy(pk+n, sk+4+2*n, n); + + uint32_t addr[8] = {0, 0, 0, 0, 0, 0, 0, 0}; + + // Compute root + treehash_setup(pk, params->h, 0, state, sk+4, params, sk+4+2*n, addr); + // copy root to sk + memcpy(sk+4+3*n, pk, n); + return 0; +} + +/** + * Signs a message. + * Returns + * 1. an array containing the signature followed by the message AND + * 2. an updated secret key! + * + */ +int xmss_sign(unsigned char *sk, bds_state *state, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg, unsigned long long msglen, const xmss_params *params) +{ + unsigned int h = params->h; + unsigned int n = params->n; + unsigned int k = params->k; + uint16_t i = 0; + + // Extract SK + unsigned long idx = ((unsigned long)sk[0] << 24) | ((unsigned long)sk[1] << 16) | ((unsigned long)sk[2] << 8) | sk[3]; + unsigned char sk_seed[n]; + memcpy(sk_seed, sk+4, n); + unsigned char sk_prf[n]; + memcpy(sk_prf, sk+4+n, n); + unsigned char pub_seed[n]; + memcpy(pub_seed, sk+4+2*n, n); + + // index as 32 bytes string + unsigned char idx_bytes_32[32]; + to_byte(idx_bytes_32, idx, 32); + + unsigned char hash_key[3*n]; + + // Update SK + sk[0] = ((idx + 1) >> 24) & 255; + sk[1] = ((idx + 1) >> 16) & 255; + sk[2] = ((idx + 1) >> 8) & 255; + sk[3] = (idx + 1) & 255; + // -- Secret key for this non-forward-secure version is now updated. + // -- A productive implementation should use a file handle instead and write the updated secret key at this point! + + // Init working params + unsigned char R[n]; + unsigned char msg_h[n]; + unsigned char ots_seed[n]; + uint32_t ots_addr[8] = {0, 0, 0, 0, 0, 0, 0, 0}; + + // --------------------------------- + // Message Hashing + // --------------------------------- + + // Message Hash: + // First compute pseudorandom value + prf(R, idx_bytes_32, sk_prf, n); + // Generate hash key (R || root || idx) + memcpy(hash_key, R, n); + memcpy(hash_key+n, sk+4+3*n, n); + to_byte(hash_key+2*n, idx, n); + // Then use it for message digest + h_msg(msg_h, msg, msglen, hash_key, 3*n, n); + + // Start collecting signature + *sig_msg_len = 0; + + // Copy index to signature + sig_msg[0] = (idx >> 24) & 255; + sig_msg[1] = (idx >> 16) & 255; + sig_msg[2] = (idx >> 8) & 255; + sig_msg[3] = idx & 255; + + sig_msg += 4; + *sig_msg_len += 4; + + // Copy R to signature + for (i = 0; i < n; i++) + sig_msg[i] = R[i]; + + sig_msg += n; + *sig_msg_len += n; + + // ---------------------------------- + // Now we start to "really sign" + // ---------------------------------- + + // Prepare Address + setType(ots_addr, 0); + setOTSADRS(ots_addr, idx); + + // Compute seed for OTS key pair + get_seed(ots_seed, sk_seed, n, ots_addr); + + // Compute WOTS signature + wots_sign(sig_msg, msg_h, ots_seed, &(params->wots_par), pub_seed, ots_addr); + + sig_msg += params->wots_par.keysize; + *sig_msg_len += params->wots_par.keysize; + + // the auth path was already computed during the previous round + memcpy(sig_msg, state->auth, h*n); + + if (idx < (1U << h) - 1) { + bds_round(state, idx, sk_seed, params, pub_seed, ots_addr); + bds_treehash_update(state, (h - k) >> 1, sk_seed, params, pub_seed, ots_addr); + } + +/* TODO: save key/bds state here! */ + + sig_msg += params->h*n; + *sig_msg_len += params->h*n; + + //Whipe secret elements? + //zerobytes(tsk, CRYPTO_SECRETKEYBYTES); + + + memcpy(sig_msg, msg, msglen); + *sig_msg_len += msglen; + + return 0; +} + +/** + * Verifies a given message signature pair under a given public key. + */ +int xmss_sign_open(unsigned char *msg, unsigned long long *msglen, const unsigned char *sig_msg, unsigned long long sig_msg_len, const unsigned char *pk, const xmss_params *params) +{ + unsigned int n = params->n; + + unsigned long long i, m_len; + unsigned long idx=0; + unsigned char wots_pk[params->wots_par.keysize]; + unsigned char pkhash[n]; + unsigned char root[n]; + unsigned char msg_h[n]; + unsigned char hash_key[3*n]; + + unsigned char pub_seed[n]; + memcpy(pub_seed, pk+n, n); + + // Init addresses + uint32_t ots_addr[8] = {0, 0, 0, 0, 0, 0, 0, 0}; + uint32_t ltree_addr[8] = {0, 0, 0, 0, 0, 0, 0, 0}; + uint32_t node_addr[8] = {0, 0, 0, 0, 0, 0, 0, 0}; + + setType(ots_addr, 0); + setType(ltree_addr, 1); + setType(node_addr, 2); + + // Extract index + idx = ((unsigned long)sig_msg[0] << 24) | ((unsigned long)sig_msg[1] << 16) | ((unsigned long)sig_msg[2] << 8) | sig_msg[3]; + printf("verify:: idx = %lu\n", idx); + + // Generate hash key (R || root || idx) + memcpy(hash_key, sig_msg+4,n); + memcpy(hash_key+n, pk, n); + to_byte(hash_key+2*n, idx, n); + + sig_msg += (n+4); + sig_msg_len -= (n+4); + + // hash message + unsigned long long tmp_sig_len = params->wots_par.keysize+params->h*n; + m_len = sig_msg_len - tmp_sig_len; + h_msg(msg_h, sig_msg + tmp_sig_len, m_len, hash_key, 3*n, n); + + //----------------------- + // Verify signature + //----------------------- + + // Prepare Address + setOTSADRS(ots_addr, idx); + // Check WOTS signature + wots_pkFromSig(wots_pk, sig_msg, msg_h, &(params->wots_par), pub_seed, ots_addr); + + sig_msg += params->wots_par.keysize; + sig_msg_len -= params->wots_par.keysize; + + // Compute Ltree + setLtreeADRS(ltree_addr, idx); + l_tree(pkhash, wots_pk, params, pub_seed, ltree_addr); + + // Compute root + validate_authpath(root, pkhash, idx, sig_msg, params, pub_seed, node_addr); + + sig_msg += params->h*n; + sig_msg_len -= params->h*n; + + for (i = 0; i < n; i++) + if (root[i] != pk[i]) + goto fail; + + *msglen = sig_msg_len; + for (i = 0; i < *msglen; i++) + msg[i] = sig_msg[i]; + + return 0; + + +fail: + *msglen = sig_msg_len; + for (i = 0; i < *msglen; i++) + msg[i] = 0; + *msglen = -1; + return -1; +} + +/* + * Generates a XMSSMT key pair for a given parameter set. + * Format sk: [(ceil(h/8) bit) idx || SK_SEED || SK_PRF || PUB_SEED || root] + * Format pk: [root || PUB_SEED] omitting algo oid. + */ +int xmssmt_keypair(unsigned char *pk, unsigned char *sk, bds_state *states, unsigned char *wots_sigs, xmssmt_params *params) +{ + unsigned int n = params->n; + unsigned int i; + unsigned char ots_seed[params->n]; + // Set idx = 0 + for (i = 0; i < params->index_len; i++) { + sk[i] = 0; + } + // Init SK_SEED (n byte), SK_PRF (n byte), and PUB_SEED (n byte) + randombytes(sk+params->index_len, 3*n); + // Copy PUB_SEED to public key + memcpy(pk+n, sk+params->index_len+2*n, n); + + // Set address to point on the single tree on layer d-1 + uint32_t addr[8] = {0, 0, 0, 0, 0, 0, 0, 0}; + setLayerADRS(addr, (params->d-1)); + // Set up state and compute wots signatures for all but topmost tree root + for (i = 0; i < params->d - 1; i++) { + // Compute seed for OTS key pair + treehash_setup(pk, params->xmss_par.h, 0, states + i, sk+params->index_len, &(params->xmss_par), pk+n, addr); + setLayerADRS(addr, (i+1)); + get_seed(ots_seed, sk+params->index_len, n, addr); + wots_sign(wots_sigs + i*params->xmss_par.wots_par.keysize, pk, ots_seed, &(params->xmss_par.wots_par), pk+n, addr); + } + treehash_setup(pk, params->xmss_par.h, 0, states + i, sk+params->index_len, &(params->xmss_par), pk+n, addr); + memcpy(sk+params->index_len+3*n, pk, n); + return 0; +} + +/** + * Signs a message. + * Returns + * 1. an array containing the signature followed by the message AND + * 2. an updated secret key! + * + */ +int xmssmt_sign(unsigned char *sk, bds_state *states, unsigned char *wots_sigs, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg, unsigned long long msglen, const xmssmt_params *params) +{ + unsigned int n = params->n; + + unsigned int tree_h = params->xmss_par.h; + unsigned int h = params->h; + unsigned int k = params->xmss_par.k; + unsigned int idx_len = params->index_len; + uint64_t idx_tree; + uint32_t idx_leaf; + uint64_t i, j; + int needswap_upto = -1; + unsigned int updates; + + unsigned char sk_seed[n]; + unsigned char sk_prf[n]; + unsigned char pub_seed[n]; + // Init working params + unsigned char R[n]; + unsigned char msg_h[n]; + unsigned char hash_key[3*n]; + unsigned char ots_seed[n]; + uint32_t addr[8] = {0, 0, 0, 0, 0, 0, 0, 0}; + uint32_t ots_addr[8] = {0, 0, 0, 0, 0, 0, 0, 0}; + unsigned char idx_bytes_32[32]; + bds_state tmp; + + // Extract SK + unsigned long long idx = 0; + for (i = 0; i < idx_len; i++) { + idx |= ((unsigned long long)sk[i]) << 8*(idx_len - 1 - i); + } + + memcpy(sk_seed, sk+idx_len, n); + memcpy(sk_prf, sk+idx_len+n, n); + memcpy(pub_seed, sk+idx_len+2*n, n); + + // Update SK + for (i = 0; i < idx_len; i++) { + sk[i] = ((idx + 1) >> 8*(idx_len - 1 - i)) & 255; + } + // -- Secret key for this non-forward-secure version is now updated. + // -- A productive implementation should use a file handle instead and write the updated secret key at this point! + + + // --------------------------------- + // Message Hashing + // --------------------------------- + + // Message Hash: + // First compute pseudorandom value + to_byte(idx_bytes_32, idx, 32); + prf(R, idx_bytes_32, sk_prf, n); + // Generate hash key (R || root || idx) + memcpy(hash_key, R, n); + memcpy(hash_key+n, sk+idx_len+3*n, n); + to_byte(hash_key+2*n, idx, n); + + // Then use it for message digest + h_msg(msg_h, msg, msglen, hash_key, 3*n, n); + + // Start collecting signature + *sig_msg_len = 0; + + // Copy index to signature + for (i = 0; i < idx_len; i++) { + sig_msg[i] = (idx >> 8*(idx_len - 1 - i)) & 255; + } + + sig_msg += idx_len; + *sig_msg_len += idx_len; + + // Copy R to signature + for (i = 0; i < n; i++) + sig_msg[i] = R[i]; + + sig_msg += n; + *sig_msg_len += n; + + // ---------------------------------- + // Now we start to "really sign" + // ---------------------------------- + + // Handle lowest layer separately as it is slightly different... + + // Prepare Address + setType(ots_addr, 0); + idx_tree = idx >> tree_h; + idx_leaf = (idx & ((1 << tree_h)-1)); + setLayerADRS(ots_addr, 0); + setTreeADRS(ots_addr, idx_tree); + setOTSADRS(ots_addr, idx_leaf); + + // Compute seed for OTS key pair + get_seed(ots_seed, sk_seed, n, ots_addr); + + // Compute WOTS signature + wots_sign(sig_msg, msg_h, ots_seed, &(params->xmss_par.wots_par), pub_seed, ots_addr); + + sig_msg += params->xmss_par.wots_par.keysize; + *sig_msg_len += params->xmss_par.wots_par.keysize; + + memcpy(sig_msg, states[0].auth, tree_h*n); + sig_msg += tree_h*n; + *sig_msg_len += tree_h*n; + + // prepare signature of remaining layers + for (i = 1; i < params->d; i++) { + // put WOTS signature in place + memcpy(sig_msg, wots_sigs + (i-1)*params->xmss_par.wots_par.keysize, params->xmss_par.wots_par.keysize); + + sig_msg += params->xmss_par.wots_par.keysize; + *sig_msg_len += params->xmss_par.wots_par.keysize; + + // put AUTH nodes in place + memcpy(sig_msg, states[i].auth, tree_h*n); + sig_msg += tree_h*n; + *sig_msg_len += tree_h*n; + } + + updates = (tree_h - k) >> 1; + + setTreeADRS(addr, (idx_tree + 1)); + // mandatory update for NEXT_0 (does not count towards h-k/2) if NEXT_0 exists + if ((1 + idx_tree) * (1 << tree_h) + idx_leaf < (1ULL << h)) { + bds_state_update(&states[params->d], sk_seed, &(params->xmss_par), pub_seed, addr); + } + + for (i = 0; i < params->d; i++) { + // check if we're not at the end of a tree + if (! (((idx + 1) & ((1ULL << ((i+1)*tree_h)) - 1)) == 0)) { + idx_leaf = (idx >> (tree_h * i)) & ((1 << tree_h)-1); + idx_tree = (idx >> (tree_h * (i+1))); + setLayerADRS(addr, i); + setTreeADRS(addr, idx_tree); + if (i == (unsigned int) (needswap_upto + 1)) { + bds_round(&states[i], idx_leaf, sk_seed, &(params->xmss_par), pub_seed, addr); + } + updates = bds_treehash_update(&states[i], updates, sk_seed, &(params->xmss_par), pub_seed, addr); + setTreeADRS(addr, (idx_tree + 1)); + // if a NEXT-tree exists for this level; + if ((1 + idx_tree) * (1 << tree_h) + idx_leaf < (1ULL << (h - tree_h * i))) { + if (i > 0 && updates > 0 && states[params->d + i].next_leaf < (1ULL << h)) { + bds_state_update(&states[params->d + i], sk_seed, &(params->xmss_par), pub_seed, addr); + updates--; + } + } + } + else if (idx < (1ULL << h) - 1) { + memcpy(&tmp, states+params->d + i, sizeof(bds_state)); + memcpy(states+params->d + i, states + i, sizeof(bds_state)); + memcpy(states + i, &tmp, sizeof(bds_state)); + + setLayerADRS(ots_addr, (i+1)); + setTreeADRS(ots_addr, ((idx + 1) >> ((i+2) * tree_h))); + setOTSADRS(ots_addr, (((idx >> ((i+1) * tree_h)) + 1) & ((1 << tree_h)-1))); + + get_seed(ots_seed, sk+params->index_len, n, ots_addr); + wots_sign(wots_sigs + i*params->xmss_par.wots_par.keysize, states[i].stack, ots_seed, &(params->xmss_par.wots_par), pub_seed, ots_addr); + + states[params->d + i].stackoffset = 0; + states[params->d + i].next_leaf = 0; + + updates--; // WOTS-signing counts as one update + needswap_upto = i; + for (j = 0; j < tree_h-k; j++) { + states[i].treehash[j].completed = 1; + } + } + } + + //Whipe secret elements? + //zerobytes(tsk, CRYPTO_SECRETKEYBYTES); + + memcpy(sig_msg, msg, msglen); + *sig_msg_len += msglen; + + return 0; +} + +/** + * Verifies a given message signature pair under a given public key. + */ +int xmssmt_sign_open(unsigned char *msg, unsigned long long *msglen, const unsigned char *sig_msg, unsigned long long sig_msg_len, const unsigned char *pk, const xmssmt_params *params) +{ + unsigned int n = params->n; + + unsigned int tree_h = params->xmss_par.h; + unsigned int idx_len = params->index_len; + uint64_t idx_tree; + uint32_t idx_leaf; + + unsigned long long i, m_len; + unsigned long long idx=0; + unsigned char wots_pk[params->xmss_par.wots_par.keysize]; + unsigned char pkhash[n]; + unsigned char root[n]; + unsigned char msg_h[n]; + unsigned char hash_key[3*n]; + + unsigned char pub_seed[n]; + memcpy(pub_seed, pk+n, n); + + // Init addresses + uint32_t ots_addr[8] = {0, 0, 0, 0, 0, 0, 0, 0}; + uint32_t ltree_addr[8] = {0, 0, 0, 0, 0, 0, 0, 0}; + uint32_t node_addr[8] = {0, 0, 0, 0, 0, 0, 0, 0}; + + // Extract index + for (i = 0; i < idx_len; i++) { + idx |= ((unsigned long long)sig_msg[i]) << (8*(idx_len - 1 - i)); + } + printf("verify:: idx = %llu\n", idx); + sig_msg += idx_len; + sig_msg_len -= idx_len; + + // Generate hash key (R || root || idx) + memcpy(hash_key, sig_msg,n); + memcpy(hash_key+n, pk, n); + to_byte(hash_key+2*n, idx, n); + + sig_msg += n; + sig_msg_len -= n; + + + // hash message (recall, R is now on pole position at sig_msg + unsigned long long tmp_sig_len = (params->d * params->xmss_par.wots_par.keysize) + (params->h * n); + m_len = sig_msg_len - tmp_sig_len; + h_msg(msg_h, sig_msg + tmp_sig_len, m_len, hash_key, 3*n, n); + + + //----------------------- + // Verify signature + //----------------------- + + // Prepare Address + idx_tree = idx >> tree_h; + idx_leaf = (idx & ((1 << tree_h)-1)); + setLayerADRS(ots_addr, 0); + setTreeADRS(ots_addr, idx_tree); + setType(ots_addr, 0); + + memcpy(ltree_addr, ots_addr, 12); + setType(ltree_addr, 1); + + memcpy(node_addr, ltree_addr, 12); + setType(node_addr, 2); + + setOTSADRS(ots_addr, idx_leaf); + + // Check WOTS signature + wots_pkFromSig(wots_pk, sig_msg, msg_h, &(params->xmss_par.wots_par), pub_seed, ots_addr); + + sig_msg += params->xmss_par.wots_par.keysize; + sig_msg_len -= params->xmss_par.wots_par.keysize; + + // Compute Ltree + setLtreeADRS(ltree_addr, idx_leaf); + l_tree(pkhash, wots_pk, &(params->xmss_par), pub_seed, ltree_addr); + + // Compute root + validate_authpath(root, pkhash, idx_leaf, sig_msg, &(params->xmss_par), pub_seed, node_addr); + + sig_msg += tree_h*n; + sig_msg_len -= tree_h*n; + + for (i = 1; i < params->d; i++) { + // Prepare Address + idx_leaf = (idx_tree & ((1 << tree_h)-1)); + idx_tree = idx_tree >> tree_h; + + setLayerADRS(ots_addr, i); + setTreeADRS(ots_addr, idx_tree); + setType(ots_addr, 0); + + memcpy(ltree_addr, ots_addr, 12); + setType(ltree_addr, 1); + + memcpy(node_addr, ltree_addr, 12); + setType(node_addr, 2); + + setOTSADRS(ots_addr, idx_leaf); + + // Check WOTS signature + wots_pkFromSig(wots_pk, sig_msg, root, &(params->xmss_par.wots_par), pub_seed, ots_addr); + + sig_msg += params->xmss_par.wots_par.keysize; + sig_msg_len -= params->xmss_par.wots_par.keysize; + + // Compute Ltree + setLtreeADRS(ltree_addr, idx_leaf); + l_tree(pkhash, wots_pk, &(params->xmss_par), pub_seed, ltree_addr); + + // Compute root + validate_authpath(root, pkhash, idx_leaf, sig_msg, &(params->xmss_par), pub_seed, node_addr); + + sig_msg += tree_h*n; + sig_msg_len -= tree_h*n; + + } + + for (i = 0; i < n; i++) + if (root[i] != pk[i]) + goto fail; + + *msglen = sig_msg_len; + for (i = 0; i < *msglen; i++) + msg[i] = sig_msg[i]; + + return 0; + + +fail: + *msglen = sig_msg_len; + for (i = 0; i < *msglen; i++) + msg[i] = 0; + *msglen = -1; + return -1; +} +#endif /* WITH_XMSS */ diff --git a/xmss_fast.h b/xmss_fast.h new file mode 100644 index 000000000000..2ffba7057baf --- /dev/null +++ b/xmss_fast.h @@ -0,0 +1,111 @@ +#ifdef WITH_XMSS +/* $OpenBSD: xmss_fast.h,v 1.2 2018/02/26 03:56:44 dtucker Exp $ */ +/* +xmss_fast.h version 20160722 +Andreas Hülsing +Joost Rijneveld +Public domain. +*/ + +#include "xmss_wots.h" + +#ifndef XMSS_H +#define XMSS_H +typedef struct{ + unsigned int level; + unsigned long long subtree; + unsigned int subleaf; +} leafaddr; + +typedef struct{ + wots_params wots_par; + unsigned int n; + unsigned int h; + unsigned int k; +} xmss_params; + +typedef struct{ + xmss_params xmss_par; + unsigned int n; + unsigned int h; + unsigned int d; + unsigned int index_len; +} xmssmt_params; + +typedef struct{ + unsigned int h; + unsigned int next_idx; + unsigned int stackusage; + unsigned char completed; + unsigned char *node; +} treehash_inst; + +typedef struct { + unsigned char *stack; + unsigned int stackoffset; + unsigned char *stacklevels; + unsigned char *auth; + unsigned char *keep; + treehash_inst *treehash; + unsigned char *retain; + unsigned int next_leaf; +} bds_state; + +/** + * Initialize BDS state struct + * parameter names are the same as used in the description of the BDS traversal + */ +void xmss_set_bds_state(bds_state *state, unsigned char *stack, int stackoffset, unsigned char *stacklevels, unsigned char *auth, unsigned char *keep, treehash_inst *treehash, unsigned char *retain, int next_leaf); +/** + * Initializes parameter set. + * Needed, for any of the other methods. + */ +int xmss_set_params(xmss_params *params, int n, int h, int w, int k); +/** + * Initialize xmssmt_params struct + * parameter names are the same as in the draft + * + * Especially h is the total tree height, i.e. the XMSS trees have height h/d + */ +int xmssmt_set_params(xmssmt_params *params, int n, int h, int d, int w, int k); +/** + * Generates a XMSS key pair for a given parameter set. + * Format sk: [(32bit) idx || SK_SEED || SK_PRF || PUB_SEED || root] + * Format pk: [root || PUB_SEED] omitting algo oid. + */ +int xmss_keypair(unsigned char *pk, unsigned char *sk, bds_state *state, xmss_params *params); +/** + * Signs a message. + * Returns + * 1. an array containing the signature followed by the message AND + * 2. an updated secret key! + * + */ +int xmss_sign(unsigned char *sk, bds_state *state, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg,unsigned long long msglen, const xmss_params *params); +/** + * Verifies a given message signature pair under a given public key. + * + * Note: msg and msglen are pure outputs which carry the message in case verification succeeds. The (input) message is assumed to be within sig_msg which has the form (sig||msg). + */ +int xmss_sign_open(unsigned char *msg,unsigned long long *msglen, const unsigned char *sig_msg,unsigned long long sig_msg_len, const unsigned char *pk, const xmss_params *params); + +/* + * Generates a XMSSMT key pair for a given parameter set. + * Format sk: [(ceil(h/8) bit) idx || SK_SEED || SK_PRF || PUB_SEED || root] + * Format pk: [root || PUB_SEED] omitting algo oid. + */ +int xmssmt_keypair(unsigned char *pk, unsigned char *sk, bds_state *states, unsigned char *wots_sigs, xmssmt_params *params); +/** + * Signs a message. + * Returns + * 1. an array containing the signature followed by the message AND + * 2. an updated secret key! + * + */ +int xmssmt_sign(unsigned char *sk, bds_state *state, unsigned char *wots_sigs, unsigned char *sig_msg, unsigned long long *sig_msg_len, const unsigned char *msg, unsigned long long msglen, const xmssmt_params *params); +/** + * Verifies a given message signature pair under a given public key. + */ +int xmssmt_sign_open(unsigned char *msg, unsigned long long *msglen, const unsigned char *sig_msg, unsigned long long sig_msg_len, const unsigned char *pk, const xmssmt_params *params); +#endif +#endif /* WITH_XMSS */ diff --git a/xmss_hash.c b/xmss_hash.c new file mode 100644 index 000000000000..b9eee7cff293 --- /dev/null +++ b/xmss_hash.c @@ -0,0 +1,140 @@ +/* $OpenBSD: xmss_hash.c,v 1.2 2018/02/26 03:56:44 dtucker Exp $ */ +/* +hash.c version 20160722 +Andreas Hülsing +Joost Rijneveld +Public domain. +*/ + +#include "includes.h" +#ifdef WITH_XMSS + +#include "xmss_hash_address.h" +#include "xmss_commons.h" +#include "xmss_hash.h" + +#include +#ifdef HAVE_STDINT_H +#include +#endif +#include +#include +#include +#include +#include + +int core_hash_SHA2(unsigned char *, const unsigned int, const unsigned char *, + unsigned int, const unsigned char *, unsigned long long, unsigned int); + +unsigned char* addr_to_byte(unsigned char *bytes, const uint32_t addr[8]){ +#if IS_LITTLE_ENDIAN==1 + int i = 0; + for(i=0;i<8;i++) + to_byte(bytes+i*4, addr[i],4); + return bytes; +#else + memcpy(bytes, addr, 32); + return bytes; +#endif +} + +int core_hash_SHA2(unsigned char *out, const unsigned int type, const unsigned char *key, unsigned int keylen, const unsigned char *in, unsigned long long inlen, unsigned int n){ + unsigned long long i = 0; + unsigned char buf[inlen + n + keylen]; + + // Input is (toByte(X, 32) || KEY || M) + + // set toByte + to_byte(buf, type, n); + + for (i=0; i < keylen; i++) { + buf[i+n] = key[i]; + } + + for (i=0; i < inlen; i++) { + buf[keylen + n + i] = in[i]; + } + + if (n == 32) { + SHA256(buf, inlen + keylen + n, out); + return 0; + } + else { + if (n == 64) { + SHA512(buf, inlen + keylen + n, out); + return 0; + } + } + return 1; +} + +/** + * Implements PRF + */ +int prf(unsigned char *out, const unsigned char *in, const unsigned char *key, unsigned int keylen) +{ + return core_hash_SHA2(out, 3, key, keylen, in, 32, keylen); +} + +/* + * Implemts H_msg + */ +int h_msg(unsigned char *out, const unsigned char *in, unsigned long long inlen, const unsigned char *key, const unsigned int keylen, const unsigned int n) +{ + if (keylen != 3*n){ + // H_msg takes 3n-bit keys, but n does not match the keylength of keylen + return -1; + } + return core_hash_SHA2(out, 2, key, keylen, in, inlen, n); +} + +/** + * We assume the left half is in in[0]...in[n-1] + */ +int hash_h(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n) +{ + + unsigned char buf[2*n]; + unsigned char key[n]; + unsigned char bitmask[2*n]; + unsigned char byte_addr[32]; + unsigned int i; + + setKeyAndMask(addr, 0); + addr_to_byte(byte_addr, addr); + prf(key, byte_addr, pub_seed, n); + // Use MSB order + setKeyAndMask(addr, 1); + addr_to_byte(byte_addr, addr); + prf(bitmask, byte_addr, pub_seed, n); + setKeyAndMask(addr, 2); + addr_to_byte(byte_addr, addr); + prf(bitmask+n, byte_addr, pub_seed, n); + for (i = 0; i < 2*n; i++) { + buf[i] = in[i] ^ bitmask[i]; + } + return core_hash_SHA2(out, 1, key, n, buf, 2*n, n); +} + +int hash_f(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n) +{ + unsigned char buf[n]; + unsigned char key[n]; + unsigned char bitmask[n]; + unsigned char byte_addr[32]; + unsigned int i; + + setKeyAndMask(addr, 0); + addr_to_byte(byte_addr, addr); + prf(key, byte_addr, pub_seed, n); + + setKeyAndMask(addr, 1); + addr_to_byte(byte_addr, addr); + prf(bitmask, byte_addr, pub_seed, n); + + for (i = 0; i < n; i++) { + buf[i] = in[i] ^ bitmask[i]; + } + return core_hash_SHA2(out, 0, key, n, buf, n, n); +} +#endif /* WITH_XMSS */ diff --git a/xmss_hash.h b/xmss_hash.h new file mode 100644 index 000000000000..d19c62152add --- /dev/null +++ b/xmss_hash.h @@ -0,0 +1,22 @@ +#ifdef WITH_XMSS +/* $OpenBSD: xmss_hash.h,v 1.2 2018/02/26 03:56:44 dtucker Exp $ */ +/* +hash.h version 20160722 +Andreas Hülsing +Joost Rijneveld +Public domain. +*/ + +#ifndef HASH_H +#define HASH_H + +#define IS_LITTLE_ENDIAN 1 + +unsigned char* addr_to_byte(unsigned char *bytes, const uint32_t addr[8]); +int prf(unsigned char *out, const unsigned char *in, const unsigned char *key, unsigned int keylen); +int h_msg(unsigned char *out,const unsigned char *in,unsigned long long inlen, const unsigned char *key, const unsigned int keylen, const unsigned int n); +int hash_h(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n); +int hash_f(unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8], const unsigned int n); + +#endif +#endif /* WITH_XMSS */ diff --git a/xmss_hash_address.c b/xmss_hash_address.c new file mode 100644 index 000000000000..c6c1347e9267 --- /dev/null +++ b/xmss_hash_address.c @@ -0,0 +1,66 @@ +/* $OpenBSD: xmss_hash_address.c,v 1.2 2018/02/26 03:56:44 dtucker Exp $ */ +/* +hash_address.c version 20160722 +Andreas Hülsing +Joost Rijneveld +Public domain. +*/ +#include "includes.h" +#ifdef WITH_XMSS + +#ifdef HAVE_STDINT_H +#include +#endif +#include "xmss_hash_address.h" /* prototypes */ + +void setLayerADRS(uint32_t adrs[8], uint32_t layer){ + adrs[0] = layer; +} + +void setTreeADRS(uint32_t adrs[8], uint64_t tree){ + adrs[1] = (uint32_t) (tree >> 32); + adrs[2] = (uint32_t) tree; +} + +void setType(uint32_t adrs[8], uint32_t type){ + adrs[3] = type; + int i; + for(i = 4; i < 8; i++){ + adrs[i] = 0; + } +} + +void setKeyAndMask(uint32_t adrs[8], uint32_t keyAndMask){ + adrs[7] = keyAndMask; +} + +// OTS + +void setOTSADRS(uint32_t adrs[8], uint32_t ots){ + adrs[4] = ots; +} + +void setChainADRS(uint32_t adrs[8], uint32_t chain){ + adrs[5] = chain; +} + +void setHashADRS(uint32_t adrs[8], uint32_t hash){ + adrs[6] = hash; +} + +// L-tree + +void setLtreeADRS(uint32_t adrs[8], uint32_t ltree){ + adrs[4] = ltree; +} + +// Hash Tree & L-tree + +void setTreeHeight(uint32_t adrs[8], uint32_t treeHeight){ + adrs[5] = treeHeight; +} + +void setTreeIndex(uint32_t adrs[8], uint32_t treeIndex){ + adrs[6] = treeIndex; +} +#endif /* WITH_XMSS */ diff --git a/xmss_hash_address.h b/xmss_hash_address.h new file mode 100644 index 000000000000..66bb4cc4d5fa --- /dev/null +++ b/xmss_hash_address.h @@ -0,0 +1,40 @@ +#ifdef WITH_XMSS +/* $OpenBSD: xmss_hash_address.h,v 1.2 2018/02/26 03:56:44 dtucker Exp $ */ +/* +hash_address.h version 20160722 +Andreas Hülsing +Joost Rijneveld +Public domain. +*/ + +#ifdef HAVE_STDINT_H +#include +#endif + +void setLayerADRS(uint32_t adrs[8], uint32_t layer); + +void setTreeADRS(uint32_t adrs[8], uint64_t tree); + +void setType(uint32_t adrs[8], uint32_t type); + +void setKeyAndMask(uint32_t adrs[8], uint32_t keyAndMask); + +// OTS + +void setOTSADRS(uint32_t adrs[8], uint32_t ots); + +void setChainADRS(uint32_t adrs[8], uint32_t chain); + +void setHashADRS(uint32_t adrs[8], uint32_t hash); + +// L-tree + +void setLtreeADRS(uint32_t adrs[8], uint32_t ltree); + +// Hash Tree & L-tree + +void setTreeHeight(uint32_t adrs[8], uint32_t treeHeight); + +void setTreeIndex(uint32_t adrs[8], uint32_t treeIndex); + +#endif /* WITH_XMSS */ diff --git a/xmss_wots.c b/xmss_wots.c new file mode 100644 index 000000000000..b4702ed8d880 --- /dev/null +++ b/xmss_wots.c @@ -0,0 +1,192 @@ +/* $OpenBSD: xmss_wots.c,v 1.2 2018/02/26 03:56:44 dtucker Exp $ */ +/* +wots.c version 20160722 +Andreas Hülsing +Joost Rijneveld +Public domain. +*/ + +#include "includes.h" +#ifdef WITH_XMSS + +#include +#ifdef HAVE_STDINT_H +#include +#endif +#include +#include "xmss_commons.h" +#include "xmss_hash.h" +#include "xmss_wots.h" +#include "xmss_hash_address.h" + + +/* libm-free version of log2() for wots */ +static inline int +wots_log2(uint32_t v) +{ + int b; + + for (b = sizeof (v) * CHAR_BIT - 1; b >= 0; b--) { + if ((1U << b) & v) { + return b; + } + } + return 0; +} + +void +wots_set_params(wots_params *params, int n, int w) +{ + params->n = n; + params->w = w; + params->log_w = wots_log2(params->w); + params->len_1 = (CHAR_BIT * n) / params->log_w; + params->len_2 = (wots_log2(params->len_1 * (w - 1)) / params->log_w) + 1; + params->len = params->len_1 + params->len_2; + params->keysize = params->len * params->n; +} + +/** + * Helper method for pseudorandom key generation + * Expands an n-byte array into a len*n byte array + * this is done using PRF + */ +static void expand_seed(unsigned char *outseeds, const unsigned char *inseed, const wots_params *params) +{ + uint32_t i = 0; + unsigned char ctr[32]; + for(i = 0; i < params->len; i++){ + to_byte(ctr, i, 32); + prf((outseeds + (i*params->n)), ctr, inseed, params->n); + } +} + +/** + * Computes the chaining function. + * out and in have to be n-byte arrays + * + * interpretes in as start-th value of the chain + * addr has to contain the address of the chain + */ +static void gen_chain(unsigned char *out, const unsigned char *in, unsigned int start, unsigned int steps, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8]) +{ + uint32_t i, j; + for (j = 0; j < params->n; j++) + out[j] = in[j]; + + for (i = start; i < (start+steps) && i < params->w; i++) { + setHashADRS(addr, i); + hash_f(out, out, pub_seed, addr, params->n); + } +} + +/** + * base_w algorithm as described in draft. + * + * + */ +static void base_w(int *output, const int out_len, const unsigned char *input, const wots_params *params) +{ + int in = 0; + int out = 0; + uint32_t total = 0; + int bits = 0; + int consumed = 0; + + for (consumed = 0; consumed < out_len; consumed++) { + if (bits == 0) { + total = input[in]; + in++; + bits += 8; + } + bits -= params->log_w; + output[out] = (total >> bits) & (params->w - 1); + out++; + } +} + +void wots_pkgen(unsigned char *pk, const unsigned char *sk, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8]) +{ + uint32_t i; + expand_seed(pk, sk, params); + for (i=0; i < params->len; i++) { + setChainADRS(addr, i); + gen_chain(pk+i*params->n, pk+i*params->n, 0, params->w-1, params, pub_seed, addr); + } +} + + +int wots_sign(unsigned char *sig, const unsigned char *msg, const unsigned char *sk, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8]) +{ + //int basew[params->len]; + int csum = 0; + uint32_t i = 0; + int *basew = calloc(params->len, sizeof(int)); + if (basew == NULL) + return -1; + + base_w(basew, params->len_1, msg, params); + + for (i=0; i < params->len_1; i++) { + csum += params->w - 1 - basew[i]; + } + + csum = csum << (8 - ((params->len_2 * params->log_w) % 8)); + + int len_2_bytes = ((params->len_2 * params->log_w) + 7) / 8; + + unsigned char csum_bytes[len_2_bytes]; + to_byte(csum_bytes, csum, len_2_bytes); + + int csum_basew[params->len_2]; + base_w(csum_basew, params->len_2, csum_bytes, params); + + for (i = 0; i < params->len_2; i++) { + basew[params->len_1 + i] = csum_basew[i]; + } + + expand_seed(sig, sk, params); + + for (i = 0; i < params->len; i++) { + setChainADRS(addr, i); + gen_chain(sig+i*params->n, sig+i*params->n, 0, basew[i], params, pub_seed, addr); + } + free(basew); + return 0; +} + +int wots_pkFromSig(unsigned char *pk, const unsigned char *sig, const unsigned char *msg, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8]) +{ + int csum = 0; + uint32_t i = 0; + int *basew = calloc(params->len, sizeof(int)); + if (basew == NULL) + return -1; + + base_w(basew, params->len_1, msg, params); + + for (i=0; i < params->len_1; i++) { + csum += params->w - 1 - basew[i]; + } + + csum = csum << (8 - ((params->len_2 * params->log_w) % 8)); + + int len_2_bytes = ((params->len_2 * params->log_w) + 7) / 8; + + unsigned char csum_bytes[len_2_bytes]; + to_byte(csum_bytes, csum, len_2_bytes); + + int csum_basew[params->len_2]; + base_w(csum_basew, params->len_2, csum_bytes, params); + + for (i = 0; i < params->len_2; i++) { + basew[params->len_1 + i] = csum_basew[i]; + } + for (i=0; i < params->len; i++) { + setChainADRS(addr, i); + gen_chain(pk+i*params->n, sig+i*params->n, basew[i], params->w-1-basew[i], params, pub_seed, addr); + } + free(basew); + return 0; +} +#endif /* WITH_XMSS */ diff --git a/xmss_wots.h b/xmss_wots.h new file mode 100644 index 000000000000..1eebf3b215df --- /dev/null +++ b/xmss_wots.h @@ -0,0 +1,64 @@ +#ifdef WITH_XMSS +/* $OpenBSD: xmss_wots.h,v 1.3 2018/02/26 12:14:53 dtucker Exp $ */ +/* +wots.h version 20160722 +Andreas Hülsing +Joost Rijneveld +Public domain. +*/ + +#ifndef WOTS_H +#define WOTS_H + +#ifdef HAVE_STDINT_H +#include "stdint.h" +#endif + +/** + * WOTS parameter set + * + * Meaning as defined in draft-irtf-cfrg-xmss-hash-based-signatures-02 + */ +typedef struct { + uint32_t len_1; + uint32_t len_2; + uint32_t len; + uint32_t n; + uint32_t w; + uint32_t log_w; + uint32_t keysize; +} wots_params; + +/** + * Set the WOTS parameters, + * only m, n, w are required as inputs, + * len, len_1, and len_2 are computed from those. + * + * Assumes w is a power of 2 + */ +void wots_set_params(wots_params *params, int n, int w); + +/** + * WOTS key generation. Takes a 32byte seed for the secret key, expands it to a full WOTS secret key and computes the corresponding public key. + * For this it takes the seed pub_seed which is used to generate bitmasks and hash keys and the address of this WOTS key pair addr + * + * params, must have been initialized before using wots_set params for params ! This is not done in this function + * + * Places the computed public key at address pk. + */ +void wots_pkgen(unsigned char *pk, const unsigned char *sk, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8]); + +/** + * Takes a m-byte message and the 32-byte seed for the secret key to compute a signature that is placed at "sig". + * + */ +int wots_sign(unsigned char *sig, const unsigned char *msg, const unsigned char *sk, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8]); + +/** + * Takes a WOTS signature, a m-byte message and computes a WOTS public key that it places at pk. + * + */ +int wots_pkFromSig(unsigned char *pk, const unsigned char *sig, const unsigned char *msg, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8]); + +#endif +#endif /* WITH_XMSS */ -- cgit v1.3