From d46065df2d60bfbd08939733bd79b2a440d6fbc8 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Dag-Erling=20Sm=C3=B8rgrav?= Date: Tue, 28 Aug 2018 10:47:58 +0000 Subject: [PATCH] Vendor import of OpenSSH 7.8p1. --- .depend | 347 +- .skipped-commit-ids | 2 + ChangeLog | 12255 ++++++++++---------- INSTALL | 12 +- Makefile.in | 31 +- OVERVIEW | 15 +- PROTOCOL | 37 +- PROTOCOL.certkeys | 22 +- PROTOCOL.chacha20poly1305 | 4 +- PROTOCOL.krl | 4 +- README | 2 +- README.platform | 2 +- TODO | 6 +- aclocal.m4 | 15 +- addrmatch.c | 25 +- audit-bsm.c | 1 - audit.c | 2 +- auth-bsdauth.c | 6 +- auth-krb5.c | 6 +- auth-options.c | 154 +- auth-options.h | 6 +- auth-pam.c | 264 +- auth-passwd.c | 23 +- auth-rhosts.c | 6 +- auth-shadow.c | 23 +- auth-sia.c | 1 - auth-skey.c | 1 - auth.c | 63 +- auth.h | 8 +- auth2-chall.c | 83 +- auth2-gss.c | 107 +- auth2-hostbased.c | 16 +- auth2-kbdint.c | 14 +- auth2-none.c | 3 +- auth2-passwd.c | 3 +- auth2-pubkey.c | 68 +- auth2.c | 81 +- authfd.c | 28 +- authfd.h | 4 +- authfile.c | 24 +- bufaux.c | 259 - bufbn.c | 69 - bufec.c | 74 - buffer.c | 118 - buffer.h | 95 - channels.c | 495 +- channels.h | 26 +- cipher.c | 2 + clientloop.c | 236 +- clientloop.h | 4 +- compat.c | 47 +- compat.h | 4 +- config.h.in | 19 +- configure | 206 +- configure.ac | 85 +- contrib/aix/buildbff.sh | 16 +- contrib/cygwin/ssh-host-config | 2 +- contrib/cygwin/ssh-user-config | 2 +- contrib/redhat/openssh.spec | 2 +- contrib/solaris/README | 2 +- contrib/suse/openssh.spec | 6 +- defines.h | 6 - dh.c | 18 +- entropy.c | 32 +- entropy.h | 7 +- gss-genr.c | 61 +- gss-serv-krb5.c | 5 +- gss-serv.c | 5 +- hostfile.c | 15 +- kex.c | 110 +- kex.h | 11 +- kexdhs.c | 4 +- kexgexs.c | 4 +- key.c | 236 - key.h | 69 - log.c | 8 +- log.h | 3 +- loginrec.c | 7 +- match.c | 36 +- match.h | 5 +- misc.c | 67 +- misc.h | 5 +- moduli | 843 +- moduli.0 | 2 +- monitor.c | 679 +- monitor.h | 10 +- monitor_wrap.c | 726 +- monitor_wrap.h | 10 +- msg.c | 4 +- mux.c | 932 +- myproposal.h | 4 +- opacket.c | 2 + opacket.h | 4 +- openbsd-compat/Makefile.in | 1 + openbsd-compat/arc4random.c | 16 +- openbsd-compat/bcrypt_pbkdf.c | 2 +- openbsd-compat/bsd-closefrom.c | 2 +- openbsd-compat/bsd-cygwin_util.c | 1 + openbsd-compat/bsd-cygwin_util.h | 2 +- openbsd-compat/bsd-getline.c | 113 + openbsd-compat/bsd-misc.c | 1 + openbsd-compat/bsd-nextstep.h | 2 +- openbsd-compat/bsd-snprintf.c | 2 +- openbsd-compat/bsd-waitpid.h | 2 +- openbsd-compat/explicit_bzero.c | 2 +- openbsd-compat/fmt_scaled.c | 9 +- openbsd-compat/freezero.c | 1 + openbsd-compat/openbsd-compat.h | 4 + openbsd-compat/port-aix.c | 24 +- openbsd-compat/port-aix.h | 7 +- openbsd-compat/port-uw.c | 4 +- openbsd-compat/sha2.c | 2 +- openbsd-compat/strndup.c | 2 +- openbsd-compat/strnlen.c | 2 +- openbsd-compat/sys-queue.h | 5 + packet.c | 60 +- packet.h | 7 +- platform.c | 3 +- readconf.c | 190 +- readconf.h | 8 +- readpass.c | 3 +- regress/Makefile | 3 +- regress/allow-deny-users.sh | 12 +- regress/authinfo.sh | 2 +- regress/cert-file.sh | 6 +- regress/cert-hostkey.sh | 9 +- regress/cfgmatchlisten.sh | 202 + regress/cfgparse.sh | 6 +- regress/forward-control.sh | 77 +- regress/forwarding.sh | 3 +- regress/key-options.sh | 5 +- regress/keygen-knownhosts.sh | 35 +- regress/mkdtemp.c | 61 + regress/multiplex.sh | 3 +- regress/rekey.sh | 12 +- regress/setuid-allowed.c | 1 + regress/sshcfgparse.sh | 62 +- regress/test-exec.sh | 32 +- regress/unittests/hostkeys/test_iterate.c | 37 +- regress/unittests/match/tests.c | 4 +- regress/unittests/sshkey/test_sshkey.c | 5 +- regress/valgrind-unit.sh | 6 +- sandbox-seccomp-filter.c | 15 + sandbox-systrace.c | 1 + scp.0 | 4 +- scp.1 | 6 +- scp.c | 6 +- servconf.c | 288 +- servconf.h | 24 +- serverloop.c | 33 +- session.c | 240 +- sftp-client.c | 26 +- sftp-server.0 | 2 +- sftp-server.c | 8 +- sftp.0 | 22 +- sftp.1 | 22 +- sftp.c | 29 +- ssh-add.0 | 2 +- ssh-agent.0 | 2 +- ssh-agent.c | 63 +- ssh-gss.h | 8 +- ssh-keygen.0 | 24 +- ssh-keygen.1 | 24 +- ssh-keygen.c | 40 +- ssh-keyscan.0 | 2 +- ssh-keyscan.c | 12 +- ssh-keysign.0 | 2 +- ssh-keysign.c | 10 +- ssh-pkcs11-client.c | 136 +- ssh-pkcs11-helper.0 | 2 +- ssh-rsa.c | 60 +- ssh.0 | 14 +- ssh.1 | 14 +- ssh.c | 321 +- ssh.h | 9 +- ssh_api.h | 4 +- ssh_config.0 | 82 +- ssh_config.5 | 77 +- sshbuf.c | 22 +- sshbuf.h | 11 +- sshconnect.c | 69 +- sshconnect.h | 24 +- sshconnect2.c | 850 +- sshd.0 | 38 +- sshd.8 | 42 +- sshd.c | 232 +- sshd_config | 3 +- sshd_config.0 | 120 +- sshd_config.5 | 113 +- ssherr.c | 4 +- ssherr.h | 3 +- sshkey-xmss.c | 8 +- sshkey.c | 104 +- sshkey.h | 5 +- sshlogin.c | 22 +- ttymodes.c | 129 +- uidswap.c | 39 +- uidswap.h | 3 +- umac.c | 14 +- utf8.c | 13 +- version.h | 4 +- xmss_wots.c | 4 +- 202 files changed, 12508 insertions(+), 11535 deletions(-) delete mode 100644 bufaux.c delete mode 100644 bufbn.c delete mode 100644 bufec.c delete mode 100644 buffer.c delete mode 100644 buffer.h delete mode 100644 key.c delete mode 100644 key.h create mode 100644 openbsd-compat/bsd-getline.c create mode 100644 regress/cfgmatchlisten.sh create mode 100644 regress/mkdtemp.c diff --git a/.depend b/.depend index 0893a87ab02..7cc0bfdc80a 100644 --- a/.depend +++ b/.depend @@ -1,182 +1,175 @@ # DO NOT DELETE -addrmatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h match.h log.h -atomicio.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h atomicio.h -audit-bsm.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -audit-linux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -audit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -auth-bsdauth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -auth-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h ssh.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h misc.h servconf.h uidswap.h key.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h -auth-options.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h log.h misc.h sshkey.h match.h ssh2.h auth-options.h -auth-pam.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -auth-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h misc.h servconf.h key.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h -auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h uidswap.h pathnames.h log.h misc.h key.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h -auth-shadow.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -auth-sia.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -auth-skey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -auth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h match.h groupaccess.h log.h misc.h servconf.h key.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h canohost.h uidswap.h packet.h openbsd-compat/sys-queue.h -auth.o: dispatch.h opacket.h authfile.h monitor_wrap.h ssherr.h compat.h channels.h -auth2-chall.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h ssh2.h key.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h misc.h servconf.h -auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h canohost.h -auth2-hostbased.o: monitor_wrap.h pathnames.h ssherr.h match.h -auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h key.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h misc.h servconf.h -auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h misc.h servconf.h compat.h ssh2.h ssherr.h -auth2-none.o: monitor_wrap.h -auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h -auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h uidswap.h +addrmatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h match.h log.h +atomicio.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h +audit-bsm.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +audit-linux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +audit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +auth-bsdauth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +auth-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h sshbuf.h sshkey.h misc.h servconf.h uidswap.h hostfile.h auth.h auth-pam.h audit.h loginrec.h +auth-options.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h log.h sshbuf.h misc.h sshkey.h match.h ssh2.h auth-options.h +auth-pam.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +auth-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h sshbuf.h ssherr.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h +auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h uidswap.h pathnames.h log.h misc.h sshbuf.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h +auth-shadow.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +auth-sia.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +auth-skey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +auth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h groupaccess.h log.h sshbuf.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h canohost.h uidswap.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h +auth.o: authfile.h monitor_wrap.h ssherr.h compat.h channels.h +auth2-chall.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssherr.h log.h misc.h servconf.h +auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h sshbuf.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h canohost.h monitor_wrap.h +auth2-hostbased.o: pathnames.h ssherr.h match.h +auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h misc.h servconf.h ssherr.h +auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h misc.h servconf.h compat.h ssh2.h ssherr.h monitor_wrap.h +auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h +auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h sshbuf.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h uidswap.h auth2-pubkey.o: auth-options.h canohost.h monitor_wrap.h authfile.h match.h ssherr.h channels.h session.h -auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h misc.h servconf.h compat.h key.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h -auth2.o: monitor_wrap.h ssherr.h -authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h ssh.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h compat.h log.h atomicio.h misc.h ssherr.h -authfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh.h log.h authfile.h misc.h atomicio.h sshkey.h ssherr.h krl.h -bitmap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h bitmap.h -bufaux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h log.h ssherr.h -bufbn.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -bufec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h log.h ssherr.h -buffer.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h log.h ssherr.h -canohost.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h canohost.h misc.h -chacha.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h chacha.h -channels.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h ssherr.h packet.h dispatch.h opacket.h log.h misc.h channels.h compat.h canohost.h key.h sshkey.h authfd.h pathnames.h -cipher-aes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/openssl-compat.h -cipher-aesctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h cipher-aesctr.h rijndael.h -cipher-chachapoly.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h log.h ssherr.h cipher-chachapoly.h chacha.h poly1305.h -cipher-ctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -cipher.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h misc.h ssherr.h digest.h openbsd-compat/openssl-compat.h -cleanup.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h log.h -clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h opacket.h compat.h channels.h key.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h -clientloop.o: kex.h mac.h myproposal.h log.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h ssherr.h hostfile.h -compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h compat.h log.h match.h kex.h mac.h key.h sshkey.h -crc32.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h crc32.h -dh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -digest-libc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ssherr.h digest.h -digest-openssl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ssh2.h log.h dispatch.h packet.h openbsd-compat/sys-queue.h opacket.h compat.h ssherr.h -dns.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h sshkey.h ssherr.h dns.h log.h digest.h -ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h crypto_api.h ge25519.h fe25519.h sc25519.h -entropy.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -fatal.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h log.h -fe25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h fe25519.h crypto_api.h -ge25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h fe25519.h crypto_api.h sc25519.h ge25519.h ge25519_base.data -groupaccess.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h groupaccess.h match.h log.h -gss-genr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -gss-serv-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -gss-serv.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -hash.o: crypto_api.h includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h digest.h log.h ssherr.h -hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h digest.h hmac.h -hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h match.h sshkey.h hostfile.h log.h misc.h ssherr.h digest.h hmac.h -kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h key.h log.h match.h misc.h -kex.o: monitor.h ssherr.h digest.h -kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h key.h log.h digest.h ssherr.h -kexc25519c.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h key.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssh2.h digest.h ssherr.h -kexc25519s.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h kex.h mac.h key.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssh2.h ssherr.h -kexdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -kexdhc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -kexdhs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -kexecdhc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -kexecdhs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -kexgex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -kexgexc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -kexgexs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -key.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h key.h sshkey.h compat.h ssherr.h log.h authfile.h -krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h krl.h -log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h log.h -loginrec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h key.h sshkey.h hostfile.h ssh.h loginrec.h log.h atomicio.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h canohost.h auth.h auth-pam.h audit.h -logintest.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h loginrec.h -mac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h digest.h hmac.h umac.h mac.h misc.h ssherr.h openbsd-compat/openssl-compat.h -match.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h match.h misc.h -md5crypt.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h misc.h log.h ssh.h ssherr.h uidswap.h -moduli.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h atomicio.h xmalloc.h ssh.h key.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h chacha.h poly1305.h -monitor.o: cipher-aesctr.h rijndael.h kex.h mac.h dh.h packet.h dispatch.h opacket.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h ssherr.h -monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h log.h monitor_fdpass.h -monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h ssh.h key.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h hostfile.h auth.h auth-pam.h audit.h -monitor_wrap.o: loginrec.h auth-options.h packet.h dispatch.h opacket.h log.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h ssherr.h -msg.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ssherr.h log.h atomicio.h msg.h misc.h -mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h log.h ssh.h ssh2.h pathnames.h misc.h match.h channels.h msg.h packet.h dispatch.h opacket.h monitor_fdpass.h sshpty.h key.h sshkey.h readconf.h clientloop.h -mux.o: ssherr.h -nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h ssh2.h ssherr.h packet.h dispatch.h opacket.h channels.h compat.h log.h -opacket.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ssherr.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h -packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h key.h sshkey.h xmalloc.h crc32.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h digest.h log.h canohost.h misc.h -packet.o: channels.h ssh.h packet.h dispatch.h opacket.h ssherr.h -platform-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -platform-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h log.h -platform.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h log.h misc.h servconf.h key.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h -poly1305.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h poly1305.h -progressmeter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h progressmeter.h atomicio.h misc.h -readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/glob.h xmalloc.h ssh.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h key.h -readconf.o: uidswap.h myproposal.h digest.h -readpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h misc.h pathnames.h log.h ssh.h uidswap.h -rijndael.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h rijndael.h -sandbox-capsicum.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -sandbox-darwin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -sandbox-null.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -sandbox-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -sandbox-rlimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -sandbox-seccomp-filter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -sandbox-solaris.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -sc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h sc25519.h crypto_api.h -scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h ssh.h atomicio.h pathnames.h log.h misc.h progressmeter.h utf8.h -servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h key.h sshkey.h kex.h mac.h -servconf.o: match.h channels.h groupaccess.h canohost.h packet.h dispatch.h opacket.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h -serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h opacket.h log.h misc.h servconf.h canohost.h sshpty.h channels.h compat.h ssh2.h key.h sshkey.h cipher.h cipher-chachapoly.h chacha.h -serverloop.o: poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h ssherr.h -session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h opacket.h match.h uidswap.h compat.h channels.h key.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h +auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h sshbuf.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h ssherr.h +auth2.o: monitor_wrap.h digest.h +authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h compat.h log.h atomicio.h misc.h ssherr.h +authfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh.h log.h authfile.h misc.h atomicio.h sshkey.h sshbuf.h ssherr.h krl.h +bitmap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h bitmap.h +canohost.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h canohost.h misc.h +chacha.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h chacha.h +channels.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h ssherr.h sshbuf.h packet.h dispatch.h opacket.h log.h misc.h channels.h compat.h canohost.h sshkey.h authfd.h pathnames.h match.h +cipher-aes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h +cipher-aesctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher-aesctr.h rijndael.h +cipher-chachapoly.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sshbuf.h ssherr.h cipher-chachapoly.h chacha.h poly1305.h +cipher-ctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +cipher.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h misc.h sshbuf.h ssherr.h digest.h openbsd-compat/openssl-compat.h +cleanup.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h +clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h opacket.h sshbuf.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h +clientloop.o: myproposal.h log.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h ssherr.h hostfile.h +compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h compat.h log.h match.h kex.h mac.h +crc32.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crc32.h +dh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +digest-libc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h digest.h +digest-openssl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h dispatch.h packet.h openbsd-compat/sys-queue.h opacket.h compat.h ssherr.h +dns.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h ssherr.h dns.h log.h digest.h +ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ge25519.h fe25519.h sc25519.h +entropy.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +fatal.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h +fe25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h +ge25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h sc25519.h ge25519.h ge25519_base.data +groupaccess.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h groupaccess.h match.h log.h +gss-genr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +gss-serv-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +gss-serv.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +hash.o: crypto_api.h includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h log.h ssherr.h +hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h +hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h misc.h ssherr.h digest.h hmac.h +kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h log.h match.h misc.h monitor.h ssherr.h sshbuf.h +kex.o: digest.h +kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h log.h digest.h ssherr.h +kexc25519c.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssh2.h sshbuf.h digest.h ssherr.h +kexc25519s.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h kex.h mac.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssh2.h sshbuf.h ssherr.h +kexdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +kexdhc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +kexdhs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +kexecdhc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +kexecdhs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +kexgex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +kexgexc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +kexgexs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h sshbuf.h ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h krl.h +log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h +loginrec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h hostfile.h ssh.h loginrec.h log.h atomicio.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h canohost.h auth.h auth-pam.h audit.h sshbuf.h ssherr.h +logintest.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h loginrec.h +mac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h hmac.h umac.h mac.h misc.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h +match.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h misc.h +md5crypt.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h log.h ssh.h sshbuf.h ssherr.h +moduli.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h +monitor.o: rijndael.h kex.h mac.h dh.h packet.h dispatch.h opacket.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h ssherr.h +monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h monitor_fdpass.h +monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h hostfile.h auth.h auth-pam.h audit.h loginrec.h +monitor_wrap.o: auth-options.h packet.h dispatch.h opacket.h log.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h ssherr.h +msg.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssherr.h log.h atomicio.h msg.h misc.h +mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h log.h ssh.h ssh2.h pathnames.h misc.h match.h sshbuf.h channels.h msg.h packet.h dispatch.h opacket.h monitor_fdpass.h sshpty.h sshkey.h readconf.h clientloop.h ssherr.h +nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h ssh2.h sshbuf.h ssherr.h packet.h dispatch.h opacket.h channels.h compat.h log.h +opacket.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h +packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h crc32.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h digest.h log.h canohost.h misc.h channels.h ssh.h +packet.o: packet.h dispatch.h opacket.h ssherr.h sshbuf.h +platform-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +platform-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h +platform.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h +poly1305.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h poly1305.h +progressmeter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h progressmeter.h atomicio.h misc.h +readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ssherr.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h uidswap.h +readconf.o: myproposal.h digest.h +readpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h pathnames.h log.h ssh.h uidswap.h +rijndael.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h rijndael.h +sandbox-capsicum.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +sandbox-darwin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +sandbox-null.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +sandbox-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +sandbox-rlimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +sandbox-seccomp-filter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +sandbox-solaris.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +sc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sc25519.h crypto_api.h +scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h atomicio.h pathnames.h log.h misc.h progressmeter.h utf8.h +servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h sshbuf.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h match.h channels.h +servconf.o: groupaccess.h canohost.h packet.h dispatch.h opacket.h ssherr.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h +serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h opacket.h sshbuf.h log.h misc.h servconf.h canohost.h sshpty.h channels.h compat.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h +serverloop.o: cipher-aesctr.h rijndael.h kex.h mac.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h ssherr.h +session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h opacket.h sshbuf.h ssherr.h match.h uidswap.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h session.o: cipher-aesctr.h rijndael.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h monitor_wrap.h sftp.h atomicio.h -sftp-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h log.h atomicio.h progressmeter.h misc.h utf8.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h -sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h ssherr.h log.h misc.h sftp.h sftp-common.h -sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h -sftp-server-main.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h log.h sftp.h misc.h xmalloc.h -sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h -sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h log.h pathnames.h misc.h utf8.h sftp.h ssherr.h sftp-common.h sftp-client.h openbsd-compat/glob.h -ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/openssl-compat.h xmalloc.h ssh.h log.h sshkey.h authfd.h authfile.h pathnames.h misc.h ssherr.h digest.h -ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshkey.h authfd.h compat.h log.h misc.h digest.h ssherr.h match.h -ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -ssh-ecdsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -ssh-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h crypto_api.h log.h sshkey.h ssherr.h ssh.h -ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h sshkey.h authfile.h uuencode.h pathnames.h log.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssherr.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h -ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h key.h compat.h myproposal.h packet.h dispatch.h -ssh-keyscan.o: opacket.h log.h atomicio.h misc.h hostfile.h ssherr.h ssh_api.h ssh2.h dns.h -ssh-keysign.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h log.h sshkey.h ssh.h ssh2.h misc.h authfile.h msg.h canohost.h pathnames.h readconf.h uidswap.h ssherr.h -ssh-pkcs11-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -ssh-pkcs11-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h log.h misc.h sshkey.h authfd.h ssh-pkcs11.h ssherr.h -ssh-pkcs11.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -ssh-rsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h packet.h -ssh.o: dispatch.h opacket.h channels.h key.h sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h misc.h readconf.h sshconnect.h kex.h mac.h sshpty.h match.h msg.h uidswap.h version.h ssherr.h myproposal.h utf8.h -ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h key.h ssh.h ssh2.h packet.h dispatch.h opacket.h compat.h -ssh_api.o: log.h authfile.h misc.h version.h myproposal.h ssherr.h -sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ssherr.h -sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ssherr.h -sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ssherr.h -sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ssherr.h misc.h -sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h key.h sshkey.h hostfile.h ssh.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h uidswap.h compat.h sshconnect.h log.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h -sshconnect.o: ssh2.h version.h authfile.h ssherr.h authfd.h -sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h opacket.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h key.h sshkey.h kex.h mac.h -sshconnect2.o: myproposal.h sshconnect.h authfile.h dh.h authfd.h log.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h ssherr.h utf8.h -sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h opacket.h log.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h -sshd.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h key.h sshkey.h kex.h mac.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h ssherr.h +sftp-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h sshbuf.h log.h atomicio.h progressmeter.h misc.h utf8.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h +sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssherr.h sshbuf.h log.h misc.h sftp.h sftp-common.h +sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h +sftp-server-main.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sftp.h misc.h xmalloc.h +sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshbuf.h ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h +sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h pathnames.h misc.h utf8.h sftp.h ssherr.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h +ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h xmalloc.h ssh.h log.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h ssherr.h digest.h +ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h compat.h log.h misc.h digest.h ssherr.h match.h +ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +ssh-ecdsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +ssh-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h sshbuf.h sshkey.h ssherr.h ssh.h +ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h authfile.h uuencode.h sshbuf.h pathnames.h log.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssherr.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h +ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h compat.h myproposal.h packet.h dispatch.h opacket.h log.h +ssh-keyscan.o: atomicio.h misc.h hostfile.h ssherr.h ssh_api.h ssh2.h dns.h +ssh-keysign.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h sshkey.h ssh.h ssh2.h misc.h sshbuf.h authfile.h msg.h canohost.h pathnames.h readconf.h uidswap.h ssherr.h +ssh-pkcs11-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +ssh-pkcs11-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h sshbuf.h log.h misc.h sshkey.h authfd.h ssh-pkcs11.h ssherr.h +ssh-pkcs11.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +ssh-rsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h packet.h dispatch.h opacket.h +ssh.o: sshbuf.h channels.h sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h misc.h readconf.h sshconnect.h kex.h mac.h sshpty.h match.h msg.h version.h ssherr.h myproposal.h utf8.h +ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h ssh.h ssh2.h packet.h dispatch.h opacket.h compat.h log.h authfile.h misc.h +ssh_api.o: version.h myproposal.h ssherr.h sshbuf.h +sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h +sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h +sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h +sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h misc.h +sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h compat.h sshkey.h sshconnect.h log.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h +sshconnect.o: ssherr.h authfd.h +sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h opacket.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h myproposal.h +sshconnect2.o: sshconnect.h authfile.h dh.h authfd.h log.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h ssherr.h utf8.h +sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h opacket.h log.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h +sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h ssherr.h ssherr.o: ssherr.h -sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h crypto_api.h ssh2.h ssherr.h misc.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h sshkey-xmss.h match.h xmss_fast.h -sshlogin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h loginrec.h log.h misc.h servconf.h -sshpty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h sshpty.h log.h misc.h -sshtty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h sshpty.h -ttymodes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h compat.h ttymodes.h -uidswap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h log.h uidswap.h xmalloc.h -umac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h umac.h misc.h rijndael.h -umac128.o: umac.c includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h umac.h misc.h rijndael.h -utf8.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h utf8.h -uuencode.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h uuencode.h -verify.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h crypto_api.h -xmalloc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h xmalloc.h log.h -xmss_commons.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -xmss_fast.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -xmss_hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -xmss_hash_address.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h -xmss_wots.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h buffer.h sshbuf.h +sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h sshkey-xmss.h match.h xmss_fast.h +sshlogin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshlogin.h ssherr.h loginrec.h log.h sshbuf.h misc.h servconf.h +sshpty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h log.h misc.h +sshtty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h +ttymodes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h compat.h sshbuf.h ssherr.h ttymodes.h +uidswap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h uidswap.h xmalloc.h +umac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h +umac128.o: umac.c includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h +utf8.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h utf8.h +uuencode.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h uuencode.h +verify.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h +xmalloc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h +xmss_commons.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +xmss_fast.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +xmss_hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +xmss_hash_address.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +xmss_wots.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h diff --git a/.skipped-commit-ids b/.skipped-commit-ids index b51baf90d75..b94cadf1cce 100644 --- a/.skipped-commit-ids +++ b/.skipped-commit-ids @@ -2,6 +2,8 @@ a337e886a49f96701ccbc4832bed086a68abfa85 Makefile changes f2c9feb26963615c4fece921906cf72e248b61ee more Makefile fa728823ba21c4b45212750e1d3a4b2086fd1a62 more Makefile refactoring +1de0e85522051eb2ffa00437e1885e9d7b3e0c2e moduli update +814b2f670df75759e1581ecef530980b2b3d7e0f remove redundant make defs Old upstream tree: diff --git a/ChangeLog b/ChangeLog index bb729917c33..6d7a7d265eb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,9798 +1,9741 @@ -commit a0349a1cc4a18967ad1dbff5389bcdf9da098814 +commit 71508e06fab14bc415a79a08f5535ad7bffa93d9 Author: Damien Miller -Date: Mon Apr 2 15:38:28 2018 +1000 +Date: Thu Aug 23 15:41:42 2018 +1000 - update versions in .spec files + shorten temporary SSH_REGRESS_TMP path + + Previous path was exceeding max socket length on at least one platform (OSX) -commit 816ad38f79792f5617e3913be306ddb27e91091c +commit 26739cf5bdc9030a583b41ae5261dedd862060f0 Author: Damien Miller -Date: Mon Apr 2 15:38:20 2018 +1000 +Date: Thu Aug 23 13:06:02 2018 +1000 - update version number + rebuild dependencies -commit 2c71ca1dd1efe458cb7dee3f8a1a566f913182c2 -Author: Darren Tucker -Date: Fri Mar 30 18:23:07 2018 +1100 +commit ff729025c7463cf5d0a8d1ca1823306e48c6d4cf +Author: Damien Miller +Date: Thu Aug 23 13:03:32 2018 +1000 - Disable native strndup and strnlen on AIX. + fix path in distclean target - On at least some revisions of AIX, strndup returns unterminated strings - under some conditions, apparently because strnlen returns incorrect - values in those cases. Disable both on AIX and use the replacements - from openbsd-compat. Fixes problem with ECDSA keys there, ok djm. + Patch from Jakub Jelen -commit 6b5a17bc14e896e3904dc58d889b58934cfacd24 -Author: Darren Tucker -Date: Mon Mar 26 13:12:44 2018 +1100 +commit 7fef173c28f7462dcd8ee017fdf12b5073f54c02 +Author: djm@openbsd.org +Date: Thu Aug 23 03:01:08 2018 +0000 - Include ssh_api.h for struct ssh. + upstream: memleak introduced in r1.83; from Colin Watson - struct ssh is needed by implementations of sys_auth_passwd() that were - converted in commit bba02a50. Needed to fix build on AIX, I assume for - the other platforms too (although it should be harmless if not needed). + OpenBSD-Commit-ID: 5c019104c280cbd549a264a7217b67665e5732dc -commit bc3f80e4d191b8e48650045dfa8a682cd3aabd4d -Author: Darren Tucker -Date: Mon Mar 26 12:58:09 2018 +1100 +commit b8ae02a2896778b8984c7f51566c7f0f56fa8b56 +Author: schwarze@openbsd.org +Date: Tue Aug 21 13:56:27 2018 +0000 - Remove UNICOS code missed during removal. + upstream: AIX reports the CODESET as "ISO8859-1" in the POSIX locale. - Fixes compile error on AIX. + Treating that as a safe encoding is OK because even when other systems return + that string for real ISO8859-1, it is still safe in the sense that it is + ASCII-compatible and stateless. + + Issue reported by Val dot Baranov at duke dot edu. Additional + information provided by Michael dot Felt at felt dot demon dot nl. + Tested by Michael Felt on AIX 6.1 and by Val Baranov on AIX 7.1. + Tweak and OK djm@. + + OpenBSD-Commit-ID: 36f1210e0b229817d10eb490d6038f507b8256a7 -commit 9d57762c24882e2f000a21a0ffc8c5908a1fa738 -Author: markus@openbsd.org -Date: Sat Mar 24 19:29:03 2018 +0000 +commit bc44ee088ad269d232e514f037c87ada4c2fd3f0 +Author: Tim Rice +Date: Tue Aug 21 08:57:24 2018 -0700 - upstream: openssh-7.7 - - OpenBSD-Commit-ID: 274e614352460b9802c905f38fb5ea7ed5db3d41 + modified: openbsd-compat/port-uw.c + remove obsolete and un-needed include -commit 4b7d8acdbbceef247dc035e611e577174ed8a87e +commit 829fc28a9c54e3f812ee7248c7a3e31eeb4f0b3a Author: Damien Miller -Date: Mon Mar 26 09:37:02 2018 +1100 +Date: Mon Aug 20 15:57:29 2018 +1000 - Remove authinfo.sh test dependency on printenv - - Some platforms lack printenv in the default $PATH. - Reported by Tom G. Christensen + Missing unistd.h for regress/mkdtemp.c -commit 4afeaf3dcb7dc70efd98fcfcb0ed28a6b40b820e -Author: Tim Rice -Date: Sun Mar 25 10:00:21 2018 -0700 +commit c8313e492355a368a91799131520d92743d8d16c +Author: Damien Miller +Date: Fri Aug 17 05:45:20 2018 +1000 - Use libiaf on all sysv5 systems + update version numbers in anticipation of release -commit bba02a5094b3db228ceac41cb4bfca165d0735f3 -Author: Tim Rice -Date: Sun Mar 25 09:17:33 2018 -0700 +commit 477b49a34b89f506f4794b35e3c70b3e2e83cd38 +Author: Corinna Vinschen +Date: Mon Aug 13 17:08:51 2018 +0200 - modified: auth-sia.c - modified: openbsd-compat/port-aix.c - modified: openbsd-compat/port-uw.c + configure: work around GCC shortcoming on Cygwin - propogate changes to auth-passwd.c in commit - 7c856857607112a3dfe6414696bf4c7ab7fb0cb3 to other providers - of sys_auth_passwd() + Cygwin's latest 7.x GCC allows to specify -mfunction-return=thunk + as well as -mindirect-branch=thunk on the command line, albeit + producing invalid code, leading to an error at link stage. + + The check in configure.ac only checks if the option is present, + but not if it produces valid code. + + This patch fixes it by special-casing Cygwin. Another solution + may be to change these to linker checks. + + Signed-off-by: Corinna Vinschen -commit d7a7a39168bdfe273587bf85d779d60569100a3f -Author: markus@openbsd.org -Date: Sat Mar 24 19:29:03 2018 +0000 +commit b0917945efa374be7648d67dbbaaff323ab39edc +Author: Corinna Vinschen +Date: Mon Aug 13 17:05:05 2018 +0200 - upstream: openssh-7.7 + cygwin: add missing stdarg.h include - OpenBSD-Commit-ID: 274e614352460b9802c905f38fb5ea7ed5db3d41 + Further header file standarization in Cygwin uncovered a lazy + indirect include in bsd-cygwin_util.c + + Signed-off-by: Corinna Vinschen -commit 9efcaaac314c611c6c0326e8bac5b486c424bbd2 -Author: markus@openbsd.org -Date: Sat Mar 24 19:28:43 2018 +0000 +commit c3903c38b0fd168ab3d925c2b129d1a599593426 +Author: djm@openbsd.org +Date: Mon Aug 13 02:41:05 2018 +0000 - upstream: fix bogus warning when signing cert keys using agent; + upstream: revert compat.[ch] section of the following change. It - from djm; ok deraadt dtucker + causes double-free under some circumstances. - OpenBSD-Commit-ID: 12e50836ba2040042383a8b71e12d7ea06e9633d + -- + + date: 2018/07/31 03:07:24; author: djm; state: Exp; lines: +33 -18; commitid: f7g4UI8eeOXReTPh; + fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366 + feedback and ok dtucker@ + + OpenBSD-Commit-ID: 1e77547f60fdb5e2ffe23e2e4733c54d8d2d1137 -commit 393436024d2e4b4c7a01f9cfa5854e7437896d11 -Author: Darren Tucker -Date: Sun Mar 25 09:40:46 2018 +1100 +commit 1b9dd4aa15208100fbc3650f33ea052255578282 +Author: djm@openbsd.org +Date: Sun Aug 12 20:19:13 2018 +0000 - Replace /dev/stdin with "-". + upstream: better diagnosics on alg list assembly errors; ok - For some reason sftp -b doesn't work with /dev/stdin on Cygwin, as noted - and suggested by vinschen at redhat.com. + deraadt@ markus@ + + OpenBSD-Commit-ID: 5a557e74b839daf13cc105924d2af06a1560faee -commit b5974de1a1d419e316ffb6524b1b277dda2f3b49 -Author: Darren Tucker -Date: Fri Mar 23 13:21:14 2018 +1100 +commit e36a5f61b0f5bebf6d49c215d228cd99dfe86e28 +Author: Damien Miller +Date: Sat Aug 11 18:08:45 2018 -0700 - Provide $OBJ to paths in PuTTY interop tests. + Some AIX fixes; report from Michael Felt -commit dc31e79454e9b9140b33ad380565fdb59b9c4f33 +commit 2f4766ceefe6657c5ad5fe92d13c411872acae0e Author: dtucker@openbsd.org -Date: Fri Mar 16 09:06:31 2018 +0000 +Date: Fri Aug 10 01:35:49 2018 +0000 - upstream: Tell puttygen to use /dev/urandom instead of /dev/random. On + upstream: The script that cooks up PuTTY format host keys does not - OpenBSD they are both non-blocking, but on many other -portable platforms it - blocks, stalling tests. + understand the new key format so convert back to old format to create the + PuTTY key and remove it once done. - OpenBSD-Regress-ID: 397d0d4c719c353f24d79f5b14775e0cfdf0e1cc + OpenBSD-Regress-ID: 2a449a18846c3a144bc645135b551ba6177e38d3 -commit cb1f94431ef319cd48618b8b771b58739a8210cf -Author: markus@openbsd.org -Date: Thu Mar 22 07:06:11 2018 +0000 +commit e1b26ce504662a5d5b991091228984ccfd25f280 +Author: djm@openbsd.org +Date: Fri Aug 10 00:44:01 2018 +0000 - upstream: ssh/xmss: fix build; ok djm@ + upstream: improve - OpenBSD-Commit-ID: c9374ca41d4497f1c673ab681cc33f6e7c5dd186 + OpenBSD-Commit-ID: 40d839db0977b4e7ac8b647b16d5411d4faf2f60 -commit 27979da9e4074322611355598f69175b9ff10d39 -Author: markus@openbsd.org -Date: Thu Mar 22 07:05:48 2018 +0000 +commit 7c712966a3139622f7fb55045368d05de4e6782c +Author: djm@openbsd.org +Date: Fri Aug 10 00:42:29 2018 +0000 - upstream: ssh/xmss: fix deserialize for certs; ok djm@ + upstream: Describe pubkey format, prompted by bz#2853 - OpenBSD-Commit-ID: f44c41636c16ec83502039828beaf521c057dddc + While I'm here, describe and link to the remaining local PROTOCOL.* + docs that weren't already mentioned (PROTOCOL.key, PROTOCOL.krl and + PROTOCOL.mux) + + OpenBSD-Commit-ID: 2a900f9b994ba4d53e7aeb467d44d75829fd1231 -commit c6cb2565c9285eb54fa9dfbb3890f5464aff410f -Author: Darren Tucker -Date: Thu Mar 22 17:00:28 2018 +1100 +commit ef100a2c5a8ed83afac0b8f36520815803da227a +Author: djm@openbsd.org +Date: Fri Aug 10 00:27:15 2018 +0000 - Save $? before case statement. + upstream: fix numbering - In some shells (FreeBSD 9, ash) the case statement resets $?, so save - for later testing. + OpenBSD-Commit-ID: bc7a1764dff23fa4c5ff0e3379c9c4d5b63c9596 -commit 4c4e7f783b43b264c247233acb887ee10ed4ce4d +commit ed7bd5d93fe14c7bd90febd29b858ea985d14d45 Author: djm@openbsd.org -Date: Wed Mar 14 05:35:40 2018 +0000 +Date: Wed Aug 8 01:16:01 2018 +0000 - upstream: rename recently-added "valid-before" key restriction to + upstream: Use new private key format by default. This format is - "expiry-time" as the former is confusing wrt similar terminology in X.509; - pointed out by jsing@ + suported by OpenSSH >= 6.5 (released January 2014), so it should be supported + by most OpenSSH versions in active use. - OpenBSD-Regress-ID: ac8b41dbfd90cffd525d58350c327195b0937793 + It is possible to convert new-format private keys to the older + format using "ssh-keygen -f /path/key -pm PEM". + + ok deraadt dtucker + + OpenBSD-Commit-ID: e3bd4f2509a2103bfa2f710733426af3ad6d8ab8 -commit 500396b204c58e78ad9d081516a365a9f28dc3fd +commit 967226a1bdde59ea137e8f0df871854ff7b91366 Author: djm@openbsd.org -Date: Mon Mar 12 00:56:03 2018 +0000 +Date: Sat Aug 4 00:55:06 2018 +0000 - upstream: check valid-before option in authorized_keys + upstream: invalidate dh->priv_key after freeing it in error path; - OpenBSD-Regress-ID: 7e1e4a84f7f099a290e5a4cbf4196f90ff2d7e11 + avoids unlikely double-free later. Reported by Viktor Dukhovni via + https://github.com/openssh/openssh-portable/pull/96 feedback jsing@ tb@ + + OpenBSD-Commit-ID: e317eb17c3e05500ae851f279ef6486f0457c805 -commit a76b5d26c2a51d7dd7a5164e683ab3f4419be215 +commit 74287f5df9966a0648b4a68417451dd18f079ab8 Author: djm@openbsd.org -Date: Mon Mar 12 00:54:04 2018 +0000 +Date: Tue Jul 31 03:10:27 2018 +0000 - upstream: explicitly specify RSA/SHA-2 keytype here too + upstream: delay bailout for invalid authentic - OpenBSD-Regress-ID: 74d7b24e8c72c27af6b481198344eb077e993a62 + =?UTF-8?q?ating=20user=20until=20after=20the=20packet=20containing=20the?= + =?UTF-8?q?=20request=20has=20been=20fully=20parsed.=20Reported=20by=20Dar?= + =?UTF-8?q?iusz=20Tytko=20and=20Micha=C5=82=20Sajdak;=20ok=20deraadt?= + MIME-Version: 1.0 + Content-Type: text/plain; charset=UTF-8 + Content-Transfer-Encoding: 8bit + + OpenBSD-Commit-ID: b4891882fbe413f230fe8ac8a37349b03bd0b70d -commit 3a43297ce29d37c64e37c7e21282cb219e28d3d1 +commit 1a66079c0669813306cc69e5776a4acd9fb49015 Author: djm@openbsd.org -Date: Mon Mar 12 00:52:57 2018 +0000 +Date: Tue Jul 31 03:07:24 2018 +0000 - upstream: exlicitly include RSA/SHA-2 keytypes in + upstream: fix some memory leaks spotted by Coverity via Jakub Jelen - PubkeyAcceptedKeyTypes here + in bz#2366 feedback and ok dtucker@ - OpenBSD-Regress-ID: 954d19e0032a74e31697fb1dc7e7d3d1b2d65fe9 + OpenBSD-Commit-ID: 8402bbae67d578bedbadb0ce68ff7c5a136ef563 -commit 037fdc1dc2d68e1d43f9c9e2586c02cabc8f7cc8 -Author: jmc@openbsd.org -Date: Wed Mar 14 06:56:20 2018 +0000 +commit 87f08be054b7eeadbb9cdeb3fb4872be79ccf218 +Author: Damien Miller +Date: Fri Jul 20 13:18:28 2018 +1000 - upstream: sort expiry-time; + Remove support for S/Key - OpenBSD-Commit-ID: 8c7d82ee1e63e26ceb2b3d3a16514019f984f6bf + Most people will 1) be using modern multi-factor authentication methods + like TOTP/OATH etc and 2) be getting support for multi-factor + authentication via PAM or BSD Auth. -commit abc0fa38c9bc136871f28e452c3465c3051fc785 -Author: djm@openbsd.org -Date: Wed Mar 14 05:35:40 2018 +0000 +commit 5d14019ba2ff54acbfd20a6b9b96bb860a8c7c31 +Author: markus@openbsd.org +Date: Fri Jul 27 12:03:17 2018 +0000 - upstream: rename recently-added "valid-before" key restriction to + upstream: avoid expensive channel_open_message() calls; ok djm@ - "expiry-time" as the former is confusing wrt similar terminology in X.509; - pointed out by jsing@ + OpenBSD-Commit-ID: aea3b5512ad681cd8710367d743e8a753d4425d9 + +commit e655ee04a3cb7999dbf9641b25192353e2b69418 +Author: dtucker@openbsd.org +Date: Fri Jul 27 05:34:42 2018 +0000 + + upstream: Now that ssh can't be setuid, remove the - OpenBSD-Commit-ID: 376939466a1f562f3950a22314bc6505733aaae6 + original_real_uid and original_effective_uid globals and replace with calls + to plain getuid(). ok djm@ + + OpenBSD-Commit-ID: 92561c0cd418d34e6841e20ba09160583e27b68c -commit bf0fbf2b11a44f06a64b620af7d01ff171c28e13 -Author: djm@openbsd.org -Date: Mon Mar 12 00:52:01 2018 +0000 +commit 73ddb25bae4c33a0db361ac13f2e3a60d7c6c4a5 +Author: dtucker@openbsd.org +Date: Fri Jul 27 05:13:02 2018 +0000 - upstream: add valid-before="[time]" authorized_keys option. A + upstream: Remove uid checks from low port binds. Now that ssh - simple way of giving a key an expiry date. ok markus@ + cannot be setuid and sshd always has privsep on, we can remove the uid checks + for low port binds and just let the system do the check. We leave a sanity + check for the !privsep case so long as the code is stil there. with & ok + djm@ - OpenBSD-Commit-ID: 1793b4dd5184fa87f42ed33c7b0f4f02bc877947 + OpenBSD-Commit-ID: 9535cfdbd1cd54486fdbedfaee44ce4367ec7ca0 -commit fbd733ab7adc907118a6cf56c08ed90c7000043f +commit c12033e102760d043bc5c98e6c8180e4d331b0df +Author: dtucker@openbsd.org +Date: Fri Jul 27 03:55:22 2018 +0000 + + upstream: ssh(1) no longer supports being setuid root. Remove reference + + to crc32 which went with protocol 1. Pointed out by deraadt@. + + OpenBSD-Commit-ID: f8763c25fd96ed91dd1abdab5667fd2e27e377b6 + +commit 4492e2ec4e1956a277ef507f51d66e5c2aafaaf8 +Author: Damien Miller +Date: Fri Jul 27 14:15:28 2018 +1000 + + correct snprintf truncation check in closefrom() + + Truncation cannot happen unless the system has set PATH_MAX to some + nonsensically low value. + + bz#2862, patch from Daniel Le + +commit 149cab325a8599a003364ed833f878449c15f259 Author: Darren Tucker -Date: Mon Mar 12 19:17:26 2018 +1100 +Date: Fri Jul 27 13:46:06 2018 +1000 - Add AC_LANG_PROGRAM to AC_COMPILE_IFELSE. + Include stdarg.h in mkdtemp for va_list. + +commit 6728f31bdfdc864d192773c32465b1860e23f556 +Author: deraadt@openbsd.org +Date: Wed Jul 25 17:12:35 2018 +0000 + + upstream: Don't redefine Makefile choices which come correct from - The recently added MIPS ABI tests need AC_LANG_PROGRAM to prevent - warnings from autoconf. Pointed out by klausz at haus-gisela.de. + bsd.*.mk ok markus + + OpenBSD-Commit-ID: 814b2f670df75759e1581ecef530980b2b3d7e0f -commit c7c458e8261b04d161763cd333d74e7a5842e917 -Author: djm@openbsd.org -Date: Wed Mar 7 23:53:08 2018 +0000 +commit 21fd477a855753c1a8e450963669e28e39c3b5d2 +Author: deraadt@openbsd.org +Date: Wed Jul 25 13:56:23 2018 +0000 - upstream: revert recent strdelim() change, it causes problems with + upstream: fix indent; Clemens Goessnitzer - some configs. + OpenBSD-Commit-ID: b5149a6d92b264d35f879d24608087b254857a83 + +commit 8e433c2083db8664c41499ee146448ea7ebe7dbf +Author: beck@openbsd.org +Date: Wed Jul 25 13:10:56 2018 +0000 + + upstream: Use the caller provided (copied) pwent struct in - revision 1.124 - date: 2018/03/02 03:02:11; author: djm; state: Exp; lines: +19 -8; commitid: nNRsCijZiGG6SUTT; - Allow escaped quotes \" and \' in ssh_config and sshd_config quotes - option strings. bz#1596 ok markus@ + load_public_identity_files instead of calling getpwuid() again and discarding + the argument. This prevents a client crash where tilde_expand_filename calls + getpwuid() again before the pwent pointer is used. Issue noticed and reported + by Pierre-Olivier Martel ok djm@ deraadt@ - OpenBSD-Commit-ID: 59c40b1b81206d713c06b49d8477402c86babda5 + OpenBSD-Commit-ID: a067d74b5b098763736c94cc1368de8ea3f0b157 -commit 0bcd871ccdf3baf2b642509ba4773d5be067cfa2 +commit e2127abb105ae72b6fda64fff150e6b24b3f1317 Author: jmc@openbsd.org -Date: Mon Mar 5 07:03:18 2018 +0000 +Date: Mon Jul 23 19:53:55 2018 +0000 - upstream: move the input format details to -f; remove the output + upstream: oops, failed to notice that SEE ALSO got messed up; - format details and point to sshd(8), where it is documented; + OpenBSD-Commit-ID: 61c1306542cefdc6e59ac331751afe961557427d + +commit ddf1b797c2d26bbbc9d410aa4f484cbe94673587 +Author: kn@openbsd.org +Date: Mon Jul 23 19:02:49 2018 +0000 + + upstream: Point to glob in section 7 for the actual list of special - ok dtucker + characters instead the C API in section 3. - OpenBSD-Commit-ID: 95f17e47dae02a6ac7329708c8c893d4cad0004a + OK millert jmc nicm, "the right idea" deraadt + + OpenBSD-Commit-ID: a74fd215488c382809e4d041613aeba4a4b1ffc6 -commit 45011511a09e03493568506ce32f4891a174a3bd -Author: Vicente Olivert Riera -Date: Tue Jun 20 16:42:28 2017 +0100 +commit 01c98d9661d0ed6156e8602b650f72eed9fc4d12 +Author: dtucker@openbsd.org +Date: Sun Jul 22 12:16:59 2018 +0000 - configure.ac: properly set seccomp_audit_arch for MIPS64 - - Currently seccomp_audit_arch is set to AUDIT_ARCH_MIPS64 or - AUDIT_ARCH_MIPSEL64 (depending on the endinness) when openssh is built - for MIPS64. However, that's only valid for n64 ABI. The right macros for - n32 ABI defined in seccomp.h are AUDIT_ARCH_MIPS64N32 and - AUDIT_ARCH_MIPSEL64N32, for big and little endian respectively. + upstream: Switch authorized_keys example from ssh-dss to ssh-rsa - Because of that an sshd built for MIPS64 n32 rejects connection attempts - and the output of strace reveals that the problem is related to seccomp - audit: + since the former is no longer enabled by default. Pointed out by Daniel A. + Maierhofer, ok jmc - [pid 194] prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=57, - filter=0x555d5da0}) = 0 - [pid 194] write(7, "\0\0\0]\0\0\0\5\0\0\0Ulist_hostkey_types: "..., 97) = ? - [pid 193] <... poll resumed> ) = 2 ([{fd=5, revents=POLLIN|POLLHUP}, - {fd=6, revents=POLLHUP}]) - [pid 194] +++ killed by SIGSYS +++ + OpenBSD-Commit-ID: 6a196cef53d7524e0c9b58cdbc1b5609debaf8c7 + +commit 472269f8fe19343971c2d08f504ab5cbb8234b33 +Author: djm@openbsd.org +Date: Fri Jul 20 05:01:10 2018 +0000 + + upstream: slightly-clearer description for AuthenticationMethods - the - This patch fixes that problem by setting the right value to - seccomp_audit_arch taking into account the MIPS64 ABI. + lists have comma-separated elements; bz#2663 from Hans Meier - Signed-off-by: Vicente Olivert Riera + OpenBSD-Commit-ID: 931c983d0fde4764d0942fb2c2b5017635993b5a -commit 580086704c31de91dc7ba040a28e416bf1fefbca -Author: Vicente Olivert Riera -Date: Tue Jun 20 16:42:11 2017 +0100 +commit c59aca8adbdf7f5597084ad360a19bedb3f80970 +Author: Damien Miller +Date: Fri Jul 20 14:53:42 2018 +1000 - configure.ac: detect MIPS ABI + Create control sockets in clean temp directories - Signed-off-by: Vicente Olivert Riera + Adds a regress/mkdtemp tool and uses it to create empty temp + directories for tests needing control sockets. + + Patch from Colin Watson via bz#2660; ok dtucker -commit cd4e937aa701f70366cd5b5969af525dff6fdf15 -Author: Alan Yee -Date: Wed Mar 7 15:12:14 2018 -0800 +commit 6ad8648e83e4f4ace37b742a05c2a6b6b872514e +Author: djm@openbsd.org +Date: Fri Jul 20 03:46:34 2018 +0000 - Use https URLs for links that support it. + upstream: remove unused zlib.h + + OpenBSD-Commit-ID: 8d274a9b467c7958df12668b49144056819f79f1 -commit c0a0c3fc4a76b682db22146b28ddc46566db1ce9 -Author: Darren Tucker -Date: Mon Mar 5 20:03:07 2018 +1100 +commit 3ba6e6883527fe517b6e4a824876e2fe62af22fc +Author: dtucker@openbsd.org +Date: Thu Jul 19 23:03:16 2018 +0000 - Disable UTMPX on SunOS4. + upstream: Fix typo in comment. From Alexandru Iacob via github. + + OpenBSD-Commit-ID: eff4ec07c6c8c5483533da43a4dda37d72ef7f1d -commit 58fd4c5c0140f6636227ca7acbb149ab0c2509b9 +commit c77bc73c91bc656e343a1961756e09dd1b170820 Author: Darren Tucker -Date: Mon Mar 5 19:28:08 2018 +1100 +Date: Fri Jul 20 13:48:51 2018 +1000 - Check for and work around buggy fflush(NULL). + Explicitly include openssl before zlib. - Some really old platforms (eg SunOS4) segfault on fflush(NULL) so check - for and work around. With klausz at haus-gisela.de. + Some versions of OpenSSL have "free_func" in their headers, which zlib + typedefs. Including openssl after zlib (eg via sshkey.h) results in + "syntax error before `free_func'", which this fixes. -commit 71e48bc7945f867029e50e06c665c66aed6d3c64 -Author: Darren Tucker -Date: Mon Mar 5 10:22:32 2018 +1100 +commit 95d41e90eafcd1286a901e8e361e4a37b98aeb52 +Author: dtucker@openbsd.org +Date: Thu Jul 19 10:28:47 2018 +0000 - Remove extra XMSS #endif + upstream: Deprecate UsePrivilegedPort now that support for running - Extra #endif breaks compile with -DWITH_XMSS. Pointed out by Jack - Schmidt via github. + ssh(1) setuid has been removed, remove supporting code and clean up + references to it in the man pages + + We have not shipped ssh(1) the setuid bit since 2002. If ayone + really needs to make connections from a low port number this can + be implemented via a small setuid ProxyCommand. + + ok markus@ jmc@ djm@ + + OpenBSD-Commit-ID: d03364610b7123ae4c6792f5274bd147b6de717e -commit 055e09e2212ff52067786bf6d794ca9512ff7f0c +commit 258dc8bb07dfb35a46e52b0822a2c5b7027df60a Author: dtucker@openbsd.org -Date: Sat Mar 3 06:37:53 2018 +0000 +Date: Wed Jul 18 11:34:04 2018 +0000 - upstream: Update RSA minimum modulus size to 1024. sshkey.h rev 1.18 + upstream: Remove support for running ssh(1) setuid and fatal if - bumped the minimum from 768 to 1024, update man page accordingly. + attempted. Do not link uidwap.c into ssh any more. Neuters + UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@ + djm@ - OpenBSD-Commit-ID: 27563ab4e866cd2aac40a5247876f6787c08a338 + OpenBSD-Commit-ID: c4ba5bf9c096f57a6ed15b713a1d7e9e2e373c42 -commit 7e4fadd3248d6bb7d39d6688c76a613d35d2efc1 -Author: djm@openbsd.org -Date: Sun Mar 4 01:46:48 2018 +0000 +commit ac590760b251506b0a152551abbf8e8d6dc2f527 +Author: dtucker@openbsd.org +Date: Mon Jul 16 22:25:01 2018 +0000 - upstream: for the pty control tests, just check that the PTY path + upstream: Slot 0 in the hostbased key array was previously RSA1, - points to something in /dev (rather than checking the device node itself); - makes life easier for portable, where systems with dynamic ptys can delete - nodes before we get around to testing their existence. + but that is now gone and the slot is unused so remove it. Remove two + now-unused macros, and add an array bounds check to the two remaining ones + (array is statically sized, so mostly a safety check on future changes). ok + markus@ - OpenBSD-Regress-ID: b1e455b821e62572bccd98102f8dd9d09bb94994 - -commit 13ef4cf53f24753fe920832b990b25c9c9cd0530 -Author: Darren Tucker -Date: Sat Mar 3 16:21:20 2018 +1100 + OpenBSD-Commit-ID: 2e4c0ca6cc1d8daeccead2aa56192a3f9d5e1e7a - Update PAM password change to new opts API. - -commit 33561e68e0b27366cb769295a077aabc6a49d2a1 -Author: Darren Tucker -Date: Sat Mar 3 14:56:09 2018 +1100 +commit 26efc2f5df0e3bcf6a6bbdd0506fd682d60c2145 +Author: dtucker@openbsd.org +Date: Mon Jul 16 11:05:41 2018 +0000 - Add strndup for platforms that need it. + upstream: Remove support for loading HostBasedAuthentication keys - Some platforms don't have strndup, which includes Solaris 10, NetBSD 3 - and FreeBSD 6. - -commit e8a17feba95eef424303fb94441008f6c5347aaf -Author: Darren Tucker -Date: Sat Mar 3 14:49:07 2018 +1100 - - Flatten and alphabetize object file lists. + directly in ssh(1) and always use ssh-keysign. This removes one of the few + remaining reasons why ssh(1) might be setuid. ok markus@ - This will make maintenance and changes easier. "no objection" tim@ + OpenBSD-Commit-ID: 97f01e1448707129a20d75f86bad5d27c3cf0b7d -commit de1920d743d295f50e6905e5957c4172c038e8eb +commit 3eb7f1038d17af7aea3c2c62d1e30cd545607640 Author: djm@openbsd.org -Date: Sat Mar 3 03:16:17 2018 +0000 +Date: Mon Jul 16 07:06:50 2018 +0000 - upstream: unit tests for new authorized_keys options API + upstream: keep options.identity_file_userprovided array in sync when we - OpenBSD-Regress-ID: 820f9ec9c6301f6ca330ad4052d85f0e67d0bdc1 + load keys, fixing some spurious error messages; ok markus + + OpenBSD-Commit-ID: c63e3d5200ee2cf9e35bda98de847302566c6a00 -commit dc3e92df17556dc5b0ab19cee8dcb2a6ba348717 +commit 2f131e1b34502aa19f345e89cabf6fa3fc097f09 Author: djm@openbsd.org -Date: Fri Mar 2 02:53:27 2018 +0000 +Date: Mon Jul 16 03:09:59 2018 +0000 - upstream: fix testing of pty option, include positive test and + upstream: memleak in unittest; found by valgrind - testing of restrict keyword - - OpenBSD-Regress-ID: 4268f27c2706a0a95e725d9518c5bcbec9814c6d + OpenBSD-Regress-ID: 168c23b0fb09fc3d0b438628990d3fd9260a8a5e -commit 3d1edd1ebbc0aabea8bbe61903060f37137f7c61 +commit de2997a4cf22ca0a524f0e5b451693c583e2fd89 Author: djm@openbsd.org -Date: Fri Mar 2 02:51:55 2018 +0000 +Date: Mon Jul 16 03:09:13 2018 +0000 - upstream: better testing for port-forwarding and restrict flags in - - authorized_keys + upstream: memleaks; found by valgrind - OpenBSD-Regress-ID: ee771df8955f2735df54746872c6228aff381daa + OpenBSD-Commit-ID: 6c3ba22be53e753c899545f771e8399fc93cd844 -commit 7c856857607112a3dfe6414696bf4c7ab7fb0cb3 -Author: djm@openbsd.org -Date: Sat Mar 3 03:15:51 2018 +0000 +commit 61cc0003eb37fa07603c969c12b7c795caa498f3 +Author: Darren Tucker +Date: Sat Jul 14 16:49:01 2018 +1000 - upstream: switch over to the new authorized_keys options API and - - remove the legacy one. + Undef a few new macros in sys-queue.h. - Includes a fairly big refactor of auth2-pubkey.c to retain less state - between key file lines. - - feedback and ok markus@ + Prevents macro redefinition warnings on OSX. + +commit 30a2c213877a54a44dfdffb6ca8db70be5b457e0 +Author: Darren Tucker +Date: Fri Jul 13 13:40:20 2018 +1000 + + Include unistd.h for geteuid declaration. + +commit 1dd32c23f2a85714dfafe2a9cc516971d187caa4 +Author: Darren Tucker +Date: Fri Jul 13 13:38:10 2018 +1000 + + Fallout from buffer conversion in AUDIT_EVENTS. - OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df + Supply missing "int r" and fix error path for sshbuf_new(). -commit 90c4bec8b5f9ec4c003ae4abdf13fc7766f00c8b +commit 7449c178e943e5c4f6c8416a4e41d93b70c11c9e Author: djm@openbsd.org -Date: Sat Mar 3 03:06:02 2018 +0000 +Date: Fri Jul 13 02:13:50 2018 +0000 - upstream: Introduce a new API for handling authorized_keys options. - - This API parses options to a dedicated structure rather than the old API's - approach of setting global state. It also includes support for merging - options, e.g. from authorized_keys, authorized_principals and/or - certificates. + upstream: make this use ssh_proxy rather than starting/stopping a - feedback and ok markus@ + daemon for each testcase - OpenBSD-Commit-ID: 98badda102cd575210d7802943e93a34232c80a2 + OpenBSD-Regress-ID: 608b7655ea65b1ba8fff5a13ce9caa60ef0c8166 -commit 26074380767e639ef89321610e146ae11016b385 +commit dbab02f9208d9baa134cec1d007054ec82b96ca9 Author: djm@openbsd.org -Date: Sat Mar 3 03:01:50 2018 +0000 +Date: Fri Jul 13 02:13:19 2018 +0000 - upstream: warn when the agent returns a signature type that was + upstream: fix leaks in unit test; with this, all unit tests are - different to what was requested. This might happen when an old/non-OpenSSH - agent is asked to make a rsa-sha2-256/512 signature but only supports - ssh-rsa. bz#2799 feedback and ok markus@ + leak free (as far as valgrind can spot anyway) - OpenBSD-Commit-ID: 760c0f9438c5c58abc16b5f98008ff2d95cb13ce + OpenBSD-Regress-ID: b824d8b27998365379963440e5d18b95ca03aa17 -commit f493d2b0b66fb003ed29f31dd66ff1aeb64be1fc -Author: jmc@openbsd.org -Date: Fri Mar 2 21:40:15 2018 +0000 +commit 2f6accff5085eb79b0dbe262d8b85ed017d1a51c +Author: Damien Miller +Date: Fri Jul 13 11:39:25 2018 +1000 - upstream: apply a lick of paint; tweaks/ok dtucker + Enable leak checks for unit tests with valgrind - OpenBSD-Commit-ID: 518a6736338045e0037f503c21027d958d05e703 + Leave the leak checking on unconditionally when running with valgrind. + The unit tests are leak-free and I want them to stay that way. -commit 713d9cb510e0e7759398716cbe6dcf43e574be71 -Author: djm@openbsd.org -Date: Fri Mar 2 03:02:11 2018 +0000 +commit e46cfbd9db5e907b821bf4fd0184d4dab99815ee +Author: Damien Miller +Date: Fri Jul 13 11:38:59 2018 +1000 - upstream: Allow escaped quotes \" and \' in ssh_config and - - sshd_config quotes option strings. bz#1596 ok markus@ + increase timeout to match cfgmatch.sh - OpenBSD-Commit-ID: dd3a29fc2dc905e8780198e5a6a30b096de1a1cb + lets test pass under valgrind (on my workstation at least) -commit 94b4e2d29afaaaef89a95289b16c18bf5627f7cd -Author: djm@openbsd.org -Date: Fri Mar 2 02:08:03 2018 +0000 +commit 6aa1bf475cf3e7a2149acc5a1e80e904749f064c +Author: Damien Miller +Date: Thu Jul 12 14:54:18 2018 +1000 - upstream: refactor sshkey_read() to make it a little more, err, - - readable. ok markus - - OpenBSD-Commit-ID: 2e9247b5762fdac3b6335dc606d3822121714c28 + rm regress/misc/kexfuzz/*.o in distclean target -commit 5886b92968b360623491699247caddfb77a74d80 -Author: markus@openbsd.org -Date: Thu Mar 1 20:32:16 2018 +0000 +commit eef1447ddb559c03725a23d4aa6d03f40e8b0049 +Author: Damien Miller +Date: Thu Jul 12 14:49:26 2018 +1000 - upstream: missing #ifdef for _PATH_HOST_XMSS_KEY_FILE; report by - - jmc@ - - OpenBSD-Commit-ID: 9039cb69a3f9886bfef096891a9e7fcbd620280b + repair !WITH_OPENSSL build -commit 3b36bed3d26f17f6a2b7e036e01777770fe1bcd4 -Author: dtucker@openbsd.org -Date: Mon Feb 26 12:14:53 2018 +0000 +commit 4d3b2f36fd831941d1627ac587faae37b6d3570f +Author: Damien Miller +Date: Thu Jul 12 14:49:14 2018 +1000 - upstream: Remove unneeded (local) include. ok markus@ - - OpenBSD-Commit-ID: 132812dd2296b1caa8cb07d2408afc28e4e60f93 + missing headers -commit 27b9f3950e0289e225b57b7b880a8f1859dcd70b -Author: dtucker@openbsd.org -Date: Mon Feb 26 03:56:44 2018 +0000 +commit 3f420a692b293921216549c1099c2e46ff284eae +Author: Darren Tucker +Date: Thu Jul 12 14:57:46 2018 +1000 - upstream: Add $OpenBSD$ markers to xmss files to help keep synced + Remove key.h from portable files too. - with portable. ok djm@. - - OpenBSD-Commit-ID: 5233a27aafd1dfadad4b957225f95ae51eb365c1 + Commit 5467fbcb removed key.h so stop including it in portable files + too. Fixes builds on lots of platforms. -commit afd830847a82ebbd5aeab05bad6d2c8ce74df1cd -Author: dtucker@openbsd.org -Date: Mon Feb 26 03:03:05 2018 +0000 +commit e2c4af311543093f16005c10044f7e06af0426f0 +Author: djm@openbsd.org +Date: Thu Jul 12 04:35:25 2018 +0000 - upstream: Add newline at end of file to prevent compiler warnings. + upstream: remove prototype to long-gone function - OpenBSD-Commit-ID: 52f247d4eafe840c7c14c8befa71a760a8eeb063 + OpenBSD-Commit-ID: 0414642ac7ce01d176b9f359091a66a8bbb640bd -commit 941e0d3e9bb8d5e4eb70cc694441445faf037c84 -Author: Darren Tucker -Date: Wed Feb 28 19:59:35 2018 +1100 +commit 394a842e60674bf8ee5130b9f15b01452a0b0285 +Author: markus@openbsd.org +Date: Wed Jul 11 18:55:11 2018 +0000 - Add WITH_XMSS, move to prevent conflicts. + upstream: treat ssh_packet_write_wait() errors as fatal; ok djm@ - Add #ifdef WITH_XMSS to ssh-xmss.c, move it in the other files to after - includes.h so it's less likely to conflict and will pick up WITH_XMSS if - added to config.h. + OpenBSD-Commit-ID: f88ba43c9d54ed2d911218aa8d3f6285430629c3 -commit a10d8552d0d2438da4ed539275abcbf557d1e7a8 -Author: Darren Tucker -Date: Tue Feb 27 14:45:17 2018 +1100 +commit 5467fbcb09528ecdcb914f4f2452216c24796790 +Author: markus@openbsd.org +Date: Wed Jul 11 18:53:29 2018 +0000 - Conditionally compile XMSS code. + upstream: remove legacy key emulation layer; ok djm@ - The XMSS code is currently experimental and, unlike the rest of OpenSSH - cannot currently be compiled with a c89 compiler. + OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d -commit 146c3bd28c8dbee9c4b06465d9c9facab96b1e9b -Author: Darren Tucker -Date: Mon Feb 26 12:51:29 2018 +1100 +commit 5dc4c59d5441a19c99e7945779f7ec9051126c25 +Author: martijn@openbsd.org +Date: Wed Jul 11 08:19:35 2018 +0000 - Check dlopen has RTLD_NOW before enabling pkcs11. + upstream: s/wuth/with/ in comment + + OpenBSD-Commit-ID: 9de41468afd75f54a7f47809d2ad664aa577902c -commit 1323f120d06a26074c4d154fcbe7f49bcad3d741 +commit 1c688801e9dd7f9889fb2a29bc2b6fbfbc35a11f Author: Darren Tucker -Date: Tue Feb 27 08:41:25 2018 +1100 +Date: Wed Jul 11 12:12:38 2018 +1000 - Check for attributes on prototype args. + Include stdlib.h for declaration of free. - Some compilers (gcc 2.9.53, 3.0 and probably others, see gcc bug #3481) - do not accept __attribute__ on function pointer prototype args. Check for - this and hide them if they're not accepted. + Fixes build with -Werror on at least Fedora and probably others. -commit f0b245b0439e600fab782d19e97980e9f2c2533c -Author: Darren Tucker -Date: Mon Feb 26 11:43:48 2018 +1100 +commit fccfa239def497615f92ed28acc57cfe63da3666 +Author: Damien Miller +Date: Wed Jul 11 10:19:56 2018 +1000 - Check if HAVE_DECL_BZERO correctly. + VALGRIND_CHECK_LEAKS logic was backwards :( -commit c7ef4a399155e1621a532cc5e08e6fa773658dd4 +commit 416287d45fcde0a8e66eee8b99aa73bd58607588 Author: Darren Tucker -Date: Mon Feb 26 17:42:56 2018 +1100 +Date: Wed Jul 11 10:10:26 2018 +1000 - Wrap in #ifdef HAVE_STDINT_H. + Fix sshbuf_new error path in skey. -commit ac53ce46cf8165cbda7f57ee045f9f32e1e92b31 +commit 7aab109b8b90a353c1af780524f1ac0d3af47bab Author: Darren Tucker -Date: Mon Feb 26 16:24:23 2018 +1100 +Date: Wed Jul 11 10:06:18 2018 +1000 - Replace $(CURDIR) with $(PWD). + Supply missing third arg in skey. - The former doesn't work on Solaris or BSDs. + During the change to the new buffer api the third arg to + sshbuf_get_cstring was ommitted. Fixes build when configured with skey. -commit 534b2680a15d14e7e60274d5b29b812d44cc5a44 +commit 380320bb72cc353a901790ab04b6287fd335dc4a Author: Darren Tucker -Date: Mon Feb 26 14:51:59 2018 +1100 +Date: Wed Jul 11 10:03:34 2018 +1000 - Comment out hexdump(). + Supply some more missing "int r" in skey + +commit d20720d373d8563ee737d1a45dc5e0804d622dbc +Author: Damien Miller +Date: Wed Jul 11 09:56:36 2018 +1000 + + disable valgrind memleak checking by default - Nothing currently uses them but they cause conflicts on at least - FreeBSD, possibly others. ok djm@ + Add VALGRIND_CHECK_LEAKS knob to turn it back on. -commit 5aea4aa522f61bb2f34c3055a7de203909dfae77 +commit 79c9d35018f3a5e30ae437880b669aa8636cd3cd Author: Darren Tucker -Date: Mon Feb 26 14:39:14 2018 +1100 +Date: Wed Jul 11 09:54:00 2018 +1000 - typo: missing ; + Supply missing "int r" in skey code. -commit cd3ab57f9b388f8b1abf601dc4d78ff82d83b75e -Author: Darren Tucker -Date: Mon Feb 26 14:37:06 2018 +1100 +commit 984bacfaacbbe31c35191b828fb5b5b2f0362c36 +Author: sf@openbsd.org +Date: Tue Jul 10 09:36:58 2018 +0000 - Hook up flock() compat code. + upstream: re-remove some pre-auth compression bits - Also a couple of minor changes: fail if we can't lock instead of - silently succeeding, and apply a couple of minor style fixes. + This time, make sure to not remove things that are necessary for + pre-auth compression on the client. Add a comment that pre-auth + compression is still supported in the client. + + ok markus@ + + OpenBSD-Commit-ID: 282c6fec7201f18a5c333bbb68d9339734d2f784 -commit b087998d1ba90dd1ddb6bfdb17873dc3e7392798 -Author: Darren Tucker -Date: Mon Feb 26 14:27:02 2018 +1100 +commit 120a1ec74e8d9d29f4eb9a27972ddd22351ddef9 +Author: Damien Miller +Date: Tue Jul 10 19:39:52 2018 +1000 - Import flock() compat from NetBSD. - - From NetBSD's src/trunk/tools/compat/flock.c, no OpenSSH changes yet. + Adapt portable to legacy buffer API removal -commit 89212533dde6798324e835b1499084658df4579e -Author: Darren Tucker -Date: Mon Feb 26 12:32:14 2018 +1100 +commit 0f3958c1e6ffb8ea4ba27e2a97a00326fce23246 +Author: djm@openbsd.org +Date: Tue Jul 10 09:13:30 2018 +0000 - Fix breakage when REGRESSTMP not set. + upstream: kerberos/gssapi fixes for buffer removal - BUILDDIR is not set where used for REGRESSTMP, use make's CURDIR - instead. Pointed out by djm@. + OpenBSD-Commit-ID: 1cdf56fec95801e4563c47f21696f04cd8b60c4c -commit f885474137df4b89498c0b8834c2ac72c47aa4bd -Author: Damien Miller -Date: Mon Feb 26 12:18:14 2018 +1100 +commit c74ae8e7c45f325f3387abd48fa7dfef07a08069 +Author: djm@openbsd.org +Date: Tue Jul 10 06:45:29 2018 +0000 - XMSS-related files get includes.h + upstream: buffer.[ch] and bufaux.c are no more + + OpenBSD-Commit-ID: d1a1852284e554f39525eb4d4891b207cfb3d3a0 -commit 612faa34c72e421cdc9e63f624526bae62d557cc -Author: Damien Miller -Date: Mon Feb 26 12:17:55 2018 +1100 +commit a881e5a133d661eca923fb0633a03152ab2b70b2 +Author: djm@openbsd.org +Date: Tue Jul 10 06:43:52 2018 +0000 - object files end with .o - not .c + upstream: one mention of Buffer that almost got away :) + + OpenBSD-Commit-ID: 30d7c27a90b4544ad5dfacf654595710cd499f02 -commit bda709b8e13d3eef19e69c2d1684139e3af728f5 -Author: Damien Miller -Date: Mon Feb 26 12:17:22 2018 +1100 +commit 49f47e656b60bcd1d1db98d88105295f4b4e600d +Author: markus@openbsd.org +Date: Mon Jul 9 21:59:10 2018 +0000 - avoid inclusion of deprecated selinux/flask.h + upstream: replace cast with call to sshbuf_mutable_ptr(); ok djm@ - Use string_to_security_class() instead. + OpenBSD-Commit-ID: 4dfe9d29fa93d9231645c89084f7217304f7ba29 -commit 2e396439365c4ca352cac222717d09b14f8a0dfd -Author: Damien Miller -Date: Mon Feb 26 11:48:27 2018 +1100 +commit cb30cd47041edb03476be1c8ef7bc1f4b69d1555 +Author: markus@openbsd.org +Date: Mon Jul 9 21:56:06 2018 +0000 - updatedepend + upstream: remove legacy buffer API emulation layer; ok djm@ + + OpenBSD-Commit-ID: 2dd5dc17cbc23195be4299fa93be2707a0e08ad9 -commit 1b11ea7c58cd5c59838b5fa574cd456d6047b2d4 +commit 235c7c4e3bf046982c2d8242f30aacffa01073d1 Author: markus@openbsd.org -Date: Fri Feb 23 15:58:37 2018 +0000 +Date: Mon Jul 9 21:53:45 2018 +0000 - upstream: Add experimental support for PQC XMSS keys (Extended + upstream: sshd: switch monitor to sshbuf API; lots of help & ok - Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS - in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See - https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@ - OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac + OpenBSD-Commit-ID: d89bd02d33974fd35ca0b8940d88572227b34a48 -commit 7d330a1ac02076de98cfc8fda05353d57b603755 -Author: jmc@openbsd.org -Date: Fri Feb 23 07:38:09 2018 +0000 +commit b8d9214d969775e409e1408ecdf0d58fad99b344 +Author: markus@openbsd.org +Date: Mon Jul 9 21:37:55 2018 +0000 - upstream: some cleanup for BindInterface and ssh-keyscan; + upstream: sshd: switch GSSAPI to sshbuf API; ok djm@ - OpenBSD-Commit-ID: 1a719ebeae22a166adf05bea5009add7075acc8c + OpenBSD-Commit-ID: e48449ab4be3f006f7ba33c66241b7d652973e30 -commit c7b5a47e3b9db9a0f0198f9c90c705f6307afc2b -Author: Darren Tucker -Date: Sun Feb 25 23:55:41 2018 +1100 +commit c7d39ac8dc3587c5f05bdd5bcd098eb5c201c0c8 +Author: markus@openbsd.org +Date: Mon Jul 9 21:35:50 2018 +0000 - Invert sense of getpgrp test. + upstream: sshd: switch authentication to sshbuf API; ok djm@ - AC_FUNC_GETPGRP tests if getpgrp(0) works, which it does if it's not - declared. Instead, test if the zero-arg version we want to use works. + OpenBSD-Commit-ID: 880aa06bce4b140781e836bb56bec34873290641 -commit b39593a6de5290650a01adf8699c6460570403c2 -Author: Darren Tucker -Date: Sun Feb 25 13:25:15 2018 +1100 +commit c3cb7790e9efb14ba74b2d9f543ad593b3d55b31 +Author: markus@openbsd.org +Date: Mon Jul 9 21:29:36 2018 +0000 - Add no-op getsid implmentation. + upstream: sshd: switch config to sshbuf API; ok djm@ + + OpenBSD-Commit-ID: 72b02017bac7feac48c9dceff8355056bea300bd -commit 11057564eb6ab8fd987de50c3d7f394c6f6632b7 -Author: Darren Tucker -Date: Sun Feb 25 11:22:57 2018 +1100 +commit 2808d18ca47ad3d251836c555f0e22aaca03d15c +Author: markus@openbsd.org +Date: Mon Jul 9 21:26:02 2018 +0000 - bsd-statvfs: include sys/vfs.h, check for f_flags. + upstream: sshd: switch loginmsg to sshbuf API; ok djm@ + + OpenBSD-Commit-ID: f3cb4e54bff15c593602d95cc43e32ee1a4bac42 -commit e9dede06e5bc582a4aeb5b1cd5a7a640d7de3609 -Author: Darren Tucker -Date: Sun Feb 25 10:20:31 2018 +1100 +commit 89dd615b8b531979be63f05f9d5624367c9b28e6 +Author: markus@openbsd.org +Date: Mon Jul 9 21:20:26 2018 +0000 - Handle calloc(0,x) where different from malloc. + upstream: ttymodes: switch to sshbuf API; ok djm@ - Configure assumes that if malloc(0) returns null then calloc(0,n) - also does. On some old platforms (SunOS4) malloc behaves as expected - (as determined by AC_FUNC_MALLOC) but calloc doesn't. Test for this - at configure time and activate the replacement function if found, plus - handle this case in rpl_calloc. + OpenBSD-Commit-ID: 5df340c5965e822c9da21e19579d08dea3cbe429 -commit 2eb4041493fd2635ffdc64a852d02b38c4955e0b -Author: Darren Tucker -Date: Sat Feb 24 21:06:48 2018 +1100 +commit f4608a7065480516ab46214f554e5f853fb7870f +Author: markus@openbsd.org +Date: Mon Jul 9 21:18:10 2018 +0000 - Add prototype for readv if needed. + upstream: client: switch mux to sshbuf API; with & ok djm@ + + OpenBSD-Commit-ID: 5948fb98d704f9c4e075b92edda64e0290b5feb2 -commit 6c8c9a615b6d31db8a87bc25033f053d5b0a831e -Author: Darren Tucker -Date: Sat Feb 24 20:46:37 2018 +1100 +commit cecee2d607099a7bba0a84803e2325d15be4277b +Author: markus@openbsd.org +Date: Mon Jul 9 21:03:30 2018 +0000 - Check for raise and supply if needed. + upstream: client: switch to sshbuf API; ok djm@ + + OpenBSD-Commit-ID: 60cb0356114acc7625ab85105f6f6a7cd44a8d05 -commit a9004425a032d7a7141a5437cfabfd02431e2a74 -Author: Darren Tucker -Date: Sat Feb 24 20:25:22 2018 +1100 +commit ff55f4ad898137d4703e7a2bcc81167dfe8e9324 +Author: markus@openbsd.org +Date: Mon Jul 9 20:39:28 2018 +0000 - Check for bzero and supply if needed. + upstream: pkcs11: switch to sshbuf API; ok djm@ - Since explicit_bzero uses it via an indirect it needs to be a function - not just a macro. + OpenBSD-Commit-ID: 98cc4e800f1617c51caf59a6cb3006f14492db79 -commit 1a348359e4d2876203b5255941bae348557f4f54 -Author: djm@openbsd.org -Date: Fri Feb 23 05:14:05 2018 +0000 +commit 168b46f405d6736960ba7930389eecb9b6710b7e +Author: sf@openbsd.org +Date: Mon Jul 9 13:37:10 2018 +0000 - upstream: Add ssh-keyscan -D option to make it print its results in + upstream: Revert previous two commits - SSHFP format bz#2821, ok dtucker@ + It turns out we still support pre-auth compression on the client. + Therefore revert the previous two commits: - OpenBSD-Commit-ID: 831446b582e0f298ca15c9d99c415c899e392221 + date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE; + Rename COMP_DELAYED to COMP_ZLIB + + Only delayed compression is supported nowadays. + + ok markus@ + + date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP; + Remove leftovers from pre-authentication compression + + Support for this has been removed in 2016. + COMP_DELAYED will be renamed in a later commit. + + ok markus@ + + OpenBSD-Commit-ID: cdfef526357e4e1483c86cf599491b2dafb77772 -commit 3e19fb976a47b44b3d7c4f8355269f7f2c5dd82c -Author: dtucker@openbsd.org -Date: Fri Feb 23 04:18:46 2018 +0000 +commit ab39267fa1243d02b6c330615539fc4b21e17dc4 +Author: sf@openbsd.org +Date: Fri Jul 6 09:06:14 2018 +0000 - upstream: Add missing braces. + upstream: Rename COMP_DELAYED to COMP_ZLIB - Caught by the tinderbox's -Werror=misleading-indentation, ok djm@ + Only delayed compression is supported nowadays. - OpenBSD-Commit-ID: d44656af594c3b2366eb87d6abcef83e1c88a6ca + ok markus@ + + OpenBSD-Commit-ID: 5b1dbaf3d9a4085aaa10fec0b7a4364396561821 -commit b59162da99399d89bd57f71c170c0003c55b1583 -Author: Darren Tucker -Date: Fri Feb 23 15:20:42 2018 +1100 +commit 95db395d2e56a6f868193aead6cadb2493f036c6 +Author: sf@openbsd.org +Date: Fri Jul 6 09:05:01 2018 +0000 - Check for ifaddrs.h for BindInterface. + upstream: Remove leftovers from pre-authentication compression - BindInterface required getifaddr and friends so disable if not available - (eg Solaris 10). We should be able to add support for some systems with - a bit more work but this gets the building again. + Support for this has been removed in 2016. + COMP_DELAYED will be renamed in a later commit. + + ok markus@ + + OpenBSD-Commit-ID: 6a99616c832627157113fcb0cf5a752daf2e6b58 -commit a8dd6fe0aa10b6866830b4688a73ef966f0aed88 -Author: Damien Miller -Date: Fri Feb 23 14:19:11 2018 +1100 +commit f28a4d5cd24c4aa177e96b4f96957991e552cb70 +Author: sf@openbsd.org +Date: Fri Jul 6 09:03:02 2018 +0000 - space before tab in previous + upstream: Remove unused ssh_packet_start_compression() + + ok markus@ + + OpenBSD-Commit-ID: 9d34cf2f59aca5422021ae2857190578187dc2b4 -commit b5e9263c7704247f9624c8f5c458e9181fcdbc09 -Author: dtucker@openbsd.org -Date: Fri Feb 9 03:40:22 2018 +0000 +commit 872517ddbb72deaff31d4760f28f2b0a1c16358f +Author: Darren Tucker +Date: Fri Jul 6 13:32:02 2018 +1000 - upstream: Replace fatal with exit in the case that we do not have - - $SUDO set. Prevents test failures when neither sudo nor doas are configured. + Defer setting bufsiz in getdelim. - OpenBSD-Regress-ID: 6a0464decc4f8ac7d6eded556a032b0fc521bc7b + Do not write to bufsiz until we are sure the malloc has succeeded, + in case any callers rely on it (which they shouldn't). ok djm@ -commit 3e9d3192ad43758ef761c5b0aa3ac5ccf8121ef2 +commit 3deb56f7190a414dc264e21e087a934fa1847283 Author: Darren Tucker -Date: Fri Feb 23 14:10:53 2018 +1100 +Date: Thu Jul 5 13:32:01 2018 +1000 - Use portable syntax for REGRESSTMP. + Fix other callers of read_environment_file. + + read_environment_file recently gained an extra argument Some platform + specific code also calls it so add the argument to those too. Fixes + build on Solaris and AIX. -commit 73282b61187883a2b2bb48e087fdda1d751d6059 +commit 314908f451e6b2d4ccf6212ad246fa4619c721d3 Author: djm@openbsd.org -Date: Fri Feb 23 03:03:00 2018 +0000 +Date: Wed Jul 4 13:51:45 2018 +0000 - upstream: unbreak interop test after SSHv1 purge; patch from Colin + upstream: deal with API rename: match_filter_list() => - Watson via bz#2823 + match_filter_blacklist() - OpenBSD-Regress-ID: 807d30a597756ed6612bdf46dfebca74f49cb31a + OpenBSD-Regress-ID: 2da342be913efeb51806351af906fab01ba4367f -commit f8985dde5f46aedade0373365cbf86ed3f1aead2 -Author: dtucker@openbsd.org -Date: Fri Feb 9 03:42:57 2018 +0000 +commit 89f54cdf6b9cf1cf5528fd33897f1443913ddfb4 +Author: djm@openbsd.org +Date: Wed Jul 4 13:51:12 2018 +0000 - upstream: Skip sftp-chroot test when SUDO not set instead of + upstream: exercise new expansion behaviour of - fatal(). + PubkeyAcceptedKeyTypes and, by proxy, test kex_assemble_names() - OpenBSD-Regress-ID: cd4b5f1109b0dc09af4e5ea7d4968c43fbcbde88 + ok markus@ + + OpenBSD-Regress-ID: 292978902e14d5729aa87e492dd166c842f72736 -commit df88551c02d4e3445c44ff67ba8757cff718609a -Author: dtucker@openbsd.org -Date: Fri Feb 9 03:40:22 2018 +0000 +commit 187633f24c71564e970681c8906df5a6017dcccf +Author: djm@openbsd.org +Date: Tue Jul 3 13:53:26 2018 +0000 - upstream: Replace fatal with exit in the case that we do not have + upstream: add a comment that could have saved me 45 minutes of wild - $SUDO set. Prevents test failures when neither sudo nor doas are configured. + goose chasing - OpenBSD-Regress-ID: 6a0464decc4f8ac7d6eded556a032b0fc521bc7b + OpenBSD-Regress-ID: d469b29ffadd3402c090e21b792d627d46fa5297 -commit 3b252c20b19f093e87363de197f1100b79705dd3 +commit 312d2f2861a2598ed08587cb6c45c0e98a85408f Author: djm@openbsd.org -Date: Thu Feb 8 08:46:20 2018 +0000 +Date: Wed Jul 4 13:49:31 2018 +0000 - upstream: some helpers to check verbose/quiet mode + upstream: repair PubkeyAcceptedKeyTypes (and friends) after RSA - OpenBSD-Regress-ID: e736aac39e563f5360a0935080a71d5fdcb976de + signature work - returns ability to add/remove/specify algorithms by + wildcard. + + Algorithm lists are now fully expanded when the server/client configs + are finalised, so errors are reported early and the config dumps + (e.g. "ssh -G ...") now list the actual algorithms selected. + + Clarify that, while wildcards are accepted in algorithm lists, they + aren't full pattern-lists that support negation. + + (lots of) feedback, ok markus@ + + OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207 -commit ac2e3026bbee1367e4cda34765d1106099be3287 +commit 303af5803bd74bf05d375c04e1a83b40c30b2be5 Author: djm@openbsd.org -Date: Fri Feb 23 02:34:33 2018 +0000 +Date: Tue Jul 3 11:43:49 2018 +0000 - upstream: Add BindInterface ssh_config directive and -B + upstream: some magic for RSA-SHA2 checks - command-line argument to ssh(1) that directs it to bind its outgoing - connection to the address of the specified network interface. + OpenBSD-Regress-ID: e5a9b11368ff6d86e7b25ad10ebe43359b471cd4 + +commit 7d68e262944c1fff1574600fe0e5e92ec8b398f5 +Author: Damien Miller +Date: Tue Jul 3 23:27:11 2018 +1000 + + depend + +commit b4d4eda633af433d20232cbf7e855ceac8b83fe5 +Author: djm@openbsd.org +Date: Tue Jul 3 13:20:25 2018 +0000 + + upstream: some finesse to fix RSA-SHA2 certificate authentication - BindInterface prefers to use addresses that aren't loopback or link- - local, but will fall back to those if no other addresses of the - required family are available on that interface. + for certs hosted in ssh-agent - Based on patch by Mike Manning in bz#2820, ok dtucker@ + OpenBSD-Commit-ID: e5fd5edd726137dda2d020e1cdebc464110a010f + +commit d78b75df4a57e0f92295f24298e5f2930e71c172 +Author: djm@openbsd.org +Date: Tue Jul 3 13:07:58 2018 +0000 + + upstream: check correct variable; unbreak agent keys - OpenBSD-Commit-ID: c5064d285c2851f773dd736a2c342aa384fbf713 + OpenBSD-Commit-ID: c36981fdf1f3ce04966d3310826a3e1e6233d93e -commit fcdb9d777839a3fa034b3bc3067ba8c1f6886679 +commit 2f30300c5e15929d0e34013f38d73e857f445e12 Author: djm@openbsd.org -Date: Mon Feb 19 00:55:02 2018 +0000 +Date: Tue Jul 3 11:42:12 2018 +0000 - upstream: emphasise that the hostkey rotation may send key types + upstream: crank version number to 7.8; needed for new compat flag - that the client may not support, and that the client should simply disregard - such keys (this is what ssh does already). + for prior version; part of RSA-SHA2 strictification, ok markus@ - OpenBSD-Commit-ID: 65f8ffbc32ac8d12be8f913d7c0ea55bef8622bf + OpenBSD-Commit-ID: 84a11fc0efd2674c050712336b5093f5d408e32b -commit ce066f688dc166506c082dac41ca686066e3de5f -Author: Darren Tucker -Date: Thu Feb 22 20:45:09 2018 +1100 +commit 4ba0d54794814ec0de1ec87987d0c3b89379b436 +Author: djm@openbsd.org +Date: Tue Jul 3 11:39:54 2018 +0000 - Add headers for sys/audit.h. + upstream: Improve strictness and control over RSA-SHA2 signature - On some older platforms (at least sunos4, probably others) sys/audit.h - requires some other headers. Patch from klausz at haus-gisela.de. + In ssh, when an agent fails to return a RSA-SHA2 signature when + requested and falls back to RSA-SHA1 instead, retry the signature to + ensure that the public key algorithm sent in the SSH_MSG_USERAUTH + matches the one in the signature itself. + + In sshd, strictly enforce that the public key algorithm sent in the + SSH_MSG_USERAUTH message matches what appears in the signature. + + Make the sshd_config PubkeyAcceptedKeyTypes and + HostbasedAcceptedKeyTypes options control accepted signature algorithms + (previously they selected supported key types). This allows these + options to ban RSA-SHA1 in favour of RSA-SHA2. + + Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and + "rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures + with certificate keys. + + feedback and ok markus@ + + OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde -commit 3fd2d2291a695c96a54269deae079bacce6e3fb9 -Author: Darren Tucker -Date: Mon Feb 19 18:37:40 2018 +1100 +commit 95344c257412b51199ead18d54eaed5bafb75617 +Author: djm@openbsd.org +Date: Tue Jul 3 10:59:35 2018 +0000 - Add REGRESSTMP make var override. + upstream: allow sshd_config PermitUserEnvironment to accept a - Defaults to original location ($srcdir/regress) but allows overriding - if desired, eg a directory in /tmp. + pattern-list of whitelisted environment variable names in addition to yes|no. + + bz#1800, feedback and ok markus@ + + OpenBSD-Commit-ID: 77dc2b468e0bf04b53f333434ba257008a1fdf24 -commit f8338428588f3ecb5243c86336eccaa28809f97e -Author: Darren Tucker -Date: Sun Feb 18 15:53:15 2018 +1100 +commit 6f56fe4b9578b0627667f8bce69d4d938a88324c +Author: millert@openbsd.org +Date: Tue Jun 26 11:23:59 2018 +0000 - Remove now-unused check for getrusage. + upstream: Fix "WARNING: line 6 disappeared in /etc/moduli, giving up" - getrusage was used in ssh-rand-helper but that's now long gone. - Patch from klauszh at haus-gisela.de. + when choosing a prime. An extra increment of linenum snuck in as part of the + conversion to getline(). OK djm@ markus@ + + OpenBSD-Commit-ID: 0019225cb52ed621b71cd9f19ee2e78e57e3dd38 -commit 8570177195f6a4b3173c0a25484a83641ee3faa6 +commit 1eee79a11c1b3594f055b01e387c49c9a6e80005 Author: dtucker@openbsd.org -Date: Fri Feb 16 04:43:11 2018 +0000 +Date: Mon Jul 2 14:13:30 2018 +0000 - upstream: Don't send IUTF8 to servers that don't like them. + upstream: One ampersand is enough to backgroud an process. OpenBSD - Some SSH servers eg "ConfD" drop the connection if the client sends the - new IUTF8 (RFC8160) terminal mode even if it's not set. Add a bug bit - for such servers and avoid sending IUTF8 to them. ok djm@ + doesn't seem to mind, but some platforms in -portable object to the second. - OpenBSD-Commit-ID: 26425855402d870c3c0a90491e72e2a8a342ceda + OpenBSD-Regress-ID: d6c3e404871764343761dc25c3bbe29c2621ff74 -commit f6dc2ba3c9d12be53057b9371f5109ec553a399f +commit 6301e6c787d4e26bfae1119ab4f747bbcaa94e44 Author: Darren Tucker -Date: Fri Feb 16 17:32:28 2018 +1100 +Date: Mon Jul 2 21:16:58 2018 +1000 - freezero should check for NULL. + Add implementation of getline. + + Add getline for the benefit of platforms that don't have it. Sourced + from NetBSD (OpenBSD's implementation is a little too chummy with the + internals of FILE). -commit 680321f3eb46773883111e234b3c262142ff7c5b +commit 84623e0037628f9992839063151f7a9f5f13099a Author: djm@openbsd.org -Date: Fri Feb 16 02:40:45 2018 +0000 +Date: Tue Jun 26 02:02:36 2018 +0000 - upstream: Mention recent DH KEX methods: + upstream: whitespace - diffie-hellman-group14-sha256 - diffie-hellman-group16-sha512 - diffie-hellman-group18-sha512 + OpenBSD-Commit-ID: 9276951caf4daf555f6d262e95720e7f79244572 + +commit 90e51d672711c19a36573be1785caf35019ae7a8 +Author: djm@openbsd.org +Date: Mon Jun 25 22:28:33 2018 +0000 + + upstream: fix NULL dereference in open_listen_match_tcpip() - From Jakub Jelen via bz#2826 + OpenBSD-Commit-ID: c968c1d29e392352383c0f9681fcc1e93620c4a9 + +commit f535ff922a67d9fcc5ee69d060d1b21c8bb01d14 +Author: jmc@openbsd.org +Date: Tue Jun 19 05:36:57 2018 +0000 + + upstream: spelling; - OpenBSD-Commit-ID: 51bf769f06e55447f4bfa7306949e62d2401907a + OpenBSD-Commit-ID: db542918185243bea17202383a581851736553cc -commit 88c50a5ae20902715f0fca306bb9c38514f71679 +commit 80e199d6175904152aafc5c297096c3e18297691 Author: djm@openbsd.org -Date: Fri Feb 16 02:32:40 2018 +0000 +Date: Tue Jun 19 03:02:17 2018 +0000 - upstream: stop loading DSA keys by default, remove sshd_config - - stanza and manpage bits; from Colin Watson via bz#2662, ok dtucker@ + upstream: test PermitListen with bare port numbers - OpenBSD-Commit-ID: d33a849f481684ff655c140f5eb1b4acda8c5c09 + OpenBSD-Regress-ID: 4b50a02dfb0ccaca08247f3877c444126ba901b3 -commit d2b3db2860c962927def39a52f67f1c23f7b201a -Author: jsing@openbsd.org -Date: Wed Feb 14 16:27:24 2018 +0000 +commit 87ddd676da0f3abd08b778b12b53b91b670dc93c +Author: djm@openbsd.org +Date: Tue Jun 19 02:59:41 2018 +0000 - upstream: Ensure that D mod (P-1) and D mod (Q-1) are calculated in + upstream: allow bare port numbers to appear in PermitListen directives, - constant time. + e.g. - This avoids a potential side channel timing leak. + PermitListen 2222 8080 - ok djm@ markus@ + is equivalent to: - OpenBSD-Commit-ID: 71ff3c16be03290e63d8edab8fac053d8a82968c + PermitListen *:2222 *:8080 + + Some bonus manpage improvements, mostly from markus@ + + "looks fine" markus@ + + OpenBSD-Commit-ID: 6546b0cc5aab7f53d65ad0a348ca0ae591d6dd24 -commit 4270efad7048535b4f250f493d70f9acfb201593 -Author: jsing@openbsd.org -Date: Wed Feb 14 16:03:32 2018 +0000 +commit 26f96ca10ad0ec5da9b05b99de1e1ccea15a11be +Author: djm@openbsd.org +Date: Fri Jun 15 07:01:11 2018 +0000 - upstream: Some obvious freezero() conversions. + upstream: invalidate supplemental group cache used by - This also zeros an ed25519_pk when it was not being zeroed previously. + temporarily_use_uid() when the target uid differs; could cause failure to + read authorized_keys under some configurations. patch by Jakub Jelen via + bz2873; ok dtucker, markus - ok djm@ dtucker@ + OpenBSD-Commit-ID: 48a345f0ee90f6c465a078eb5e89566b23abd8a1 + +commit 89a85d724765b6b82e0135ee5a1181fdcccea9c6 +Author: djm@openbsd.org +Date: Sun Jun 10 23:45:41 2018 +0000 + + upstream: unbreak SendEnv; patch from tb@ - OpenBSD-Commit-ID: 5c196a3c85c23ac0bd9b11bcadaedd90b7a2ce82 + OpenBSD-Commit-ID: fc808daced813242563b80976e1478de95940056 -commit affa6ba67ffccc30b85d6e98f36eb5afd9386882 -Author: Darren Tucker -Date: Thu Feb 15 22:32:04 2018 +1100 +commit acf4260f0951f89c64e1ebbc4c92f451768871ad +Author: jmc@openbsd.org +Date: Sat Jun 9 06:36:31 2018 +0000 - Remove execute bit from modpipe.c. + upstream: sort previous; + + OpenBSD-Commit-ID: 27d80d8b8ca99bc33971dee905e8ffd0053ec411 -commit 9879dca438526ae6dfd656fecb26b0558c29c731 -Author: Darren Tucker -Date: Thu Feb 15 22:26:16 2018 +1100 +commit 1678d4236451060b735cb242d2e26e1ac99f0947 +Author: djm@openbsd.org +Date: Sat Jun 9 03:18:11 2018 +0000 - Update prngd link to point to sourceforge. + upstream: slightly better wording re handing of $TERM, from Jakub + + Jelen via bz2386 + + OpenBSD-Commit-ID: 14bea3f069a93c8be66a7b97794255a91fece964 -commit b6973fa5152b1a0bafd2417b7c3ad96f6e87d014 -Author: Darren Tucker -Date: Thu Feb 15 22:22:38 2018 +1100 +commit 28013759f09ed3ebf7e8335e83a62936bd7a7f47 +Author: djm@openbsd.org +Date: Sat Jun 9 03:03:10 2018 +0000 - Remove references to UNICOS. + upstream: add a SetEnv directive for sshd_config to allow an + + administrator to explicitly specify environment variables set in sessions + started by sshd. These override the default environment and any variables set + by user configuration (PermitUserEnvironment, etc), but not the SSH_* + variables set by sshd itself. + + ok markus@ + + OpenBSD-Commit-ID: b6a96c0001ccd7dd211df6cae9e961c20fd718c0 -commit f1ca487940449f0b64f38f1da575078257609966 -Author: Darren Tucker -Date: Thu Feb 15 22:18:37 2018 +1100 +commit 7082bb58a2eb878d23ec674587c742e5e9673c36 +Author: djm@openbsd.org +Date: Sat Jun 9 03:01:12 2018 +0000 - Remove extra newline. + upstream: add a SetEnv directive to ssh_config that allows setting + + environment variables for the remote session (subject to the server accepting + them) + + refactor SendEnv to remove the arbitrary limit of variable names. + + ok markus@ + + OpenBSD-Commit-ID: cfbb00d9b0e10c1ffff1d83424351fd961d1f2be -commit 6d4e980f3cf27f409489cf89cd46c21501b13731 -Author: Darren Tucker -Date: Thu Feb 15 22:16:54 2018 +1100 +commit 3b9798bda15bd3f598f5ef07595d64e23504da91 +Author: djm@openbsd.org +Date: Sat Jun 9 02:58:02 2018 +0000 - OpenSSH's builtin entropy gathering is long gone. + upstream: reorder child environment preparation so that variables + + read from ~/.ssh/environment (if enabled) do not override SSH_* variables set + by the server. + + OpenBSD-Commit-ID: 59f9d4c213cdcef2ef21f4b4ae006594dcf2aa7a -commit 389125b25d1a1d7f22e907463b7e8eca74af79ea -Author: Darren Tucker -Date: Thu Feb 15 21:43:01 2018 +1100 +commit 0368889f82f63c82ff8db9f8c944d89e7c657db4 +Author: djm@openbsd.org +Date: Fri Jun 8 03:35:36 2018 +0000 - Replace remaining mysignal() with signal(). + upstream: fix incorrect expansion of %i in - These seem to have been missed during the replacement of mysignal - with #define signal in commit 5ade9ab. Both include the requisite - headers to pick up the #define. + load_public_identity_files(); reported by Roumen Petrov + + OpenBSD-Commit-ID: a827289e77149b5e0850d72a350c8b0300e7ef25 -commit 265d88d4e61e352de6791733c8b29fa3d7d0c26d -Author: Darren Tucker -Date: Thu Feb 15 20:06:19 2018 +1100 +commit 027607fc2db6a0475a3380f8d95c635482714cb0 +Author: djm@openbsd.org +Date: Fri Jun 8 01:55:40 2018 +0000 - Remove remaining now-obsolete cvs $Ids. + upstream: fix some over-long lines and __func__ up some debug + + messages + + OpenBSD-Commit-ID: c70a60b4c8207d9f242fc2351941ba50916bb267 -commit 015749e9b1d2f6e14733466d19ba72f014d0845c -Author: Darren Tucker -Date: Thu Feb 15 17:01:54 2018 +1100 +commit 6ff6fda705bc204456a5fa12518dde6e8790bb02 +Author: jmc@openbsd.org +Date: Thu Jun 7 11:26:14 2018 +0000 - Regenerate dependencies after UNICOS removal. + upstream: tweak previous; + + OpenBSD-Commit-ID: f98f16af10b28e24bcecb806cb71ea994b648fd6 -commit ddc0f3814881ea279a6b6d4d98e03afc60ae1ed7 +commit f2c06ab8dd90582030991f631a2715216bf45e5a Author: Darren Tucker -Date: Tue Feb 13 09:10:46 2018 +1100 +Date: Fri Jun 8 17:43:36 2018 +1000 - Remove UNICOS support. + Remove ability to override $LD. - The code required to support it is quite invasive to the mainline - code that is synced with upstream and is an ongoing maintenance burden. - Both the hardware and software are literal museum pieces these days and - we could not find anyone still running OpenSSH on one. + Since autoconf always uses $CC to link C programs, allowing users to + override LD caused mismatches between what LD_LINK_IFELSE thought worked + and what ld thought worked. If you do need to do this kind of thing you + need to set a compiler flag such as gcc's -fuse-ld in LDFLAGS. -commit 174bed686968494723e6db881208cc4dac0d020f +commit e1542a80797b4ea40a91d2896efdcc76a57056d2 Author: Darren Tucker -Date: Tue Feb 13 18:12:47 2018 +1100 +Date: Fri Jun 8 13:55:59 2018 +1000 - Retpoline linker flag only needed for linking. + Better detection of unsupported compiler options. + + Should prevent "unsupported -Wl,-z,retpoline" warnings during linking. + ok djm@ -commit 075e258c2cc41e1d7f3ea2d292c5342091728d40 -Author: Darren Tucker -Date: Tue Feb 13 17:36:43 2018 +1100 +commit 57379dbd013ad32ee3f9989bf5f5741065428360 +Author: djm@openbsd.org +Date: Thu Jun 7 14:29:43 2018 +0000 - Default PidFile is sshd.pid not ssh.pid. + upstream: test the correct configuration option name + + OpenBSD-Regress-ID: 492279ea9f65657f97a970e0e7c7fd0b339fee23 -commit 49f3c0ec47730ea264e2bd1e6ece11167d6384df -Author: Darren Tucker -Date: Tue Feb 13 16:27:09 2018 +1100 +commit 6d41815e202fbd6182c79780b6cc90e1ec1c9981 +Author: djm@openbsd.org +Date: Thu Jun 7 09:26:42 2018 +0000 - Remove assigned-to-but-never-used variable. + upstream: some permitlisten fixes from markus@ that I missed in my - 'p' was removed in previous change but I neglected to remove the - otherwise-unused assignment to it. + insomnia-fueled commits last night + + OpenBSD-Commit-ID: 26f23622e928996086e85b1419cc1c0f136e359c -commit b8bbff3b3fc823bf80c5ab226c94f13cb887d5b1 +commit 4319f7a868d86d435fa07112fcb6153895d03a7f Author: djm@openbsd.org -Date: Tue Feb 13 03:36:56 2018 +0000 +Date: Thu Jun 7 04:46:34 2018 +0000 - upstream: remove space before tab + upstream: permitlisten/PermitListen unit test from Markus - OpenBSD-Commit-ID: 674edd214d0a7332dd4623c9cf8117301b012890 + OpenBSD-Regress-ID: ab12eb42f0e14926980441cf7c058a6d1d832ea5 -commit 05046d907c211cb9b4cd21b8eff9e7a46cd6c5ab -Author: dtucker@openbsd.org -Date: Sun Feb 11 21:16:56 2018 +0000 +commit fa09076410ffc2d34d454145af23c790d728921e +Author: djm@openbsd.org +Date: Thu Jun 7 04:31:51 2018 +0000 - upstream Don't reset signal handlers inside handlers. + upstream: fix regression caused by recent permitlisten option commit: - The signal handlers from the original ssh1 code on which OpenSSH - is based assume unreliable signals and reinstall their handlers. - Since OpenBSD (and pretty much every current system) has reliable - signals this is not needed. In the unlikely even that -portable - is still being used on such systems we will deal with it in the - compat layer. ok deraadt@ + authorized_keys lines that contained permitopen/permitlisten were being + treated as invalid. - OpenBSD-Commit-ID: f53a1015cb6908431b92116130d285d71589612c + OpenBSD-Commit-ID: 7ef41d63a5a477b405d142dc925b67d9e7aaa31b -commit 3c51143c639ac686687c7acf9b373b8c08195ffb -Author: Darren Tucker -Date: Tue Feb 13 09:07:29 2018 +1100 +commit 7f90635216851f6cb4bf3999e98b825f85d604f8 +Author: markus@openbsd.org +Date: Wed Jun 6 18:29:18 2018 +0000 - Whitespace sync with upstream. + upstream: switch config file parsing to getline(3) as this avoids + + static limits noted by gerhard@; ok dtucker@, djm@ + + OpenBSD-Commit-ID: 6d702eabef0fa12e5a1d75c334a8c8b325298b5c -commit 19edfd4af746bedf0df17f01953ba8c6d3186eb7 -Author: Darren Tucker -Date: Tue Feb 13 08:25:46 2018 +1100 +commit 392db2bc83215986a91c0b65feb0e40e7619ce7e +Author: djm@openbsd.org +Date: Wed Jun 6 18:25:33 2018 +0000 - Whitespace sync with upstream. + upstream: regress test for PermitOpen + + OpenBSD-Regress-ID: ce8b5f28fc039f09bb297fc4a92319e65982ddaf -commit fbfa6f980d7460b3e12b0ce88ed3b6018edf4711 -Author: Darren Tucker -Date: Sun Feb 11 21:25:11 2018 +1300 +commit 803d896ef30758135e2f438bdd1a0be27989e018 +Author: djm@openbsd.org +Date: Wed Jun 6 18:24:15 2018 +0000 - Move signal compat code into bsd-signal.{c,h} + upstream: man bits for permitlisten authorized_keys option + + OpenBSD-Commit-ID: 86910af8f781a4ac5980fea125442eb25466dd78 -commit 24d2a33bd3bf5170700bfdd8675498aa09a79eab -Author: Darren Tucker -Date: Sun Feb 11 21:20:39 2018 +1300 +commit 04df43208b5b460d7360e1598f876b92a32f5922 +Author: djm@openbsd.org +Date: Wed Jun 6 18:24:00 2018 +0000 - Include headers for linux/if.h. + upstream: man bits for PermitListen - Prevents configure-time "present but cannot be compiled" warning. + OpenBSD-Commit-ID: 35b200cba4e46a16a4db6a80ef11838ab0fad67c -commit bc02181c24fc551aab85eb2cff0f90380928ef43 -Author: Darren Tucker -Date: Sun Feb 11 19:45:47 2018 +1300 +commit 93c06ab6b77514e0447fe4f1d822afcbb2a9be08 +Author: djm@openbsd.org +Date: Wed Jun 6 18:23:32 2018 +0000 - Fix test for -z,retpolineplt linker flag. + upstream: permitlisten option for authorized_keys; ok markus@ + + OpenBSD-Commit-ID: 8650883018d7aa893173d703379e4456a222c672 -commit 3377df00ea3fece5293db85fe63baef33bf5152e +commit 115063a6647007286cc8ca70abfd2a7585f26ccc +Author: djm@openbsd.org +Date: Wed Jun 6 18:22:41 2018 +0000 + + upstream: Add a PermitListen directive to control which server-side + + addresses may be listened on when the client requests remote forwarding (ssh + -R). + + This is the converse of the existing PermitOpen directive and this + includes some refactoring to share much of its implementation. + + feedback and ok markus@ + + OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f + +commit 7703ae5f5d42eb302ded51705166ff6e19c92892 Author: Darren Tucker -Date: Sun Feb 11 09:32:37 2018 +1100 +Date: Wed Jun 6 16:04:29 2018 +1000 - Add checks for Spectre v2 mitigation (retpoline) + Use ssh-keygen -A to generate missing host keys. - This adds checks for gcc and clang flags for mitigations for Spectre - variant 2, ie "retpoline". It'll automatically enabled if the compiler - supports it as part of toolchain hardening flag. ok djm@ + Instead of testing for each specific key type, use ssh-keygen -A to + generate any missing host key types. -commit d9e5cf078ea5380da6df767bb1773802ec557ef0 +commit e8d59fef1098e24f408248dc64e5c8efa5d01f3c +Author: jmc@openbsd.org +Date: Fri Jun 1 06:23:10 2018 +0000 + + upstream: add missing punctuation after %i in ssh_config.5, and + + make the grammatical format in sshd_config.5 match that in ssh_config.5; + + OpenBSD-Commit-ID: e325663b9342f3d556e223e5306e0d5fa1a74fa0 + +commit a1f737d6a99314e291a87856122cb4dbaf64c641 +Author: jmc@openbsd.org +Date: Fri Jun 1 05:52:26 2018 +0000 + + upstream: oops - further adjustment to text neccessary; + + OpenBSD-Commit-ID: 23585576c807743112ab956be0fb3c786bdef025 + +commit 294028493471e0bd0c7ffe55dc0c0a67cba6ec41 +Author: jmc@openbsd.org +Date: Fri Jun 1 05:50:18 2018 +0000 + + upstream: %U needs to be escaped; tweak text; + + OpenBSD-Commit-ID: 30887b73ece257273fb619ab6f4e86dc92ddc15e + +commit e5019da3c5a31e6e729a565f2b886a80c4be96cc +Author: dtucker@openbsd.org +Date: Fri Jun 1 04:31:48 2018 +0000 + + upstream: Apply umask to all incoming files and directories not + + just files. This makes sure it gets applied to directories too, and prevents + a race where files get chmodded after creation. bz#2839, ok djm@ + + OpenBSD-Commit-ID: 3168ee6c7c39093adac4fd71039600cfa296203b + +commit a1dcafc41c376332493b9385ee39f9754dc145ec Author: djm@openbsd.org -Date: Sat Feb 10 09:25:34 2018 +0000 +Date: Fri Jun 1 03:52:37 2018 +0000 - upstream commit + upstream: Adapt to extra default verboisity from ssh-keygen when - constify some private key-related functions; based on - https://github.com/openssh/openssh-portable/pull/56 by Vincent Brillault + searching for and hashing known_hosts entries in a single operation + (ssh-keygen -HF ...) Patch from Anton Kremenetsky - OpenBSD-Commit-ID: dcb94a41834a15f4d00275cb5051616fdc4c988c + OpenBSD-Regress-ID: 519585a4de35c4611285bd6a7272766c229b19dd -commit a7c38215d564bf98e8e9eb40c1079e3adf686f15 +commit 76f314c75dffd4a55839d50ee23622edad52c168 Author: djm@openbsd.org -Date: Sat Feb 10 09:03:54 2018 +0000 +Date: Tue May 22 00:22:49 2018 +0000 - upstream commit + upstream: Add TEST_SSH_FAIL_FATAL variable, to force all failures - Mention ServerAliveTimeout in context of TCPKeepAlives; - prompted by Christoph Anton Mitterer via github + to instantly abort the test. Useful in capturing clean logs for individual + failure cases. - OpenBSD-Commit-ID: f0cf1b5bd3f1fbf41d71c88d75d93afc1c880ca2 + OpenBSD-Regress-ID: feba18cf338c2328b9601bd4093cabdd9baa3af1 -commit 62562ceae61e4f7cf896566592bb840216e71061 +commit 065c8c055df8d83ae7c92e5e524a579d87668aab +Author: dtucker@openbsd.org +Date: Fri May 11 03:51:06 2018 +0000 + + upstream: Clean up comment. + + OpenBSD-Regress-ID: 6adb35f384d447e7dcb9f170d4f0d546d3973e10 + +commit 01b048c8eba3b021701bd0ab26257fc82903cba8 Author: djm@openbsd.org -Date: Sat Feb 10 06:54:38 2018 +0000 +Date: Fri Jun 1 04:21:29 2018 +0000 - upstream commit + upstream: whitespace - clarify IgnoreUserKnownHosts; based on github PR from - Christoph Anton Mitterer. + OpenBSD-Commit-ID: e5edb5e843ddc9b73a8e46518899be41d5709add + +commit 854ae209f992465a276de0b5f10ef770510c2418 +Author: djm@openbsd.org +Date: Fri Jun 1 04:05:29 2018 +0000 + + upstream: make ssh_remote_ipaddr() capable of being called after - OpenBSD-Commit-ID: 4fff2c17620c342fb2f1f9c2d2e679aab3e589c3 + the ssh->state has been torn down; bz#2773 + + OpenBSD-Commit-ID: 167f12523613ca3d16d7716a690e7afa307dc7eb -commit 4f011daa4cada6450fa810f7563b8968639bb562 +commit 3e088aaf236ef35beeef3c9be93fd53700df5861 Author: djm@openbsd.org -Date: Sat Feb 10 06:40:28 2018 +0000 +Date: Fri Jun 1 03:51:34 2018 +0000 - upstream commit + upstream: return correct exit code when searching for and hashing - Shorter, more accurate explanation of - NoHostAuthenticationForLocalhost without the confusing example. Prompted by - Christoph Anton Mitterer via github and bz#2293. + known_hosts entries in a single operation (ssh-keygen -HF hostname); bz2772 + Report and fix from Anton Kremenetsky - OpenBSD-Commit-ID: 19dc96bea25b80d78d416b581fb8506f1e7b76df + OpenBSD-Commit-ID: ac10ca13eb9bb0bc50fcd42ad11c56c317437b58 -commit 77e05394af21d3f5faa0c09ed3855e4505a5cf9f +commit 9c935dd9bf05628826ad2495d3e8bdf3d3271c21 Author: djm@openbsd.org -Date: Sat Feb 10 06:15:12 2018 +0000 +Date: Fri Jun 1 03:33:53 2018 +0000 - upstream commit + upstream: make UID available as a %-expansion everywhere that the - Disable RemoteCommand and RequestTTY in the ssh session - started by scp. sftp is already doing this. From Camden Narzt via github; ok - dtucker + username is available currently. In the client this is via %i, in the server + %U (since %i was already used in the client in some places for this, but used + for something different in the server); bz#2870, ok dtucker@ - OpenBSD-Commit-ID: 59e2611141c0b2ee579c6866e8eb9d7d8217bc6b + OpenBSD-Commit-ID: c7e912b0213713316cb55db194b3a6415b3d4b95 -commit ca613249a00b64b2eea9f52d3834b55c28cf2862 +commit d8748b91d1d6c108c0c260ed41fa55f37b9ef34b Author: djm@openbsd.org -Date: Sat Feb 10 05:48:46 2018 +0000 +Date: Fri Jun 1 03:11:49 2018 +0000 - upstream commit + upstream: prefer argv0 to "ssh" when re-executing ssh for ProxyJump - Refuse to create a certificate with an unusable number of - principals; Prompted by gdestuynder via github + directive; bz2831, feedback and ok dtucker@ - OpenBSD-Commit-ID: 8cfae2451e8f07810e3e2546dfdcce66984cbd29 + OpenBSD-Commit-ID: 3cec709a131499fbb0c1ea8a0a9e0b0915ce769e -commit b56ac069d46b6f800de34e1e935f98d050731d14 +commit fbb4b5fd4f8e0bb89732670a01954e18b69e15ba Author: djm@openbsd.org -Date: Sat Feb 10 05:43:26 2018 +0000 +Date: Fri May 25 07:11:01 2018 +0000 - upstream commit + upstream: Do not ban PTY allocation when a sshd session is restricted - fatal if we're unable to write all the public key; previously - we would silently ignore errors writing the comment and terminating newline. - Prompted by github PR from WillerZ; ok dtucker + because the user password is expired as it breaks password change dialog. - OpenBSD-Commit-ID: 18fbfcfd4e8c6adbc84820039b64d70906e49831 + regression in openssh-7.7 reported by Daniel Wagner + + OpenBSD-Commit-ID: 9fc09c584c6f1964b00595e3abe7f83db4d90d73 -commit cdb10bd431f9f6833475c27e9a82ebb36fdb12db -Author: Darren Tucker -Date: Sat Feb 10 11:18:38 2018 +1100 +commit f6a59a22b0c157c4c4e5fd7232f868138223be64 +Author: djm@openbsd.org +Date: Fri May 25 04:25:46 2018 +0000 - Add changelog entry for binary strip change. + upstream: Fix return value confusion in several functions (readdir, + + download and fsync). These should return -1 on error, not a sftp status code. + + patch from Petr Cerny in bz#2871 + + OpenBSD-Commit-ID: 651aa0220ad23c9167d9297a436162d741f97a09 -commit fbddd91897cfaf456bfc2081f39fb4a2208a0ebf -Author: Darren Tucker -Date: Sat Feb 10 11:14:54 2018 +1100 +commit 1da5934b860ac0378d52d3035b22b6670f6a967e +Author: dtucker@openbsd.org +Date: Fri May 25 03:20:59 2018 +0000 - Remove unused variables. + upstream: If select() fails in ssh_packet_read_seqnr go directly to + + the error path instead of trying to read from the socket on the way out, + which resets errno and causes the true error to be misreported. ok djm@ + + OpenBSD-Commit-ID: 2614edaadbd05a957aa977728aa7a030af7c6f0a -commit 937d96587df99c16c611d828cded292fa474a32b -Author: Darren Tucker -Date: Sat Feb 10 11:12:45 2018 +1100 +commit 4ef75926ef517d539f2c7aac3188b09f315c86a7 +Author: Damien Miller +Date: Fri May 25 13:36:58 2018 +1000 - Don't strip binaries so debuginfo gets built. + Permit getuid()/geteuid() syscalls. - Tell install not to strip binaries during package creation so that the - debuginfo package can be built. + Requested for Linux/s390; patch from Eduardo Barretto via bz#2752; + ok dtucker -commit eb0865f330f59c889ec92696b97bd397090e720c -Author: Darren Tucker -Date: Sat Feb 10 10:33:11 2018 +1100 +commit 4b22fd8ecefd059a66140be67f352eb6145a9d88 +Author: djm@openbsd.org +Date: Tue May 22 00:13:26 2018 +0000 - Fix bogus dates in changelog. + upstream: support ProxyJump=none to disable ProxyJump + + functionality; bz#2869 ok dtucker@ + + OpenBSD-Commit-ID: 1c06ee08eb78451b5837fcfd8cbebc5ff3a67a01 -commit 7fbde1b34c1f6c9ca9e9d10805ba1e5e4538e165 -Author: Darren Tucker -Date: Sat Feb 10 10:25:15 2018 +1100 +commit f41bcd70f55b4f0fc4d8e1039cb361ac922b23fb +Author: jmc@openbsd.org +Date: Tue May 15 05:40:11 2018 +0000 - Remove SSH1 from description. + upstream: correct keyowrd name (permitemptypasswords); from brendan + + macdonell + + OpenBSD-Commit-ID: ef1bdbc936b2ea693ee37a4c20a94d4d43f5fda3 -commit 9c34a76f099c4e0634bf6ecc2f40ce93925402c4 -Author: Darren Tucker -Date: Sat Feb 10 10:19:16 2018 +1100 +commit f18bc97151340127859634d20d79fd39ec8a7f39 +Author: djm@openbsd.org +Date: Fri May 11 04:01:11 2018 +0000 - Add support for compat-openssl10 build dep. + upstream: Emphasise that -w implicitly sets Tunnel=point-to-point + + and that users should specify an explicit Tunnel directive if they don't want + this. bz#2365. + + OpenBSD-Commit-ID: 1a8d9c67ae213ead180481900dbbb3e04864560d -commit 04f4e8193cb5a5a751fcc356bd6656291fec539e -Author: Darren Tucker -Date: Sat Feb 10 09:57:04 2018 +1100 +commit 32e4e94e1511fe0020fbfbb62399d31b2d22a801 +Author: Damien Miller +Date: Mon May 14 14:40:08 2018 +1000 - Add leading zero so it'll work when rhel not set. + sync fmt_scaled.c - When rhel is not set it will error out with "bad if". Add leading zero - as per https://fedoraproject.org/wiki/Packaging:DistTag so it'll work - on non-RHEL. - -commit 12abd67a6af28476550807a443b38def2076bb92 -Author: Darren Tucker -Date: Sat Feb 10 09:56:34 2018 +1100 - - Update openssl-devel dependency. + revision 1.17 + date: 2018/05/14 04:39:04; author: djm; state: Exp; lines: +5 -2; + commitid: 53zY8GjViUBnWo8Z; + constrain fractional part to [0-9] (less confusing to static analysis); ok ian@ -commit b33e7645f8813719d7f9173fef24463c8833ebb3 -Author: nkadel -Date: Sun Nov 16 18:19:58 2014 -0500 +commit 54268d589e85ecc43d3eba8d83f327bdada9d696 +Author: Damien Miller +Date: Fri May 11 14:04:40 2018 +1000 - Add mandir with-mandir' for RHEL 5 compatibility. + fix key-options.sh on platforms without openpty(3) - Activate '--mandir' and '--with-mandir' settings in setup for RHEL - 5 compatibility. - -commit 94f8bf360eb0162e39ddf39d69925c2e93511e40 -Author: nkadel -Date: Sun Nov 16 18:18:51 2014 -0500 - - Discard 'K5DIR' reporting. + Skip the pty tests if the platform lacks openpty(3) and has to chown(2) + the pty device explicitly. This typically requires root permissions that + this test lacks. - It does not work inside 'mock' build environment. - -commit bb7e54dbaf34b70b3e57acf7982f3a2136c94ee5 -Author: nkadel -Date: Sun Nov 16 18:17:15 2014 -0500 - - Add 'dist' to 'rel' for OS specific RPM names. - -commit 87346f1f57f71150a9b8c7029d8c210e27027716 -Author: nkadel -Date: Sun Nov 16 14:17:38 2014 -0500 - - Add openssh-devel >= 0.9.8f for redhat spec file. - -commit bec1478d710866d3c1b119343a35567a8fc71ec3 -Author: nkadel -Date: Sun Nov 16 13:10:24 2014 -0500 - - Enhance BuildRequires for openssh-x11-askpass. + bz#2856 ok dtucker@ -commit 3104fcbdd3c70aefcb0cdc3ee24948907db8dc8f -Author: nkadel -Date: Sun Nov 16 13:04:14 2014 -0500 +commit b2140a739be4c3b43cc1dc08322dca39a1e39d20 +Author: djm@openbsd.org +Date: Fri May 11 03:38:51 2018 +0000 - Always include x11-ssh-askpass SRPM. + upstream: implement EMFILE mitigation for ssh-agent: remember the - Always include x11-ssh-askpass tarball in redhat SRPM, even if unused. - -commit c61d0d038d58eebc365f31830be6e04ce373ad1b -Author: Damien Miller -Date: Sat Feb 10 09:43:12 2018 +1100 - - this is long unused; prompted by dtucker@ + fd rlimit and stop accepting new connections when it is exceeded (with some + grace). Accept is resumed when enough connections are closed. + + bz#2576. feedback deraadt; ok dtucker@ + + OpenBSD-Commit-ID: 6a85d9cec7b85741961e7116a49f8dae777911ea -commit 745771fb788e41bb7cdad34e5555bf82da3af7ed +commit fdba503fdfc647ee8a244002f1581e869c1f3d90 Author: dtucker@openbsd.org -Date: Fri Feb 9 02:37:36 2018 +0000 +Date: Fri May 11 03:22:55 2018 +0000 - upstream commit + upstream: Explicit cast when snprintf'ing an uint64. Prevents - Remove unused sKerberosTgtPassing from enum. From - calestyo via github pull req #11, ok djm@ + warnings on platforms where int64 is long not long long. ok djm@ - OpenBSD-Commit-ID: 1008f8870865a7c4968b7aed402a0a9e3e5b9540 + OpenBSD-Commit-ID: 9c5359e2fbfce11dea2d93f7bc257e84419bd001 -commit 1f385f55332db830b0ae22a7663b98279ca2d657 -Author: dtucker@openbsd.org -Date: Thu Feb 8 04:12:32 2018 +0000 +commit e7751aa4094d51a9bc00778aa8d07e22934c55ee +Author: bluhm@openbsd.org +Date: Thu Apr 26 14:47:03 2018 +0000 - upstream commit + upstream: Since the previous commit, ssh regress test sftp-chroot was - Rename struct umac_ctx to umac128_ctx too. In portable - some linkers complain about two symbols with the same name having differing - sizes. ok djm@ + failing. The sftp program terminated with the wrong exit code as sftp called + fatal() instad of exit(0). So when the sigchld handler waits for the child, + remember that it was found. Then don't expect that main() can wait again. OK + dtucker@ - OpenBSD-Commit-ID: cbebf8bdd3310a9795b4939a1e112cfe24061ca3 + OpenBSD-Commit-ID: bfafd940c0de5297940c71ddf362053db0232266 -commit f1f047fb031c0081dbc8738f05bf5d4cc47acadf -Author: dtucker@openbsd.org -Date: Wed Feb 7 22:52:45 2018 +0000 +commit 7c15301841e2e9d37cae732400de63ae9c0961d6 +Author: Darren Tucker +Date: Sun Apr 29 17:54:12 2018 +1000 - upstream commit + Use includes.h instead of config.h. - ssh_free checks for and handles NULL args, remove NULL - checks from remaining callers. ok djm@ - - OpenBSD-Commit-ID: bb926825c53724c069df68a93a2597f9192f7e7b + This ensures it picks up the definition of DEF_WEAK, the lack of which + can cause compile errors in some cases (eg modern AIX). From + michael at felt.demon.nl. -commit aee49b2a89b6b323c80dd3b431bd486e51f94c8c +commit cec338967a666b7c8ad8b88175f2faeddf268116 Author: Darren Tucker -Date: Thu Feb 8 12:36:22 2018 +1100 +Date: Thu Apr 19 09:53:14 2018 +1000 - Set SO_REUSEADDR in regression test netcat. + Omit 3des-cbc if OpenSSL built without DES. - Sometimes multiplex tests fail on Solaris with "netcat: local_listen: - Address already in use" which is likely due to previous invocations - leaving the port in TIME_WAIT. Set SO_REUSEADDR (in addition to - SO_REUSEPORT which is alread set on platforms that support it). ok djm@ + Patch from hongxu.jia at windriver.com, ok djm@ -commit 1749991c55bab716877b7c687cbfbf19189ac6f1 -Author: jsing@openbsd.org -Date: Wed Feb 7 05:17:56 2018 +0000 +commit a575ddd58835759393d2dddd16ebe5abdb56485e +Author: djm@openbsd.org +Date: Mon Apr 16 22:50:44 2018 +0000 - upstream commit + upstream: Disable SSH2_MSG_DEBUG messages for Twisted Conch clients - Convert some explicit_bzero()/free() calls to freezero(). + without version numbers since they choke on them under some circumstances. + https://twistedmatrix.com/trac/ticket/9422 via Colin Watson - ok deraadt@ dtucker@ + Newer Conch versions have a version number in their ident string and + handle debug messages okay. https://twistedmatrix.com/trac/ticket/9424 - OpenBSD-Commit-ID: f566ab99149650ebe58b1d4b946ea726c3829609 + OpenBSD-Commit-ID: 6cf7be262af0419c58ddae11324d9c0dc1577539 -commit 94ec2b69d403f4318b7a0d9b17f8bc3efbf4d0d2 -Author: jsing@openbsd.org -Date: Wed Feb 7 05:15:49 2018 +0000 +commit 390c7000a8946db565b66eab9e52fb11948711fa +Author: djm@openbsd.org +Date: Sat Apr 14 21:50:41 2018 +0000 - upstream commit - - Remove some #ifdef notyet code from OpenSSL 0.9.8 days. - - These functions have never appeared in OpenSSL and are likely never to do - so. + upstream: don't free the %C expansion, it's used later for - "kill it with fire" djm@ + LocalCommand - OpenBSD-Commit-ID: fee9560e283fd836efc2631ef381658cc673d23e + OpenBSD-Commit-ID: 857b5cb37b2d856bfdfce61289a415257a487fb1 -commit 7cd31632e3a6607170ed0c9ed413a7ded5b9b377 -Author: jsing@openbsd.org -Date: Wed Feb 7 02:06:50 2018 +0000 +commit 3455f1e7c48e2e549192998d330214975b9b1dc7 +Author: djm@openbsd.org +Date: Fri Apr 13 05:04:12 2018 +0000 - upstream commit + upstream: notify user immediately when underlying ssh process dies; - Remove all guards for calls to OpenSSL free functions - - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards. - - Prompted by dtucker@ asking about guards for RSA_free(), when looking at - openssh-portable pr#84 on github. + patch from Thomas Kuthan in bz2719; ok dtucker@ - ok deraadt@ dtucker@ + OpenBSD-Commit-ID: 78fac88c2f08054d1fc5162c43c24162b131cf78 + +commit 1c5b4bc827f4abc3e65888cda061ad5edf1b8c7c +Author: Darren Tucker +Date: Fri Apr 13 16:23:57 2018 +1000 + + Allow nanosleep in preauth privsep child. - OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae + The new timing attack mitigation code uses nanosleep in the preauth + codepath, allow in systrace andbox too. -commit 3c000d57d46882eb736c6563edfc4995915c24a2 +commit 0e73428038d5ecfa5d2a28cff26661502a7aff4e Author: Darren Tucker -Date: Wed Feb 7 09:19:38 2018 +1100 +Date: Fri Apr 13 16:06:29 2018 +1000 - Remove obsolete "Smartcard support" message + Allow nanosleep in preauth privsep child. - The configure checks that populated $SCARD_MSG were removed in commits - 7ea845e4 and d8f60022 when the smartcard support was replaced with - PKCS#11. + The new timing attack mitigation code uses nanosleep in the preauth + codepath, allow in sandbox. -commit 3e615090de0ce36a833d811e01c28aec531247c4 +commit e9d910b0289c820852f7afa67f584cef1c05fe95 Author: dtucker@openbsd.org -Date: Tue Feb 6 06:01:54 2018 +0000 +Date: Fri Apr 13 03:57:26 2018 +0000 - upstream commit + upstream: Defend against user enumeration timing attacks. This - Replace "trojan horse" with the correct term (MITM). - From maikel at predikkta.com via bz#2822, ok markus@ + establishes a minimum time for each failed authentication attempt (5ms) and + adds a per-user constant derived from a host secret (0-4ms). Based on work + by joona.kannisto at tut.fi, ok markus@ djm@. - OpenBSD-Commit-ID: e86ac64c512057c89edfadb43302ac0aa81a6c53 + OpenBSD-Commit-ID: b7845b355bb7381703339c8fb0e57e81a20ae5ca -commit 3484380110d437c50e17f87d18544286328c75cb -Author: tb@openbsd.org -Date: Mon Feb 5 05:37:46 2018 +0000 +commit d97874cbd909eb706886cd0cdd418f812c119ef9 +Author: Darren Tucker +Date: Fri Apr 13 13:43:55 2018 +1000 - upstream commit - - Add a couple of non-negativity checks to avoid close(-1). + Using "==" in shell tests is not portable. - ok djm + Patch from rsbecker at nexbridge.com. + +commit cfb1d9bc76734681e3dea532a1504fcd466fbe91 +Author: Damien Miller +Date: Fri Apr 13 13:38:06 2018 +1000 + + Fix tunnel forwarding broken in 7.7p1 - OpenBSD-Commit-ID: 4701ce0b37161c891c838d0931305f1d37a50880 + bz2855, ok dtucker@ -commit 5069320be93c8b2a6584b9f944c86f60c2b04e48 -Author: tb@openbsd.org -Date: Mon Feb 5 05:36:49 2018 +0000 +commit afa6e79b76fb52a0c09a29688b5c0d125eb08302 +Author: Damien Miller +Date: Fri Apr 13 13:31:42 2018 +1000 - upstream commit + prefer to use getrandom() for PRNG seeding - The file descriptors for socket, stdin, stdout and stderr - aren't necessarily distinct, so check if they are the same to avoid closing - the same fd several times. + Only applies when built --without-openssl. Thanks Jann Horn for + reminder. + +commit 575fac34a97f69bc217b235f81de9f8f433eceed +Author: Darren Tucker +Date: Fri Apr 13 13:13:33 2018 +1000 + + Revert $REGRESSTMP changes. - ok djm + Revert 3fd2d229 and subsequent changes as they turned out to be a + portability hassle. + +commit 10479cc2a4acd6faaf643eb305233b49d70c31c1 +Author: Damien Miller +Date: Tue Apr 10 10:19:02 2018 +1000 + + Many typo fixes from Karsten Weiss - OpenBSD-Commit-ID: 60d71fd22e9a32f5639d4ba6e25a2f417fc36ac1 + Spotted using https://github.com/lucasdemarchi/codespell -commit 2b428f90ea1b21d7a7c68ec1ee334253b3f9324d +commit 907da2f88519b34189fd03fac96de0c52d448233 Author: djm@openbsd.org -Date: Mon Feb 5 04:02:53 2018 +0000 +Date: Tue Apr 10 00:14:10 2018 +0000 - upstream commit - - I accidentially a word + upstream: more typos spotted by Karsten Weiss using codespell - OpenBSD-Commit-ID: 4547ee713fa941da861e83ae7a3e6432f915e14a + OpenBSD-Regress-ID: d906a2aea0663810a658b7d0bc61a1d2907d4d69 -commit 130283d5c2545ff017c2162dc1258c5354e29399 +commit 37e5f4a7ab9a8026e5fc2f47dafb0f1b123d39e9 Author: djm@openbsd.org -Date: Thu Jan 25 03:34:43 2018 +0000 +Date: Tue Apr 10 00:13:27 2018 +0000 - upstream commit - - certificate options are case-sensitive; fix case on one - that had it wrong. - - move a badly-place sentence to a less bad place + upstream: make this a bit more portable-friendly - OpenBSD-Commit-ID: 231e516bba860699a1eece6d48532d825f5f747b + OpenBSD-Regress-ID: 62f7b9e055e8dfaab92b3825f158beeb4ca3f963 -commit 89f09ee68730337015bf0c3f138504494a34e9a6 -Author: Damien Miller -Date: Wed Jan 24 12:20:44 2018 +1100 +commit 001aa55484852370488786bd40e9fdad4b465811 +Author: djm@openbsd.org +Date: Tue Apr 10 00:10:49 2018 +0000 - crypto_api.h needs includes.h + upstream: lots of typos in comments/docs. Patch from Karsten Weiss + + after checking with codespell tool + (https://github.com/lucasdemarchi/codespell) + + OpenBSD-Commit-ID: 373222f12d7ab606598a2d36840c60be93568528 -commit c9c1bba06ad1c7cad8548549a68c071bd807af60 -Author: stsp@openbsd.org -Date: Tue Jan 23 20:00:58 2018 +0000 +commit 260ede2787fe80b18b8d5920455b4fb268519c7d +Author: djm@openbsd.org +Date: Mon Apr 9 23:54:49 2018 +0000 - upstream commit + upstream: don't kill ssh-agent's listening socket entriely if we - Fix a logic bug in sshd_exchange_identification which - prevented clients using major protocol version 2 from connecting to the - server. ok millert@ + fail to accept a connection; bz#2837, patch from Lukas Kuster - OpenBSD-Commit-ID: 8668dec04586e27f1c0eb039ef1feb93d80a5ee9 + OpenBSD-Commit-ID: 52413f5069179bebf30d38f524afe1a2133c738f -commit a60c5dcfa2538ffc94dc5b5adb3db5b6ed905bdb -Author: stsp@openbsd.org -Date: Tue Jan 23 18:33:49 2018 +0000 +commit ebc8b4656f9b0f834a642a9fb3c9fbca86a61838 +Author: tj@openbsd.org +Date: Mon Apr 9 20:41:22 2018 +0000 - upstream commit + upstream: the UseLogin option was removed, so remove it here too. - Add missing braces; fixes 'write: Socket is not - connected' error in ssh. ok deraadt@ + ok dtucker - OpenBSD-Commit-ID: db73a3a9e147722d410866cac34d43ed52e1ad24 + OpenBSD-Commit-ID: 7080be73a64d68e21f22f5408a67a0ba8b1b6b06 -commit 20d53ac283e1c60245ea464bdedd015ed9b38f4a -Author: Damien Miller -Date: Tue Jan 23 16:49:43 2018 +1100 +commit 3e36f281851fc8e9c996b33f108b2ae167314fbe +Author: jmc@openbsd.org +Date: Sun Apr 8 07:36:02 2018 +0000 - rebuild depends + upstream: tweak previous; + + OpenBSD-Commit-ID: 2b9c23022ea7b9dddb62864de4e906000f9d7474 -commit 552ea155be44f9c439c1f9f0c38f9e593428f838 -Author: Damien Miller -Date: Tue Jan 23 16:49:22 2018 +1100 +commit 8368571efd6693c5c57f850e23a2372acf3f865f +Author: jmc@openbsd.org +Date: Sat Apr 7 13:50:10 2018 +0000 - one SSH_BUG_BANNER instance that got away + upstream: tweak previous; + + OpenBSD-Commit-ID: 38e347b6f8e888f5e0700d01abb1eba7caa154f9 -commit 14b5c635d1190633b23ac3372379517fb645b0c2 +commit 555294a7279914ae6795b71bedf4e6011b7636df Author: djm@openbsd.org -Date: Tue Jan 23 05:27:21 2018 +0000 +Date: Fri Apr 6 13:02:39 2018 +0000 - upstream commit + upstream: Allow "SendEnv -PATTERN" to clear environment variables - Drop compatibility hacks for some ancient SSH - implementations, including ssh.com <=2.* and OpenSSH <= 3.*. - - These versions were all released in or before 2001 and predate the - final SSH RFCs. The hacks in question aren't necessary for RFC- - compliant SSH implementations. - - ok markus@ + previously labeled for sendind. bz#1285 ok dtucker@ - OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138 + OpenBSD-Commit-ID: f6fec9e3d0f366f15903094fbe1754cb359a0df9 -commit 7c77991f5de5d8475cbeb7cbb06d0c7d1611d7bb +commit 40f5f03544a07ebd2003b443d42e85cb51d94d59 Author: djm@openbsd.org -Date: Tue Jan 23 05:17:04 2018 +0000 +Date: Fri Apr 6 04:15:45 2018 +0000 - upstream commit + upstream: relax checking of authorized_keys environment="..." - try harder to preserve errno during - ssh_connect_direct() to make the final error message possibly accurate; - bz#2814, ok dtucker@ + options to allow underscores in variable names (regression introduced in + 7.7). bz2851, ok deraadt@ - OpenBSD-Commit-ID: 57de882cb47381c319b04499fef845dd0c2b46ca + OpenBSD-Commit-ID: 69690ffe0c97ff393f2c76d25b4b3d2ed4e4ac9c -commit 9e9c4a7e57b96ab29fe6d7545ed09d2e5bddbdec +commit 30fd7f9af0f553aaa2eeda5a1f53f26cfc222b5e Author: djm@openbsd.org -Date: Tue Jan 23 05:12:12 2018 +0000 +Date: Fri Apr 6 03:51:27 2018 +0000 - upstream commit + upstream: add a couple of missed options to the config dump; patch - unbreak support for clients that advertise a protocol - version of "1.99" (indicating both v2 and v1 support). Busted by me during - SSHv1 purge in r1.358; bz2810, ok dtucker + from Jakub Jelen via bz2835 - OpenBSD-Commit-ID: e8f9c2bee11afc16c872bb79d6abe9c555bd0e4b + OpenBSD-Commit-ID: 5970adadf6ef206bee0dddfc75d24c2019861446 -commit fc21ea97968264ad9bb86b13fedaaec8fd3bf97d +commit 8d6829be324452d2acd282d5f8ceb0adaa89a4de Author: djm@openbsd.org -Date: Tue Jan 23 05:06:25 2018 +0000 +Date: Fri Apr 6 03:34:27 2018 +0000 - upstream commit + upstream: ssh does not accept -oInclude=... on the commandline, the - don't attempt to force hostnames that are addresses to - lowercase, but instead canonicalise them through getnameinfo/getaddrinfo to - remove ambiguities (e.g. ::0001 => ::1) before they are matched against - known_hosts; bz#2763, ok dtucker@ + Include keyword is for configuration files only. bz#2840, patch from Jakub + Jelen - OpenBSD-Commit-ID: ba0863ff087e61e5c65efdbe53be3cb92c9aefa0 + OpenBSD-Commit-ID: 32d052b4a7a7f22df35fe3f71c368c02b02cacb0 -commit d6364f6fb1a3d753d7ca9bf15b2adce961324513 +commit 00c5222ddc0c8edcaa4ea45ac03befdc8013d137 Author: djm@openbsd.org -Date: Tue Jan 23 05:01:15 2018 +0000 +Date: Thu Apr 5 22:54:28 2018 +0000 - upstream commit + upstream: We don't offer CBC cipher by default any more. Spotted by - avoid modifying pw->pw_passwd; let endpwent() clean up - for us, but keep a scrubbed copy; bz2777, ok dtucker@ + Renaud Allard (via otto@) - OpenBSD-Commit-ID: 715afc0f59c6b82c4929a73279199ed241ce0752 + OpenBSD-Commit-ID: a559b1eef741557dd959ae378b665a2977d92dca -commit a69bbb07cd6fb4dfb9bdcacd370ab26d0a2b4215 -Author: naddy@openbsd.org -Date: Sat Jan 13 00:24:09 2018 +0000 +commit 5ee8448ad7c306f05a9f56769f95336a8269f379 +Author: job@openbsd.org +Date: Wed Apr 4 15:12:17 2018 +0000 - upstream commit + upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP AF21 for - clarify authorship; prodded by and ok markus@ + interactive and CS1 for bulk - OpenBSD-Commit-ID: e1938eee58c89b064befdabe232835fa83bb378c - -commit 04214b30be3d3e73a01584db4e040d5ccbaaddd4 -Author: markus@openbsd.org -Date: Mon Jan 8 15:37:21 2018 +0000 - - upstream commit + AF21 was selected as this is the highest priority within the low-latency + service class (and it is higher than what we have today). SSH is elastic + and time-sensitive data, where a user is waiting for a response via the + network in order to continue with a task at hand. As such, these flows + should be considered foreground traffic, with delays or drops to such + traffic directly impacting user-productivity. - group shared source files (e.g. SRCS_KEX) and allow - compilation w/o OPENSSL ok djm@ + For bulk SSH traffic, the CS1 "Lower Effort" marker was chosen to enable + networks implementing a scavanger/lower-than-best effort class to + discriminate scp(1) below normal activities, such as web surfing. In + general this type of bulk SSH traffic is a background activity. - OpenBSD-Commit-ID: fa728823ba21c4b45212750e1d3a4b2086fd1a62 - -commit 25cf9105b849932fc3b141590c009e704f2eeba6 -Author: markus@openbsd.org -Date: Mon Jan 8 15:21:49 2018 +0000 - - upstream commit + An advantage of using "AF21" for interactive SSH and "CS1" for bulk SSH + is that they are recognisable values on all common platforms (IANA + https://www.iana.org/assignments/dscp-registry/dscp-registry.xml), and + for AF21 specifically a definition of the intended behavior exists + https://tools.ietf.org/html/rfc4594#section-4.7 in addition to the definition + of the Assured Forwarding PHB group https://tools.ietf.org/html/rfc2597, and + for CS1 (Lower Effort) there is https://tools.ietf.org/html/rfc3662 - move subprocess() so scp/sftp do not need uidswap.o; ok - djm@ + The first three bits of "AF21" map to the equivalent IEEEE 802.1D PCP, IEEE + 802.11e, MPLS EXP/CoS and IP Precedence value of 2 (also known as "Immediate", + or "AC_BE"), and CS1's first 3 bits map to IEEEE 802.1D PCP, IEEE 802.11e, + MPLS/CoS and IP Precedence value 1 ("Background" or "AC_BK"). - OpenBSD-Commit-ID: 6601b8360388542c2e5fef0f4085f8e54750bea8 + OK deraadt@, "no objection" djm@ + + OpenBSD-Commit-ID: d11d2a4484f461524ef0c20870523dfcdeb52181 -commit b0d34132b3ca26fe94013f01d7b92101e70b68bb -Author: markus@openbsd.org -Date: Mon Jan 8 15:18:46 2018 +0000 +commit 424b544fbda963f973da80f884717c3e0a513288 +Author: dtucker@openbsd.org +Date: Tue Apr 3 02:14:08 2018 +0000 - upstream commit - - switch ssh-pkcs11-helper to new API; ok djm@ + upstream: Import regenerated moduli file. - OpenBSD-Commit-ID: e0c0ed2a568e25b1d2024f3e630f3fea837c2a42 + OpenBSD-Commit-ID: 1de0e85522051eb2ffa00437e1885e9d7b3e0c2e -commit ec4a9831184c0c6ed5f7f0cfff01ede5455465a3 -Author: markus@openbsd.org -Date: Mon Jan 8 15:15:36 2018 +0000 +commit 323f66ce934df2da551f256f37d69822428e1ca1 +Author: dtucker@openbsd.org +Date: Fri Apr 6 04:18:35 2018 +0000 - upstream commit + upstream: Add test for username options parsing order, prompted by - split client/server kex; only ssh-keygen needs - uuencode.o; only scp/sftp use progressmeter.o; ok djm@ + bz#2849. - OpenBSD-Commit-ID: f2c9feb26963615c4fece921906cf72e248b61ee + OpenBSD-Regress-ID: 6985cd32f38596882a3ac172ff8c510693b65283 -commit ec77efeea06ac62ee1d76fe0b3225f3000775a9e -Author: markus@openbsd.org -Date: Mon Jan 8 15:15:17 2018 +0000 +commit e8f474554e3bda102a797a2fbab0594ccc66f097 +Author: Damien Miller +Date: Fri Apr 6 14:11:44 2018 +1000 - upstream commit - - only ssh-keygen needs uuencode.o; only scp/sftp use - progressmeter.o + Expose SSH_AUTH_INFO_0 to PAM auth modules - OpenBSD-Commit-ID: a337e886a49f96701ccbc4832bed086a68abfa85 + bz#2408, patch from Radoslaw Ejsmont; ok dtucker@ -commit 25aae35d3d6ee86a8c4c0b1896acafc1eab30172 -Author: markus@openbsd.org -Date: Mon Jan 8 15:14:44 2018 +0000 +commit 014ba209cf4c6a159baa30ecebbaddfa97da7100 +Author: Darren Tucker +Date: Tue Apr 3 12:18:00 2018 +1000 - upstream commit - - uuencode.h is not used - - OpenBSD-Commit-ID: 238eb4659f3c119904326b9e94a5e507a912796c + Import regenerated moduli file. -commit 4f29309c4cb19bcb1774931db84cacc414f17d29 +commit a0349a1cc4a18967ad1dbff5389bcdf9da098814 Author: Damien Miller -Date: Wed Jan 3 19:50:43 2018 +1100 +Date: Mon Apr 2 15:38:28 2018 +1000 - unbreak fuzz harness + update versions in .spec files -commit f6b50bf84dc0b61f22c887c00423e0ea7644e844 -Author: djm@openbsd.org -Date: Thu Dec 21 05:46:35 2017 +0000 +commit 816ad38f79792f5617e3913be306ddb27e91091c +Author: Damien Miller +Date: Mon Apr 2 15:38:20 2018 +1000 - upstream commit - - another libssh casualty + update version number + +commit 2c71ca1dd1efe458cb7dee3f8a1a566f913182c2 +Author: Darren Tucker +Date: Fri Mar 30 18:23:07 2018 +1100 + + Disable native strndup and strnlen on AIX. - OpenBSD-Regress-ID: 839b970560246de23e7c50215095fb527a5a83ec + On at least some revisions of AIX, strndup returns unterminated strings + under some conditions, apparently because strnlen returns incorrect + values in those cases. Disable both on AIX and use the replacements + from openbsd-compat. Fixes problem with ECDSA keys there, ok djm. -commit 5fb4fb5a0158318fb8ed7dbb32f3869bbf221f13 -Author: djm@openbsd.org -Date: Thu Dec 21 03:01:49 2017 +0000 +commit 6b5a17bc14e896e3904dc58d889b58934cfacd24 +Author: Darren Tucker +Date: Mon Mar 26 13:12:44 2018 +1100 - upstream commit + Include ssh_api.h for struct ssh. - missed one (unbreak after ssh/lib removal) + struct ssh is needed by implementations of sys_auth_passwd() that were + converted in commit bba02a50. Needed to fix build on AIX, I assume for + the other platforms too (although it should be harmless if not needed). + +commit bc3f80e4d191b8e48650045dfa8a682cd3aabd4d +Author: Darren Tucker +Date: Mon Mar 26 12:58:09 2018 +1100 + + Remove UNICOS code missed during removal. - OpenBSD-Regress-ID: cfdd132143131769e2d2455e7892b5d55854c322 + Fixes compile error on AIX. -commit e6c4134165d05447009437a96e7201276688807f -Author: djm@openbsd.org -Date: Thu Dec 21 00:41:22 2017 +0000 +commit 9d57762c24882e2f000a21a0ffc8c5908a1fa738 +Author: markus@openbsd.org +Date: Sat Mar 24 19:29:03 2018 +0000 - upstream commit + upstream: openssh-7.7 - unbreak unit tests after removal of src/usr.bin/ssh/lib + OpenBSD-Commit-ID: 274e614352460b9802c905f38fb5ea7ed5db3d41 + +commit 4b7d8acdbbceef247dc035e611e577174ed8a87e +Author: Damien Miller +Date: Mon Mar 26 09:37:02 2018 +1100 + + Remove authinfo.sh test dependency on printenv - OpenBSD-Regress-ID: 3a79760494147b20761cbd2bd5c20e86c63dc8f9 + Some platforms lack printenv in the default $PATH. + Reported by Tom G. Christensen -commit d45d69f2a937cea215c7f0424e5a4677b6d8c7fe -Author: djm@openbsd.org -Date: Thu Dec 21 00:00:28 2017 +0000 +commit 4afeaf3dcb7dc70efd98fcfcb0ed28a6b40b820e +Author: Tim Rice +Date: Sun Mar 25 10:00:21 2018 -0700 - upstream commit + Use libiaf on all sysv5 systems + +commit bba02a5094b3db228ceac41cb4bfca165d0735f3 +Author: Tim Rice +Date: Sun Mar 25 09:17:33 2018 -0700 + + modified: auth-sia.c + modified: openbsd-compat/port-aix.c + modified: openbsd-compat/port-uw.c - revert stricter key type / signature type checking in - userauth path; too much software generates inconsistent messages, so we need - a better plan. + propogate changes to auth-passwd.c in commit + 7c856857607112a3dfe6414696bf4c7ab7fb0cb3 to other providers + of sys_auth_passwd() + +commit d7a7a39168bdfe273587bf85d779d60569100a3f +Author: markus@openbsd.org +Date: Sat Mar 24 19:29:03 2018 +0000 + + upstream: openssh-7.7 - OpenBSD-Commit-ID: 4a44ddc991c803c4ecc8f1ad40e0ab4d22e1c519 + OpenBSD-Commit-ID: 274e614352460b9802c905f38fb5ea7ed5db3d41 -commit c5a6cbdb79752f7e761074abdb487953ea6db671 -Author: djm@openbsd.org -Date: Tue Dec 19 00:49:30 2017 +0000 +commit 9efcaaac314c611c6c0326e8bac5b486c424bbd2 +Author: markus@openbsd.org +Date: Sat Mar 24 19:28:43 2018 +0000 - upstream commit + upstream: fix bogus warning when signing cert keys using agent; - explicitly test all key types and their certificate - counterparts + from djm; ok deraadt dtucker - refactor a little + OpenBSD-Commit-ID: 12e50836ba2040042383a8b71e12d7ea06e9633d + +commit 393436024d2e4b4c7a01f9cfa5854e7437896d11 +Author: Darren Tucker +Date: Sun Mar 25 09:40:46 2018 +1100 + + Replace /dev/stdin with "-". - OpenBSD-Regress-ID: e9ecd5580821b9ef8b7106919c6980d8e45ca8c4 + For some reason sftp -b doesn't work with /dev/stdin on Cygwin, as noted + and suggested by vinschen at redhat.com. -commit f689adb7a370b5572612d88be9837ca9aea75447 +commit b5974de1a1d419e316ffb6524b1b277dda2f3b49 +Author: Darren Tucker +Date: Fri Mar 23 13:21:14 2018 +1100 + + Provide $OBJ to paths in PuTTY interop tests. + +commit dc31e79454e9b9140b33ad380565fdb59b9c4f33 Author: dtucker@openbsd.org -Date: Mon Dec 11 11:41:56 2017 +0000 +Date: Fri Mar 16 09:06:31 2018 +0000 - upstream commit + upstream: Tell puttygen to use /dev/urandom instead of /dev/random. On - use cmp in a loop instead of diff -N to compare - directories. The former works on more platforms for Portable. + OpenBSD they are both non-blocking, but on many other -portable platforms it + blocks, stalling tests. - OpenBSD-Regress-ID: c3aa72807f9c488e8829a26ae50fe5bcc5b57099 + OpenBSD-Regress-ID: 397d0d4c719c353f24d79f5b14775e0cfdf0e1cc -commit 748dd8e5de332b24c40f4b3bbedb902acb048c98 -Author: Damien Miller -Date: Tue Dec 19 16:17:59 2017 +1100 +commit cb1f94431ef319cd48618b8b771b58739a8210cf +Author: markus@openbsd.org +Date: Thu Mar 22 07:06:11 2018 +0000 - remove blocks.c from Makefile + upstream: ssh/xmss: fix build; ok djm@ + + OpenBSD-Commit-ID: c9374ca41d4497f1c673ab681cc33f6e7c5dd186 -commit 278856320520e851063b06cef6ef1c60d4c5d652 -Author: djm@openbsd.org -Date: Tue Dec 19 00:24:34 2017 +0000 +commit 27979da9e4074322611355598f69175b9ff10d39 +Author: markus@openbsd.org +Date: Thu Mar 22 07:05:48 2018 +0000 - upstream commit + upstream: ssh/xmss: fix deserialize for certs; ok djm@ - include signature type and CA key (if applicable) in some - debug messages + OpenBSD-Commit-ID: f44c41636c16ec83502039828beaf521c057dddc + +commit c6cb2565c9285eb54fa9dfbb3890f5464aff410f +Author: Darren Tucker +Date: Thu Mar 22 17:00:28 2018 +1100 + + Save $? before case statement. - OpenBSD-Commit-ID: b71615cc20e78cec7105bb6e940c03ce9ae414a5 + In some shells (FreeBSD 9, ash) the case statement resets $?, so save + for later testing. -commit 7860731ef190b52119fa480f8064ab03c44a120a +commit 4c4e7f783b43b264c247233acb887ee10ed4ce4d Author: djm@openbsd.org -Date: Mon Dec 18 23:16:23 2017 +0000 +Date: Wed Mar 14 05:35:40 2018 +0000 - upstream commit + upstream: rename recently-added "valid-before" key restriction to - unbreak hostkey rotation; attempting to sign with a - desired signature algorithm of kex->hostkey_alg is incorrect when the key - type isn't capable of making those signatures. ok markus@ + "expiry-time" as the former is confusing wrt similar terminology in X.509; + pointed out by jsing@ - OpenBSD-Commit-ID: 35ae46864e1f5859831ec0d115ee5ea50953a906 + OpenBSD-Regress-ID: ac8b41dbfd90cffd525d58350c327195b0937793 -commit 966ef478339ad5e631fb684d2a8effe846ce3fd4 +commit 500396b204c58e78ad9d081516a365a9f28dc3fd Author: djm@openbsd.org -Date: Mon Dec 18 23:14:34 2017 +0000 +Date: Mon Mar 12 00:56:03 2018 +0000 - upstream commit - - log mismatched RSA signature types; ok markus@ + upstream: check valid-before option in authorized_keys - OpenBSD-Commit-ID: 381bddfcc1e297a42292222f3bcb5ac2b7ea2418 + OpenBSD-Regress-ID: 7e1e4a84f7f099a290e5a4cbf4196f90ff2d7e11 -commit 349ecd4da3a985359694a74635748009be6baca6 +commit a76b5d26c2a51d7dd7a5164e683ab3f4419be215 Author: djm@openbsd.org -Date: Mon Dec 18 23:13:42 2017 +0000 +Date: Mon Mar 12 00:54:04 2018 +0000 - upstream commit - - pass kex->hostkey_alg and kex->hostkey_nid from pre-auth - to post-auth unpriviledged child processes; ok markus@ + upstream: explicitly specify RSA/SHA-2 keytype here too - OpenBSD-Commit-ID: 4a35bc7af0a5f8a232d1361f79f4ebc376137302 + OpenBSD-Regress-ID: 74d7b24e8c72c27af6b481198344eb077e993a62 -commit c9e37a8725c083441dd34a8a53768aa45c3c53fe -Author: millert@openbsd.org -Date: Mon Dec 18 17:28:54 2017 +0000 - - upstream commit - - Add helper function for uri handing in scp where a - missing path simply means ".". Also fix exit code and add warnings when an - invalid uri is encountered. OK otto@ - - OpenBSD-Commit-ID: 47dcf872380586dabf7fcc6e7baf5f8ad508ae1a - -commit 04c7e28f83062dc42f2380d1bb3a6bf0190852c0 +commit 3a43297ce29d37c64e37c7e21282cb219e28d3d1 Author: djm@openbsd.org -Date: Mon Dec 18 02:25:15 2017 +0000 +Date: Mon Mar 12 00:52:57 2018 +0000 - upstream commit + upstream: exlicitly include RSA/SHA-2 keytypes in - pass negotiated signing algorithm though to - sshkey_verify() and check that the negotiated algorithm matches the type in - the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@ + PubkeyAcceptedKeyTypes here - OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9 + OpenBSD-Regress-ID: 954d19e0032a74e31697fb1dc7e7d3d1b2d65fe9 -commit 931c78dfd7fe30669681a59e536bbe66535f3ee9 -Author: djm@openbsd.org -Date: Mon Dec 18 02:22:29 2017 +0000 +commit 037fdc1dc2d68e1d43f9c9e2586c02cabc8f7cc8 +Author: jmc@openbsd.org +Date: Wed Mar 14 06:56:20 2018 +0000 - upstream commit - - sshkey_sigtype() function to return the type of a - signature; ok markus@ + upstream: sort expiry-time; - OpenBSD-Commit-ID: d3772b065ad6eed97285589bfb544befed9032e8 + OpenBSD-Commit-ID: 8c7d82ee1e63e26ceb2b3d3a16514019f984f6bf -commit 4cdc5956f2fcc9e9078938db833142dc07d8f523 -Author: naddy@openbsd.org -Date: Thu Dec 14 21:07:39 2017 +0000 +commit abc0fa38c9bc136871f28e452c3465c3051fc785 +Author: djm@openbsd.org +Date: Wed Mar 14 05:35:40 2018 +0000 - upstream commit + upstream: rename recently-added "valid-before" key restriction to - Replace ED25519's private SHA-512 implementation with a - call to the regular digest code. This speeds up compilation considerably. ok - markus@ + "expiry-time" as the former is confusing wrt similar terminology in X.509; + pointed out by jsing@ - OpenBSD-Commit-ID: fcce8c3bcfe7389462a28228f63c823e80ade41c + OpenBSD-Commit-ID: 376939466a1f562f3950a22314bc6505733aaae6 -commit 012e5cb839faf76549e3b6101b192fe1a74d367e -Author: naddy@openbsd.org -Date: Tue Dec 12 15:06:12 2017 +0000 +commit bf0fbf2b11a44f06a64b620af7d01ff171c28e13 +Author: djm@openbsd.org +Date: Mon Mar 12 00:52:01 2018 +0000 - upstream commit + upstream: add valid-before="[time]" authorized_keys option. A - Create a persistent umac128.c source file: #define the - output size and the name of the entry points for UMAC-128 before including - umac.c. Idea from FreeBSD. ok dtucker@ + simple way of giving a key an expiry date. ok markus@ - OpenBSD-Commit-ID: 463cfacfa07cb8060a4d4961e63dca307bf3f4b1 - -commit b35addfb4cd3b5cdb56a2a489d38e940ada926c7 -Author: Darren Tucker -Date: Mon Dec 11 16:23:28 2017 +1100 - - Update .depend with empty config.h + OpenBSD-Commit-ID: 1793b4dd5184fa87f42ed33c7b0f4f02bc877947 -commit 2d96f28246938e0ca474a939d8ac82ecd0de27e3 -Author: Darren Tucker -Date: Mon Dec 11 16:21:55 2017 +1100 +commit fbd733ab7adc907118a6cf56c08ed90c7000043f +Author: Darren Tucker +Date: Mon Mar 12 19:17:26 2018 +1100 - Ensure config.h is always in dependencies. + Add AC_LANG_PROGRAM to AC_COMPILE_IFELSE. - Put an empty config.h into the dependency list to ensure that it's - always listed and consistent. + The recently added MIPS ABI tests need AC_LANG_PROGRAM to prevent + warnings from autoconf. Pointed out by klausz at haus-gisela.de. -commit ac4987a55ee5d4dcc8e87f7ae7c1f87be7257d71 -Author: deraadt@openbsd.org -Date: Sun Dec 10 19:37:57 2017 +0000 +commit c7c458e8261b04d161763cd333d74e7a5842e917 +Author: djm@openbsd.org +Date: Wed Mar 7 23:53:08 2018 +0000 - upstream commit - - ssh/lib hasn't worked towards our code-sharing goals for - a quit while, perhaps it is too verbose? Change each */Makefile to - specifying exactly what sources that program requires, compiling it seperate. - Maybe we'll iterate by sorting those into seperatable chunks, splitting up - files which contain common code + server/client specific code, or whatnot. - But this isn't one step, or we'd have done it a long time ago.. ok dtucker - markus djm + upstream: revert recent strdelim() change, it causes problems with - OpenBSD-Commit-ID: 5317f294d63a876bfc861e19773b1575f96f027d - -commit 48c23a39a8f1069a57264dd826f6c90aa12778d5 -Author: dtucker@openbsd.org -Date: Sun Dec 10 05:55:29 2017 +0000 - - upstream commit + some configs. - Put remote client info back into the ClientAlive - connection termination message. Based in part on diff from lars.nooden at - gmail, ok djm + revision 1.124 + date: 2018/03/02 03:02:11; author: djm; state: Exp; lines: +19 -8; commitid: nNRsCijZiGG6SUTT; + Allow escaped quotes \" and \' in ssh_config and sshd_config quotes + option strings. bz#1596 ok markus@ - OpenBSD-Commit-ID: 80a0f619a29bbf2f32eb5297a69978a0e05d0ee0 + OpenBSD-Commit-ID: 59c40b1b81206d713c06b49d8477402c86babda5 -commit aabd75ec76575c1b17232e6526a644097cd798e5 -Author: deraadt@openbsd.org -Date: Fri Dec 8 03:45:52 2017 +0000 +commit 0bcd871ccdf3baf2b642509ba4773d5be067cfa2 +Author: jmc@openbsd.org +Date: Mon Mar 5 07:03:18 2018 +0000 - upstream commit - - time_t printing needs %lld and (long long) casts ok djm + upstream: move the input format details to -f; remove the output - OpenBSD-Commit-ID: 4a93bc2b0d42a39b8f8de8bb74d07ad2e5e83ef7 - -commit fd4eeeec16537870bd40d04836c7906ec141c17d -Author: djm@openbsd.org -Date: Fri Dec 8 02:14:33 2017 +0000 - - upstream commit + format details and point to sshd(8), where it is documented; - fix ordering in previous to ensure errno isn't clobbered - before logging. + ok dtucker - OpenBSD-Commit-ID: e260bc1e145a9690dcb0d5aa9460c7b96a0c8ab2 + OpenBSD-Commit-ID: 95f17e47dae02a6ac7329708c8c893d4cad0004a -commit 155072fdb0d938015df828836beb2f18a294ab8a -Author: djm@openbsd.org -Date: Fri Dec 8 02:13:02 2017 +0000 +commit 45011511a09e03493568506ce32f4891a174a3bd +Author: Vicente Olivert Riera +Date: Tue Jun 20 16:42:28 2017 +0100 - upstream commit + configure.ac: properly set seccomp_audit_arch for MIPS64 - for some reason unix_listener() logged most errors twice - with each message containing only some of the useful information; merge these + Currently seccomp_audit_arch is set to AUDIT_ARCH_MIPS64 or + AUDIT_ARCH_MIPSEL64 (depending on the endinness) when openssh is built + for MIPS64. However, that's only valid for n64 ABI. The right macros for + n32 ABI defined in seccomp.h are AUDIT_ARCH_MIPS64N32 and + AUDIT_ARCH_MIPSEL64N32, for big and little endian respectively. - OpenBSD-Commit-ID: 1978a7594a9470c0dddcd719586066311b7c9a4a - -commit 79c0e1d29959304e5a49af1dbc58b144628c09f3 -Author: Darren Tucker -Date: Mon Dec 11 14:38:33 2017 +1100 - - Add autogenerated dependency info to Makefile. + Because of that an sshd built for MIPS64 n32 rejects connection attempts + and the output of strace reveals that the problem is related to seccomp + audit: - Adds a .depend file containing dependency information generated by - makedepend, which is appended to the generated Makefile by configure. + [pid 194] prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=57, + filter=0x555d5da0}) = 0 + [pid 194] write(7, "\0\0\0]\0\0\0\5\0\0\0Ulist_hostkey_types: "..., 97) = ? + [pid 193] <... poll resumed> ) = 2 ([{fd=5, revents=POLLIN|POLLHUP}, + {fd=6, revents=POLLHUP}]) + [pid 194] +++ killed by SIGSYS +++ - You can regen the file with "make -f Makefile.in depend" if necessary, - but we'll be looking at some way to automatically keep this up to date. + This patch fixes that problem by setting the right value to + seccomp_audit_arch taking into account the MIPS64 ABI. - "no objection" djm@ + Signed-off-by: Vicente Olivert Riera -commit f001de8fbf7f3faddddd8efd03df18e57601f7eb -Author: Darren Tucker -Date: Mon Dec 11 13:42:51 2017 +1100 +commit 580086704c31de91dc7ba040a28e416bf1fefbca +Author: Vicente Olivert Riera +Date: Tue Jun 20 16:42:11 2017 +0100 - Fix pasto in ldns handling. + configure.ac: detect MIPS ABI - When ldns-config is not found, configure would check the wrong variable. - ok djm@ + Signed-off-by: Vicente Olivert Riera -commit c5bfe83f67cb64e71cf2fe0d1500f6904b0099ee -Author: Darren Tucker -Date: Sat Dec 9 10:12:23 2017 +1100 +commit cd4e937aa701f70366cd5b5969af525dff6fdf15 +Author: Alan Yee +Date: Wed Mar 7 15:12:14 2018 -0800 - Portable switched to git so s/CVS/git/. + Use https URLs for links that support it. -commit bb82e61a40a4ee52e4eb904caaee2c27b763ab5b -Author: Darren Tucker -Date: Sat Dec 9 08:06:00 2017 +1100 +commit c0a0c3fc4a76b682db22146b28ddc46566db1ce9 +Author: Darren Tucker +Date: Mon Mar 5 20:03:07 2018 +1100 - Remove now-used check for perl. + Disable UTMPX on SunOS4. -commit e0ce54c0b9ca3a9388f9c50f4fa6cc25c28a3240 -Author: djm@openbsd.org -Date: Wed Dec 6 05:06:21 2017 +0000 +commit 58fd4c5c0140f6636227ca7acbb149ab0c2509b9 +Author: Darren Tucker +Date: Mon Mar 5 19:28:08 2018 +1100 - upstream commit - - don't accept junk after "yes" or "no" responses to - hostkey prompts. bz#2803 reported by Maksim Derbasov; ok dtucker@ + Check for and work around buggy fflush(NULL). - OpenBSD-Commit-ID: e1b159fb2253be973ce25eb7a7be26e6f967717c + Some really old platforms (eg SunOS4) segfault on fflush(NULL) so check + for and work around. With klausz at haus-gisela.de. -commit 609d96b3d58475a15b2eb6b3d463f2c5d8e510c0 -Author: dtucker@openbsd.org -Date: Tue Dec 5 23:59:47 2017 +0000 +commit 71e48bc7945f867029e50e06c665c66aed6d3c64 +Author: Darren Tucker +Date: Mon Mar 5 10:22:32 2018 +1100 - upstream commit - - Replace atoi and strtol conversions for integer arguments - to config keywords with a checking wrapper around strtonum. This will - prevent and flag invalid and negative arguments to these keywords. ok djm@ + Remove extra XMSS #endif - OpenBSD-Commit-ID: 99ae3981f3d608a219ccb8d2fff635ae52c17998 + Extra #endif breaks compile with -DWITH_XMSS. Pointed out by Jack + Schmidt via github. -commit 168ecec13f9d7cb80c07df3bf7d414f4e4165e84 +commit 055e09e2212ff52067786bf6d794ca9512ff7f0c Author: dtucker@openbsd.org -Date: Tue Dec 5 23:56:07 2017 +0000 +Date: Sat Mar 3 06:37:53 2018 +0000 - upstream commit + upstream: Update RSA minimum modulus size to 1024. sshkey.h rev 1.18 - Add missing break for rdomain. Prevents spurious - "Deprecated option" warnings. ok djm@ + bumped the minimum from 768 to 1024, update man page accordingly. - OpenBSD-Commit-ID: ba28a675d39bb04a974586241c3cba71a9c6099a + OpenBSD-Commit-ID: 27563ab4e866cd2aac40a5247876f6787c08a338 -commit 927f8514ceffb1af380a5f63ab4d3f7709b1b198 +commit 7e4fadd3248d6bb7d39d6688c76a613d35d2efc1 Author: djm@openbsd.org -Date: Tue Dec 5 01:30:19 2017 +0000 +Date: Sun Mar 4 01:46:48 2018 +0000 - upstream commit + upstream: for the pty control tests, just check that the PTY path - include the addr:port in bind/listen failure messages + points to something in /dev (rather than checking the device node itself); + makes life easier for portable, where systems with dynamic ptys can delete + nodes before we get around to testing their existence. - OpenBSD-Commit-ID: fdadb69fe1b38692608809cf0376b71c2c28e58e + OpenBSD-Regress-ID: b1e455b821e62572bccd98102f8dd9d09bb94994 -commit a8c89499543e2d889629c4e5e8dcf47a655cf889 -Author: dtucker@openbsd.org -Date: Wed Nov 29 05:49:54 2017 +0000 +commit 13ef4cf53f24753fe920832b990b25c9c9cd0530 +Author: Darren Tucker +Date: Sat Mar 3 16:21:20 2018 +1100 - upstream commit - - Import updated moduli. - - OpenBSD-Commit-ID: 524d210f982af6007aa936ca7f4c977f4d32f38a + Update PAM password change to new opts API. -commit 3dde09ab38c8e1cfc28252be473541a81bc57097 -Author: dtucker@openbsd.org -Date: Tue Nov 28 21:10:22 2017 +0000 +commit 33561e68e0b27366cb769295a077aabc6a49d2a1 +Author: Darren Tucker +Date: Sat Mar 3 14:56:09 2018 +1100 - upstream commit - - Have sftp print a warning about shell cleanliness when - decoding the first packet fails, which is usually caused by shells polluting - stdout of non-interactive starups. bz#2800, ok markus@ deraadt@. + Add strndup for platforms that need it. - OpenBSD-Commit-ID: 88d6a9bf3470f9324b76ba1cbd53e50120f685b5 + Some platforms don't have strndup, which includes Solaris 10, NetBSD 3 + and FreeBSD 6. -commit 6c8a246437f612ada8541076be2414846d767319 -Author: Darren Tucker -Date: Fri Dec 1 17:11:47 2017 +1100 +commit e8a17feba95eef424303fb94441008f6c5347aaf +Author: Darren Tucker +Date: Sat Mar 3 14:49:07 2018 +1100 - Replace mkinstalldirs with mkdir -p. + Flatten and alphabetize object file lists. - Check for MIKDIR_P and use it instead of mkinstalldirs. Should fix "mkdir: - cannot create directory:... File exists" during "make install". - Patch from eb at emlix.com. + This will make maintenance and changes easier. "no objection" tim@ -commit 3058dd78d2e43ed0f82ad8eab8bb04b043a72023 -Author: Darren Tucker -Date: Fri Dec 1 17:07:08 2017 +1100 +commit de1920d743d295f50e6905e5957c4172c038e8eb +Author: djm@openbsd.org +Date: Sat Mar 3 03:16:17 2018 +0000 - Pull in newer install-sh from autoconf-2.69. + upstream: unit tests for new authorized_keys options API - Suggested by eb at emlix.com + OpenBSD-Regress-ID: 820f9ec9c6301f6ca330ad4052d85f0e67d0bdc1 -commit 79226e5413c5b0fda3511351a8511ff457e306d8 -Author: Darren Tucker -Date: Fri Dec 1 16:55:35 2017 +1100 +commit dc3e92df17556dc5b0ab19cee8dcb2a6ba348717 +Author: djm@openbsd.org +Date: Fri Mar 2 02:53:27 2018 +0000 - Remove RSA1 host key generation. + upstream: fix testing of pty option, include positive test and - SSH1 support is now gone, remove SSH1 key generation. - Patch from eb at emlix.com. + testing of restrict keyword + + OpenBSD-Regress-ID: 4268f27c2706a0a95e725d9518c5bcbec9814c6d -commit 2937dd02c572a12f33d5c334d518f6cbe0b645eb +commit 3d1edd1ebbc0aabea8bbe61903060f37137f7c61 Author: djm@openbsd.org -Date: Tue Nov 28 06:09:38 2017 +0000 +Date: Fri Mar 2 02:51:55 2018 +0000 - upstream commit + upstream: better testing for port-forwarding and restrict flags in - more whitespace errors + authorized_keys - OpenBSD-Commit-ID: 5e11c125378327b648940b90145e0d98beb05abb + OpenBSD-Regress-ID: ee771df8955f2735df54746872c6228aff381daa -commit 7f257bf3fd3a759f31098960cbbd1453fafc4164 -Author: djm@openbsd.org@openbsd.org -Date: Tue Nov 28 06:04:51 2017 +0000 +commit 7c856857607112a3dfe6414696bf4c7ab7fb0cb3 +Author: djm@openbsd.org +Date: Sat Mar 3 03:15:51 2018 +0000 - upstream commit + upstream: switch over to the new authorized_keys options API and - whitespace at EOL + remove the legacy one. - OpenBSD-Commit-ID: 76d3965202b22d59c2784a8df3a8bfa5ee67b96a - -commit 5db6fbf1438b108e5df3e79a1b4de544373bc2d4 -Author: dtucker@openbsd.org@openbsd.org -Date: Sat Nov 25 06:46:22 2017 +0000 - - upstream commit + Includes a fairly big refactor of auth2-pubkey.c to retain less state + between key file lines. - Add monotime_ts and monotime_tv that return monotonic - timespec and timeval respectively. Replace calls to gettimeofday() in packet - timing with monotime_tv so that the callers will work over a clock step. - Should prevent integer overflow during clock steps reported by wangle6 at - huawei.com. "I like" markus@ + feedback and ok markus@ - OpenBSD-Commit-ID: 74d684264814ff806f197948b87aa732cb1b0b8a + OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df -commit 2d638e986085bdf1a40310ed6e2307463db96ea0 -Author: dtucker@openbsd.org@openbsd.org -Date: Sat Nov 25 05:58:47 2017 +0000 +commit 90c4bec8b5f9ec4c003ae4abdf13fc7766f00c8b +Author: djm@openbsd.org +Date: Sat Mar 3 03:06:02 2018 +0000 - upstream commit + upstream: Introduce a new API for handling authorized_keys options. - Remove get_current_time() and replace with calls to - monotime_double() which uses CLOCK_MONOTONIC and works over clock steps. "I - like" markus@ + This API parses options to a dedicated structure rather than the old API's + approach of setting global state. It also includes support for merging + options, e.g. from authorized_keys, authorized_principals and/or + certificates. - OpenBSD-Commit-ID: 3ad2f7d2414e2cfcaef99877a7a5b0baf2242952 - -commit ba460acae48a36ef749cb23068f968f4d5d90a24 -Author: Darren Tucker -Date: Fri Nov 24 16:24:31 2017 +1100 - - Include string.h for explicit_bzero. - -commit a65655fb1a12b77fb22f9e71559b9d73030ec8ff -Author: Damien Miller -Date: Fri Nov 24 10:23:47 2017 +1100 - - fix incorrect range of OpenSSL versions supported + feedback and ok markus@ - Pointed out by Solar Designer + OpenBSD-Commit-ID: 98badda102cd575210d7802943e93a34232c80a2 -commit 83a1e5dbec52d05775174f368e0c44b08619a308 -Author: djm@openbsd.org@openbsd.org -Date: Wed Nov 15 02:10:16 2017 +0000 +commit 26074380767e639ef89321610e146ae11016b385 +Author: djm@openbsd.org +Date: Sat Mar 3 03:01:50 2018 +0000 - upstream commit + upstream: warn when the agent returns a signature type that was - downgrade a couple more request parsing errors from - process-fatal to just returning failure, making them consistent with the - others that were already like that. + different to what was requested. This might happen when an old/non-OpenSSH + agent is asked to make a rsa-sha2-256/512 signature but only supports + ssh-rsa. bz#2799 feedback and ok markus@ - OpenBSD-Commit-ID: c111461f7a626690a2d53018ef26557b34652918 + OpenBSD-Commit-ID: 760c0f9438c5c58abc16b5f98008ff2d95cb13ce -commit 93c68a8f3da8e5e6acdc3396f54d73919165e242 -Author: djm@openbsd.org@openbsd.org -Date: Wed Nov 15 00:13:40 2017 +0000 +commit f493d2b0b66fb003ed29f31dd66ff1aeb64be1fc +Author: jmc@openbsd.org +Date: Fri Mar 2 21:40:15 2018 +0000 - upstream commit - - fix regression in 7.6: failure to parse a signature request - message shouldn't be fatal to the process, just the request. Reported by Ron - Frederick + upstream: apply a lick of paint; tweaks/ok dtucker - OpenBSD-Commit-ID: e5d01b3819caa1a2ad51fc57d6ded43f48bbcc05 + OpenBSD-Commit-ID: 518a6736338045e0037f503c21027d958d05e703 -commit 548d3a66feb64c405733932a6b1abeaf7198fa71 -Author: djm@openbsd.org@openbsd.org -Date: Tue Nov 14 00:45:29 2017 +0000 +commit 713d9cb510e0e7759398716cbe6dcf43e574be71 +Author: djm@openbsd.org +Date: Fri Mar 2 03:02:11 2018 +0000 - upstream commit - - fix problem in configuration parsing when in config dump mode - (sshd -T) without providing a full connection specification (sshd -T -C ...) + upstream: Allow escaped quotes \" and \' in ssh_config and - spotted by bluhm@ + sshd_config quotes option strings. bz#1596 ok markus@ - OpenBSD-Commit-ID: 7125faf5740eaa9d3a2f25400a0bc85e94e28b8f + OpenBSD-Commit-ID: dd3a29fc2dc905e8780198e5a6a30b096de1a1cb -commit 33edb6ebdc2f81ebed1bceadacdfb8910b64fb88 -Author: djm@openbsd.org@openbsd.org -Date: Fri Nov 3 05:18:44 2017 +0000 +commit 94b4e2d29afaaaef89a95289b16c18bf5627f7cd +Author: djm@openbsd.org +Date: Fri Mar 2 02:08:03 2018 +0000 - upstream commit + upstream: refactor sshkey_read() to make it a little more, err, - reuse parse_multistate for parse_flag (yes/no arguments). - Saves a few lines of code and makes the parser more consistent wrt case- - sensitivity. bz#2664 ok dtucker@ + readable. ok markus - OpenBSD-Commit-ID: b2ad1b6086858d5db71c7b11e5a74dba6d60efef + OpenBSD-Commit-ID: 2e9247b5762fdac3b6335dc606d3822121714c28 -commit d52131a98316e76c0caa348f09bf6f7b9b01a1b9 -Author: djm@openbsd.org@openbsd.org -Date: Fri Nov 3 05:14:04 2017 +0000 +commit 5886b92968b360623491699247caddfb77a74d80 +Author: markus@openbsd.org +Date: Thu Mar 1 20:32:16 2018 +0000 - upstream commit + upstream: missing #ifdef for _PATH_HOST_XMSS_KEY_FILE; report by - allow certificate validity intervals that specify only a - start or stop time (we already support specifying both or neither) + jmc@ - OpenBSD-Commit-ID: 9be486545603c003030bdb5c467d1318b46b4e42 + OpenBSD-Commit-ID: 9039cb69a3f9886bfef096891a9e7fcbd620280b -commit fbe8e7ac94c2fa380421a9205a8bc966549c2f91 -Author: djm@openbsd.org@openbsd.org -Date: Fri Nov 3 03:46:52 2017 +0000 +commit 3b36bed3d26f17f6a2b7e036e01777770fe1bcd4 +Author: dtucker@openbsd.org +Date: Mon Feb 26 12:14:53 2018 +0000 - upstream commit - - allow "cd" and "lcd" commands with no explicit path - argument. lcd will change to the local user's home directory as usual. cd - will change to the starting directory for session (because the protocol - offers no way to obtain the remote user's home directory). bz#2760 ok - dtucker@ + upstream: Remove unneeded (local) include. ok markus@ - OpenBSD-Commit-ID: 15333f5087cee8c1ed1330cac1bd0a3e6a767393 + OpenBSD-Commit-ID: 132812dd2296b1caa8cb07d2408afc28e4e60f93 -commit 0208a48517b5e8e8b091f32fa4addcd67c31ca9e -Author: dtucker@openbsd.org@openbsd.org -Date: Fri Nov 3 03:18:53 2017 +0000 +commit 27b9f3950e0289e225b57b7b880a8f1859dcd70b +Author: dtucker@openbsd.org +Date: Mon Feb 26 03:56:44 2018 +0000 - upstream commit + upstream: Add $OpenBSD$ markers to xmss files to help keep synced - When doing a config test with sshd -T, only require the - attributes that are actually used in Match criteria rather than (an - incomplete list of) all criteria. ok djm@, man page help jmc@ + with portable. ok djm@. - OpenBSD-Commit-ID: b4e773c4212d3dea486d0259ae977551aab2c1fc + OpenBSD-Commit-ID: 5233a27aafd1dfadad4b957225f95ae51eb365c1 -commit c357eed5a52cd2f4ff358b17e30e3f9a800644da -Author: djm@openbsd.org@openbsd.org -Date: Fri Nov 3 02:32:19 2017 +0000 +commit afd830847a82ebbd5aeab05bad6d2c8ce74df1cd +Author: dtucker@openbsd.org +Date: Mon Feb 26 03:03:05 2018 +0000 - upstream commit - - typos in ECDSA certificate names; bz#2787 reported by - Mike Gerow + upstream: Add newline at end of file to prevent compiler warnings. - OpenBSD-Commit-ID: 824938b6aba1b31321324ba1f56c05f84834b163 + OpenBSD-Commit-ID: 52f247d4eafe840c7c14c8befa71a760a8eeb063 -commit ecbf005b8fd80b81d0c61dfc1e96fe3da6099395 -Author: djm@openbsd.org@openbsd.org -Date: Fri Nov 3 02:29:17 2017 +0000 +commit 941e0d3e9bb8d5e4eb70cc694441445faf037c84 +Author: Darren Tucker +Date: Wed Feb 28 19:59:35 2018 +1100 - upstream commit + Add WITH_XMSS, move to prevent conflicts. - Private keys in PEM format have been encrypted by AES-128 for - a while (not 3DES). bz#2788 reported by Calum Mackay - - OpenBSD-Commit-ID: bd33da7acbbb3c882f0a0ee56007a35ce0d8a11a + Add #ifdef WITH_XMSS to ssh-xmss.c, move it in the other files to after + includes.h so it's less likely to conflict and will pick up WITH_XMSS if + added to config.h. -commit 81c9ccdbf6ddbf9bfbd6f1f775a5a7c13e47e185 -Author: Darren Tucker -Date: Fri Nov 3 14:52:51 2017 +1100 +commit a10d8552d0d2438da4ed539275abcbf557d1e7a8 +Author: Darren Tucker +Date: Tue Feb 27 14:45:17 2018 +1100 - Check for linux/if.h when enabling rdomain. + Conditionally compile XMSS code. - musl libc doesn't seem to have linux/if.h, so check for its presence - before enabling rdomain support on Linux. + The XMSS code is currently experimental and, unlike the rest of OpenSSH + cannot currently be compiled with a c89 compiler. -commit fa1b834cce41a1ce3e6a8d57fb67ef18c9dd803f -Author: Darren Tucker -Date: Fri Nov 3 14:09:45 2017 +1100 +commit 146c3bd28c8dbee9c4b06465d9c9facab96b1e9b +Author: Darren Tucker +Date: Mon Feb 26 12:51:29 2018 +1100 - Add headers for sys/sysctl.h and net/route.h - - On at least older OpenBSDs, sys/sysctl.h and net/route.h require - sys/types and, in the case of sys/sysctl.h, sys/param.h for MAXLOGNAME. + Check dlopen has RTLD_NOW before enabling pkcs11. -commit 41bff4da21fcd8a7c6a83a7e0f92b018f904f6fb -Author: djm@openbsd.org@openbsd.org -Date: Fri Nov 3 02:22:41 2017 +0000 +commit 1323f120d06a26074c4d154fcbe7f49bcad3d741 +Author: Darren Tucker +Date: Tue Feb 27 08:41:25 2018 +1100 - upstream commit - - avoid unused variable warnings for !WITH_OPENSSL; patch from - Marcus Folkesson + Check for attributes on prototype args. - OpenBSD-Commit-ID: c01d27a3f907acdc3dd4ea48170fac3ba236d229 + Some compilers (gcc 2.9.53, 3.0 and probably others, see gcc bug #3481) + do not accept __attribute__ on function pointer prototype args. Check for + this and hide them if they're not accepted. -commit 6b373e4635a7470baa94253dd1dc8953663da9e8 -Author: Marcus Folkesson -Date: Sat Oct 28 19:48:39 2017 +0200 +commit f0b245b0439e600fab782d19e97980e9f2c2533c +Author: Darren Tucker +Date: Mon Feb 26 11:43:48 2018 +1100 - only enable functions in dh.c when openssl is used - - Signed-off-by: Marcus Folkesson + Check if HAVE_DECL_BZERO correctly. -commit 939b30ba23848b572e15bf92f0f1a3d9cf3acc2b -Author: djm@openbsd.org@openbsd.org -Date: Wed Nov 1 00:04:15 2017 +0000 +commit c7ef4a399155e1621a532cc5e08e6fa773658dd4 +Author: Darren Tucker +Date: Mon Feb 26 17:42:56 2018 +1100 - upstream commit - - fix broken stdout in ControlPersist mode, introduced by me in - r1.467 and reported by Alf Schlichting - - OpenBSD-Commit-ID: 3750a16e02108fc25f747e4ebcedb7123c1ef509 + Wrap in #ifdef HAVE_STDINT_H. -commit f21455a084f9cc3942cf1bde64055a4916849fed -Author: Darren Tucker -Date: Tue Oct 31 10:09:33 2017 +1100 +commit ac53ce46cf8165cbda7f57ee045f9f32e1e92b31 +Author: Darren Tucker +Date: Mon Feb 26 16:24:23 2018 +1100 - Include includes.h for HAVE_GETPAGESIZE. - - The configure script checks for getpagesize() and sets HAVE_GETPAGESIZE in - config.h, but bsd-getpagesize.c forgot to include includes.h (which - indirectly includes config.h) so the checks always fails, causing linker - issues when linking statically on systems with getpagesize(). + Replace $(CURDIR) with $(PWD). - Patch from Peter Korsgaard + The former doesn't work on Solaris or BSDs. -commit f2ad63c0718b93ac1d1e85f53fee33b06eef86b5 -Author: djm@openbsd.org@openbsd.org -Date: Mon Oct 30 22:01:52 2017 +0000 +commit 534b2680a15d14e7e60274d5b29b812d44cc5a44 +Author: Darren Tucker +Date: Mon Feb 26 14:51:59 2018 +1100 - upstream commit - - whitespace at EOL + Comment out hexdump(). - OpenBSD-Regress-ID: f4b5df99b28c6f63478deb916c6ed0e794685f07 + Nothing currently uses them but they cause conflicts on at least + FreeBSD, possibly others. ok djm@ -commit c6415b1f8f1d0c2735564371647fd6a177fb9a3e -Author: djm@openbsd.org@openbsd.org -Date: Mon Oct 30 21:59:43 2017 +0000 +commit 5aea4aa522f61bb2f34c3055a7de203909dfae77 +Author: Darren Tucker +Date: Mon Feb 26 14:39:14 2018 +1100 - upstream commit - - whitespace at EOL - - OpenBSD-Regress-ID: 19b1394393deee4c8a2114a3b7d18189f27a15cd + typo: missing ; -commit e4d4ddbbba0e585ca3ec3a455430750b4622a6d3 -Author: millert@openbsd.org@openbsd.org -Date: Wed Oct 25 20:08:36 2017 +0000 +commit cd3ab57f9b388f8b1abf601dc4d78ff82d83b75e +Author: Darren Tucker +Date: Mon Feb 26 14:37:06 2018 +1100 - upstream commit - - Use printenv to test whether an SSH_USER_AUTH is set - instead of using $SSH_USER_AUTH. The latter won't work with csh which treats - unknown variables as an error when expanding them. OK markus@ + Hook up flock() compat code. - OpenBSD-Regress-ID: f601e878dd8b71aa40381573dde3a8f567e6f2d1 + Also a couple of minor changes: fail if we can't lock instead of + silently succeeding, and apply a couple of minor style fixes. -commit 116b1b439413a724ebb3320633a64dd0f3ee1fe7 -Author: millert@openbsd.org@openbsd.org -Date: Tue Oct 24 19:33:32 2017 +0000 +commit b087998d1ba90dd1ddb6bfdb17873dc3e7392798 +Author: Darren Tucker +Date: Mon Feb 26 14:27:02 2018 +1100 - upstream commit - - Add tests for URI parsing. OK markus@ + Import flock() compat from NetBSD. - OpenBSD-Regress-ID: 5d1df19874f3b916d1a2256a905526e17a98bd3b + From NetBSD's src/trunk/tools/compat/flock.c, no OpenSSH changes yet. -commit dbe0662e9cd482593a4a8bf58c6481bfe8a747a4 -Author: djm@openbsd.org@openbsd.org -Date: Fri Oct 27 01:57:06 2017 +0000 +commit 89212533dde6798324e835b1499084658df4579e +Author: Darren Tucker +Date: Mon Feb 26 12:32:14 2018 +1100 - upstream commit - - whitespace at EOL + Fix breakage when REGRESSTMP not set. - OpenBSD-Commit-ID: c95549cf5a07d56ea11aaff818415118720214f6 + BUILDDIR is not set where used for REGRESSTMP, use make's CURDIR + instead. Pointed out by djm@. -commit d2135474344335a7c6ee643b6ade6db400fa76ee -Author: djm@openbsd.org@openbsd.org -Date: Fri Oct 27 01:01:17 2017 +0000 +commit f885474137df4b89498c0b8834c2ac72c47aa4bd +Author: Damien Miller +Date: Mon Feb 26 12:18:14 2018 +1100 - upstream commit - - whitespace at EOL (lots) - - OpenBSD-Commit-ID: 757257dd44116794ee1b5a45c6724973de181747 + XMSS-related files get includes.h -commit b77c29a07f5a02c7c1998701c73d92bde7ae1608 -Author: djm@openbsd.org@openbsd.org -Date: Fri Oct 27 00:18:41 2017 +0000 +commit 612faa34c72e421cdc9e63f624526bae62d557cc +Author: Damien Miller +Date: Mon Feb 26 12:17:55 2018 +1100 - upstream commit - - improve printing of rdomain on accept() a little - - OpenBSD-Commit-ID: 5da58db2243606899cedaa646c70201b2d12247a + object files end with .o - not .c -commit 68d3bbb2e6dfbf117c46e942142795b2cdd0274b -Author: jmc@openbsd.org@openbsd.org -Date: Thu Oct 26 06:44:01 2017 +0000 +commit bda709b8e13d3eef19e69c2d1684139e3af728f5 +Author: Damien Miller +Date: Mon Feb 26 12:17:22 2018 +1100 - upstream commit - - mark up the rdomain keyword; + avoid inclusion of deprecated selinux/flask.h - OpenBSD-Commit-ID: 1b597d0ad0ad20e94dbd61ca066057e6f6313b8a + Use string_to_security_class() instead. -commit 0b2e2896b9d0d6cfb59e9ec8271085296bd4e99b -Author: jmc@openbsd.org@openbsd.org -Date: Wed Oct 25 06:19:46 2017 +0000 +commit 2e396439365c4ca352cac222717d09b14f8a0dfd +Author: Damien Miller +Date: Mon Feb 26 11:48:27 2018 +1100 - upstream commit - - tweak the uri text, specifically removing some markup to - make it a bit more readable; - - issue reported by - and diff ok - millert - - OpenBSD-Commit-ID: 8b56a20208040b2d0633536fd926e992de37ef3f + updatedepend -commit 7530e77bdc9415386d2a8ea3d086e8b611b2ba40 -Author: jmc@openbsd.org@openbsd.org -Date: Wed Oct 25 06:18:06 2017 +0000 +commit 1b11ea7c58cd5c59838b5fa574cd456d6047b2d4 +Author: markus@openbsd.org +Date: Fri Feb 23 15:58:37 2018 +0000 - upstream commit + upstream: Add experimental support for PQC XMSS keys (Extended - simplify macros in previous, and some minor tweaks; + Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS + in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See + https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok + djm@ - OpenBSD-Commit-ID: 6efeca3d8b095b76e21b484607d9cc67ac9a11ca + OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac -commit eb9c582b710dc48976b48eb2204218f6863bae9a -Author: Damien Miller -Date: Tue Oct 31 00:46:29 2017 +1100 +commit 7d330a1ac02076de98cfc8fda05353d57b603755 +Author: jmc@openbsd.org +Date: Fri Feb 23 07:38:09 2018 +0000 - Switch upstream git repository. - - Previously portable OpenSSH has synced against a conversion of OpenBSD's - CVS repository made using the git cvsimport tool, but this has become - increasingly unreliable. - - As of this commit, portable OpenSSH now tracks a conversion of the - OpenBSD CVS upstream made using the excellent cvs2gitdump tool from - YASUOKA Masahiko: https://github.com/yasuoka/cvs2gitdump - - cvs2gitdump is considerably more reliable than gitcvsimport and the old - version of cvsps that it uses under the hood, and is the same tool used - to export the entire OpenBSD repository to git (so we know it can cope - with future growth). - - These new conversions are mirrored at github, so interested parties can - match portable OpenSSH commits to their upstream counterparts. - - https://github.com/djmdjm/openbsd-openssh-src - https://github.com/djmdjm/openbsd-openssh-regress - - An unfortunate side effect of switching upstreams is that we must have - a flag day, across which the upstream commit IDs will be inconsistent. - The old commit IDs are recorded with the tags "Upstream-ID" for main - directory commits and "Upstream-Regress-ID" for regress commits. + upstream: some cleanup for BindInterface and ssh-keyscan; - To make it clear that the commit IDs do not refer to the same - things, the new repository will instead use "OpenBSD-ID" and - "OpenBSD-Regress-ID" tags instead. + OpenBSD-Commit-ID: 1a719ebeae22a166adf05bea5009add7075acc8c + +commit c7b5a47e3b9db9a0f0198f9c90c705f6307afc2b +Author: Darren Tucker +Date: Sun Feb 25 23:55:41 2018 +1100 + + Invert sense of getpgrp test. - Apart from being a longwinded explanation of what is going on, this - commit message also serves to synchronise our tools with the state of - the tree, which happens to be: + AC_FUNC_GETPGRP tests if getpgrp(0) works, which it does if it's not + declared. Instead, test if the zero-arg version we want to use works. + +commit b39593a6de5290650a01adf8699c6460570403c2 +Author: Darren Tucker +Date: Sun Feb 25 13:25:15 2018 +1100 + + Add no-op getsid implmentation. + +commit 11057564eb6ab8fd987de50c3d7f394c6f6632b7 +Author: Darren Tucker +Date: Sun Feb 25 11:22:57 2018 +1100 + + bsd-statvfs: include sys/vfs.h, check for f_flags. + +commit e9dede06e5bc582a4aeb5b1cd5a7a640d7de3609 +Author: Darren Tucker +Date: Sun Feb 25 10:20:31 2018 +1100 + + Handle calloc(0,x) where different from malloc. - OpenBSD-ID: 9c43a9968c7929613284ea18e9fb92e4e2a8e4c1 - OpenBSD-Regress-ID: b33b385719420bf3bc57d664feda6f699c147fef + Configure assumes that if malloc(0) returns null then calloc(0,n) + also does. On some old platforms (SunOS4) malloc behaves as expected + (as determined by AC_FUNC_MALLOC) but calloc doesn't. Test for this + at configure time and activate the replacement function if found, plus + handle this case in rpl_calloc. -commit 2de5c6b53bf063ac698596ef4e23d8e3099656ea -Author: Damien Miller -Date: Fri Oct 27 08:42:33 2017 +1100 +commit 2eb4041493fd2635ffdc64a852d02b38c4955e0b +Author: Darren Tucker +Date: Sat Feb 24 21:06:48 2018 +1100 - fix rdomain compilation errors + Add prototype for readv if needed. -commit 6bd5b569fd6dfd5e8c8af20bbc41e45c2d6462ab -Author: Damien Miller -Date: Wed Oct 25 14:15:42 2017 +1100 +commit 6c8c9a615b6d31db8a87bc25033f053d5b0a831e +Author: Darren Tucker +Date: Sat Feb 24 20:46:37 2018 +1100 - autoconf glue to enable Linux VRF + Check for raise and supply if needed. -commit 97c5aaf925d61641d599071abb56012cde265978 -Author: Damien Miller -Date: Wed Oct 25 14:09:56 2017 +1100 +commit a9004425a032d7a7141a5437cfabfd02431e2a74 +Author: Darren Tucker +Date: Sat Feb 24 20:25:22 2018 +1100 - basic valid_rdomain() implementation for Linux + Check for bzero and supply if needed. + + Since explicit_bzero uses it via an indirect it needs to be a function + not just a macro. -commit ce1cca39d7935dd394080ce2df62f5ce5b51f485 -Author: Damien Miller -Date: Wed Oct 25 13:47:59 2017 +1100 +commit 1a348359e4d2876203b5255941bae348557f4f54 +Author: djm@openbsd.org +Date: Fri Feb 23 05:14:05 2018 +0000 - implement get/set_rdomain() for Linux + upstream: Add ssh-keyscan -D option to make it print its results in - Not enabled, pending implementation of valid_rdomain() and autoconf glue + SSHFP format bz#2821, ok dtucker@ + + OpenBSD-Commit-ID: 831446b582e0f298ca15c9d99c415c899e392221 + +commit 3e19fb976a47b44b3d7c4f8355269f7f2c5dd82c +Author: dtucker@openbsd.org +Date: Fri Feb 23 04:18:46 2018 +0000 + + upstream: Add missing braces. + + Caught by the tinderbox's -Werror=misleading-indentation, ok djm@ + + OpenBSD-Commit-ID: d44656af594c3b2366eb87d6abcef83e1c88a6ca + +commit b59162da99399d89bd57f71c170c0003c55b1583 +Author: Darren Tucker +Date: Fri Feb 23 15:20:42 2018 +1100 + + Check for ifaddrs.h for BindInterface. + + BindInterface required getifaddr and friends so disable if not available + (eg Solaris 10). We should be able to add support for some systems with + a bit more work but this gets the building again. -commit 6eee79f9b8d4a3b113b698383948a119acb82415 +commit a8dd6fe0aa10b6866830b4688a73ef966f0aed88 Author: Damien Miller -Date: Wed Oct 25 13:22:29 2017 +1100 +Date: Fri Feb 23 14:19:11 2018 +1100 - stubs for rdomain replacement functions + space before tab in previous -commit f5594f939f844bbb688313697d6676238da355b3 -Author: Damien Miller -Date: Wed Oct 25 13:13:57 2017 +1100 +commit b5e9263c7704247f9624c8f5c458e9181fcdbc09 +Author: dtucker@openbsd.org +Date: Fri Feb 9 03:40:22 2018 +0000 - rename port-tun.[ch] => port-net.[ch] + upstream: Replace fatal with exit in the case that we do not have - Ahead of adding rdomain support + $SUDO set. Prevents test failures when neither sudo nor doas are configured. + + OpenBSD-Regress-ID: 6a0464decc4f8ac7d6eded556a032b0fc521bc7b -commit d685e5a31feea35fb99e1a31a70b3c60a7f2a0eb +commit 3e9d3192ad43758ef761c5b0aa3ac5ccf8121ef2 +Author: Darren Tucker +Date: Fri Feb 23 14:10:53 2018 +1100 + + Use portable syntax for REGRESSTMP. + +commit 73282b61187883a2b2bb48e087fdda1d751d6059 Author: djm@openbsd.org -Date: Wed Oct 25 02:10:39 2017 +0000 +Date: Fri Feb 23 03:03:00 2018 +0000 - upstream commit + upstream: unbreak interop test after SSHv1 purge; patch from Colin - uninitialised variable in PermitTunnel printing code + Watson via bz#2823 - Upstream-ID: f04dc33e42855704e116b8da61095ecc71bc9e9a - -commit 43c29bb7cfd46bbbc61e0ffa61a11e74d49a712f -Author: Damien Miller -Date: Wed Oct 25 13:10:59 2017 +1100 - - provide hooks and fallbacks for rdomain support + OpenBSD-Regress-ID: 807d30a597756ed6612bdf46dfebca74f49cb31a -commit 3235473bc8e075fad7216b7cd62fcd2b0320ea04 -Author: Damien Miller -Date: Wed Oct 25 11:25:43 2017 +1100 +commit f8985dde5f46aedade0373365cbf86ed3f1aead2 +Author: dtucker@openbsd.org +Date: Fri Feb 9 03:42:57 2018 +0000 - check for net/route.h and sys/sysctl.h + upstream: Skip sftp-chroot test when SUDO not set instead of + + fatal(). + + OpenBSD-Regress-ID: cd4b5f1109b0dc09af4e5ea7d4968c43fbcbde88 -commit 4d5456c7de108e17603a0920c4d15bca87244921 -Author: djm@openbsd.org -Date: Wed Oct 25 00:21:37 2017 +0000 +commit df88551c02d4e3445c44ff67ba8757cff718609a +Author: dtucker@openbsd.org +Date: Fri Feb 9 03:40:22 2018 +0000 - upstream commit + upstream: Replace fatal with exit in the case that we do not have - transfer ownership of stdout to the session channel by - dup2'ing /dev/null to fd 1. This allows propagation of remote stdout close to - the local side; reported by David Newall, ok markus@ + $SUDO set. Prevents test failures when neither sudo nor doas are configured. - Upstream-ID: 8d9ac18a11d89e6b0415f0cbf67b928ac67f0e79 + OpenBSD-Regress-ID: 6a0464decc4f8ac7d6eded556a032b0fc521bc7b -commit 68af80e6fdeaeb79432209db614386ff0f37e75f +commit 3b252c20b19f093e87363de197f1100b79705dd3 Author: djm@openbsd.org -Date: Wed Oct 25 00:19:47 2017 +0000 +Date: Thu Feb 8 08:46:20 2018 +0000 - upstream commit - - add a "rdomain" criteria for the sshd_config Match - keyword to allow conditional configuration that depends on which rdomain(4) a - connection was recevied on. ok markus@ + upstream: some helpers to check verbose/quiet mode - Upstream-ID: 27d8fd5a3f1bae18c9c6e533afdf99bff887a4fb + OpenBSD-Regress-ID: e736aac39e563f5360a0935080a71d5fdcb976de -commit 35eb33fb957979e3fcbe6ea0eaee8bf4a217421a +commit ac2e3026bbee1367e4cda34765d1106099be3287 Author: djm@openbsd.org -Date: Wed Oct 25 00:17:08 2017 +0000 +Date: Fri Feb 23 02:34:33 2018 +0000 - upstream commit + upstream: Add BindInterface ssh_config directive and -B - add sshd_config RDomain keyword to place sshd and the - subsequent user session (including the shell and any TCP/IP forwardings) into - the specified rdomain(4) + command-line argument to ssh(1) that directs it to bind its outgoing + connection to the address of the specified network interface. - ok markus@ + BindInterface prefers to use addresses that aren't loopback or link- + local, but will fall back to those if no other addresses of the + required family are available on that interface. - Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5 + Based on patch by Mike Manning in bz#2820, ok dtucker@ + + OpenBSD-Commit-ID: c5064d285c2851f773dd736a2c342aa384fbf713 -commit acf559e1cffbd1d6167cc1742729fc381069f06b +commit fcdb9d777839a3fa034b3bc3067ba8c1f6886679 Author: djm@openbsd.org -Date: Wed Oct 25 00:15:35 2017 +0000 +Date: Mon Feb 19 00:55:02 2018 +0000 - upstream commit + upstream: emphasise that the hostkey rotation may send key types - Add optional rdomain qualifier to sshd_config's - ListenAddress option to allow listening on a different rdomain(4), e.g. + that the client may not support, and that the client should simply disregard + such keys (this is what ssh does already). - ListenAddress 0.0.0.0 rdomain 4 + OpenBSD-Commit-ID: 65f8ffbc32ac8d12be8f913d7c0ea55bef8622bf + +commit ce066f688dc166506c082dac41ca686066e3de5f +Author: Darren Tucker +Date: Thu Feb 22 20:45:09 2018 +1100 + + Add headers for sys/audit.h. - Upstream-ID: 24b6622c376feeed9e9be8b9605e593695ac9091 + On some older platforms (at least sunos4, probably others) sys/audit.h + requires some other headers. Patch from klausz at haus-gisela.de. -commit b9903ee8ee8671b447fc260c2bee3761e26c7227 -Author: millert@openbsd.org -Date: Tue Oct 24 19:41:45 2017 +0000 +commit 3fd2d2291a695c96a54269deae079bacce6e3fb9 +Author: Darren Tucker +Date: Mon Feb 19 18:37:40 2018 +1100 - upstream commit + Add REGRESSTMP make var override. - Kill dead store and some spaces vs. tabs indent in - parse_user_host_path(). Noticed by markus@ + Defaults to original location ($srcdir/regress) but allows overriding + if desired, eg a directory in /tmp. + +commit f8338428588f3ecb5243c86336eccaa28809f97e +Author: Darren Tucker +Date: Sun Feb 18 15:53:15 2018 +1100 + + Remove now-unused check for getrusage. - Upstream-ID: 114fec91dadf9af46c7c94fd40fc630ea2de8200 + getrusage was used in ssh-rand-helper but that's now long gone. + Patch from klauszh at haus-gisela.de. -commit 0869627e00f4ee2a038cb62d7bd9ffad405e1800 -Author: jmc@openbsd.org -Date: Tue Oct 24 06:27:42 2017 +0000 +commit 8570177195f6a4b3173c0a25484a83641ee3faa6 +Author: dtucker@openbsd.org +Date: Fri Feb 16 04:43:11 2018 +0000 - upstream commit + upstream: Don't send IUTF8 to servers that don't like them. - tweak previous; ok djm + Some SSH servers eg "ConfD" drop the connection if the client sends the + new IUTF8 (RFC8160) terminal mode even if it's not set. Add a bug bit + for such servers and avoid sending IUTF8 to them. ok djm@ - Upstream-ID: 7d913981ab315296be1f759c67b6e17aea38fca9 + OpenBSD-Commit-ID: 26425855402d870c3c0a90491e72e2a8a342ceda -commit e3fa20e2e58fdc88a0e842358778f2de448b771b -Author: Damien Miller -Date: Mon Oct 23 16:25:24 2017 +1100 +commit f6dc2ba3c9d12be53057b9371f5109ec553a399f +Author: Darren Tucker +Date: Fri Feb 16 17:32:28 2018 +1100 - avoid -Wsign-compare warning in argv copying + freezero should check for NULL. -commit b7548b12a6b2b4abf4d057192c353147e0abba08 +commit 680321f3eb46773883111e234b3c262142ff7c5b Author: djm@openbsd.org -Date: Mon Oct 23 05:08:00 2017 +0000 +Date: Fri Feb 16 02:40:45 2018 +0000 - upstream commit + upstream: Mention recent DH KEX methods: - Expose devices allocated for tun/tap forwarding. + diffie-hellman-group14-sha256 + diffie-hellman-group16-sha512 + diffie-hellman-group18-sha512 - At the client, the device may be obtained from a new %T expansion - for LocalCommand. + From Jakub Jelen via bz#2826 - At the server, the allocated devices will be listed in a - SSH_TUNNEL variable exposed to the environment of any user sessions - started after the tunnel forwarding was established. + OpenBSD-Commit-ID: 51bf769f06e55447f4bfa7306949e62d2401907a + +commit 88c50a5ae20902715f0fca306bb9c38514f71679 +Author: djm@openbsd.org +Date: Fri Feb 16 02:32:40 2018 +0000 + + upstream: stop loading DSA keys by default, remove sshd_config - ok markus + stanza and manpage bits; from Colin Watson via bz#2662, ok dtucker@ - Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e + OpenBSD-Commit-ID: d33a849f481684ff655c140f5eb1b4acda8c5c09 -commit 887669ef032d63cf07f53cada216fa8a0c9a7d72 -Author: millert@openbsd.org -Date: Sat Oct 21 23:06:24 2017 +0000 +commit d2b3db2860c962927def39a52f67f1c23f7b201a +Author: jsing@openbsd.org +Date: Wed Feb 14 16:27:24 2018 +0000 - upstream commit + upstream: Ensure that D mod (P-1) and D mod (Q-1) are calculated in - Add URI support to ssh, sftp and scp. For example - ssh://user@host or sftp://user@host/path. The connection parameters - described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since - the ssh fingerprint format in the draft uses md5 with no way to specify the - hash function type. OK djm@ + constant time. + + This avoids a potential side channel timing leak. + + ok djm@ markus@ + + OpenBSD-Commit-ID: 71ff3c16be03290e63d8edab8fac053d8a82968c + +commit 4270efad7048535b4f250f493d70f9acfb201593 +Author: jsing@openbsd.org +Date: Wed Feb 14 16:03:32 2018 +0000 + + upstream: Some obvious freezero() conversions. + + This also zeros an ed25519_pk when it was not being zeroed previously. + + ok djm@ dtucker@ + + OpenBSD-Commit-ID: 5c196a3c85c23ac0bd9b11bcadaedd90b7a2ce82 + +commit affa6ba67ffccc30b85d6e98f36eb5afd9386882 +Author: Darren Tucker +Date: Thu Feb 15 22:32:04 2018 +1100 + + Remove execute bit from modpipe.c. + +commit 9879dca438526ae6dfd656fecb26b0558c29c731 +Author: Darren Tucker +Date: Thu Feb 15 22:26:16 2018 +1100 + + Update prngd link to point to sourceforge. + +commit b6973fa5152b1a0bafd2417b7c3ad96f6e87d014 +Author: Darren Tucker +Date: Thu Feb 15 22:22:38 2018 +1100 + + Remove references to UNICOS. + +commit f1ca487940449f0b64f38f1da575078257609966 +Author: Darren Tucker +Date: Thu Feb 15 22:18:37 2018 +1100 + + Remove extra newline. + +commit 6d4e980f3cf27f409489cf89cd46c21501b13731 +Author: Darren Tucker +Date: Thu Feb 15 22:16:54 2018 +1100 + + OpenSSH's builtin entropy gathering is long gone. + +commit 389125b25d1a1d7f22e907463b7e8eca74af79ea +Author: Darren Tucker +Date: Thu Feb 15 21:43:01 2018 +1100 + + Replace remaining mysignal() with signal(). - Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc + These seem to have been missed during the replacement of mysignal + with #define signal in commit 5ade9ab. Both include the requisite + headers to pick up the #define. -commit d27bff293cfeb2252f4c7a58babe5ad3262c6c98 -Author: Damien Miller -Date: Fri Oct 20 13:22:00 2017 +1100 +commit 265d88d4e61e352de6791733c8b29fa3d7d0c26d +Author: Darren Tucker +Date: Thu Feb 15 20:06:19 2018 +1100 - Fix missed RCSID merges + Remove remaining now-obsolete cvs $Ids. -commit d3b6aeb546242c9e61721225ac4387d416dd3d5e -Author: djm@openbsd.org -Date: Fri Oct 20 02:13:41 2017 +0000 +commit 015749e9b1d2f6e14733466d19ba72f014d0845c +Author: Darren Tucker +Date: Thu Feb 15 17:01:54 2018 +1100 - upstream commit - - more RCSIDs - - Upstream-Regress-ID: 1aecbe3f8224793f0ec56741a86d619830eb33be + Regenerate dependencies after UNICOS removal. -commit b011edbb32e41aaab01386ce4c0efcc9ff681c4a -Author: djm@openbsd.org -Date: Fri Oct 20 01:56:39 2017 +0000 +commit ddc0f3814881ea279a6b6d4d98e03afc60ae1ed7 +Author: Darren Tucker +Date: Tue Feb 13 09:10:46 2018 +1100 - upstream commit - - add RCSIDs to these; they make syncing portable a bit - easier + Remove UNICOS support. - Upstream-ID: 56cb7021faea599736dd7e7f09c2e714425b1e68 + The code required to support it is quite invasive to the mainline + code that is synced with upstream and is an ongoing maintenance burden. + Both the hardware and software are literal museum pieces these days and + we could not find anyone still running OpenSSH on one. -commit 6eb27597781dccaf0ec2b80107a9f0592a0cb464 -Author: Damien Miller -Date: Fri Oct 20 12:54:15 2017 +1100 +commit 174bed686968494723e6db881208cc4dac0d020f +Author: Darren Tucker +Date: Tue Feb 13 18:12:47 2018 +1100 - upstream commit - - Apply missing commit 1.11 to kexc25519s.c - - Upstream-ID: 5f020e23a1ee6c3597af1f91511e68552cdf15e8 + Retpoline linker flag only needed for linking. -commit 6f72280553cb6918859ebcacc717f2d2fafc1a27 -Author: Damien Miller -Date: Fri Oct 20 12:52:50 2017 +1100 +commit 075e258c2cc41e1d7f3ea2d292c5342091728d40 +Author: Darren Tucker +Date: Tue Feb 13 17:36:43 2018 +1100 - upstream commit - - Apply missing commit 1.127 to servconf.h - - Upstream-ID: f14c4bac74a2b7cf1e3cff6bea5c447f192a7d15 + Default PidFile is sshd.pid not ssh.pid. -commit bb3e16ab25cb911238c2eb7455f9cf490cb143cc -Author: jmc@openbsd.org -Date: Wed Oct 18 05:36:59 2017 +0000 +commit 49f3c0ec47730ea264e2bd1e6ece11167d6384df +Author: Darren Tucker +Date: Tue Feb 13 16:27:09 2018 +1100 - upstream commit - - remove unused Pp; + Remove assigned-to-but-never-used variable. - Upstream-ID: 8ad26467f1f6a40be887234085a8e01a61a00550 + 'p' was removed in previous change but I neglected to remove the + otherwise-unused assignment to it. -commit 05b69e99570553c8e1eafb895b1fbf1d098d2e14 +commit b8bbff3b3fc823bf80c5ab226c94f13cb887d5b1 Author: djm@openbsd.org -Date: Wed Oct 18 02:49:44 2017 +0000 +Date: Tue Feb 13 03:36:56 2018 +0000 - upstream commit - - In the description of pattern-lists, clarify negated - matches by explicitly stating that a negated match will never yield a - positive result, and that at least one positive term in the pattern-list must - match. bz#1918 + upstream: remove space before tab - Upstream-ID: 652d2f9d993f158fc5f83cef4a95cd9d95ae6a14 + OpenBSD-Commit-ID: 674edd214d0a7332dd4623c9cf8117301b012890 -commit eb80e26a15c10bc65fed8b8cdb476819a713c0fd -Author: djm@openbsd.org -Date: Fri Oct 13 21:13:54 2017 +0000 +commit 05046d907c211cb9b4cd21b8eff9e7a46cd6c5ab +Author: dtucker@openbsd.org +Date: Sun Feb 11 21:16:56 2018 +0000 - upstream commit + upstream Don't reset signal handlers inside handlers. - log debug messages sent to peer; ok deraadt markus + The signal handlers from the original ssh1 code on which OpenSSH + is based assume unreliable signals and reinstall their handlers. + Since OpenBSD (and pretty much every current system) has reliable + signals this is not needed. In the unlikely even that -portable + is still being used on such systems we will deal with it in the + compat layer. ok deraadt@ - Upstream-ID: 3b4fdc0a06ea5083f61d96e20043000f477103d9 + OpenBSD-Commit-ID: f53a1015cb6908431b92116130d285d71589612c -commit 071325f458d615d7740da5c1c1d5a8b68a0b4605 -Author: jmc@openbsd.org -Date: Fri Oct 13 16:50:45 2017 +0000 +commit 3c51143c639ac686687c7acf9b373b8c08195ffb +Author: Darren Tucker +Date: Tue Feb 13 09:07:29 2018 +1100 - upstream commit - - trim permitrootlogin description somewhat, to avoid - ambiguity; original diff from walter alejandro iglesias, tweaked by sthen and - myself - - ok sthen schwarze deraadt - - Upstream-ID: 1749418b2bc073f3fdd25fe21f8263c3637fe5d2 + Whitespace sync with upstream. -commit 10727487becb897a15f658e0cb2d05466236e622 -Author: djm@openbsd.org -Date: Fri Oct 13 06:45:18 2017 +0000 +commit 19edfd4af746bedf0df17f01953ba8c6d3186eb7 +Author: Darren Tucker +Date: Tue Feb 13 08:25:46 2018 +1100 - upstream commit - - mention SSH_USER_AUTH in the list of environment - variables - - Upstream-ID: 1083397c3ee54b4933121ab058c70a0fc6383691 + Whitespace sync with upstream. -commit 224f193d6a4b57e7a0cb2b9ecd3b6c54d721d8c2 -Author: djm@openbsd.org -Date: Fri Oct 13 06:24:51 2017 +0000 +commit fbfa6f980d7460b3e12b0ce88ed3b6018edf4711 +Author: Darren Tucker +Date: Sun Feb 11 21:25:11 2018 +1300 - upstream commit + Move signal compat code into bsd-signal.{c,h} + +commit 24d2a33bd3bf5170700bfdd8675498aa09a79eab +Author: Darren Tucker +Date: Sun Feb 11 21:20:39 2018 +1300 + + Include headers for linux/if.h. - BIO_get_mem_data() is supposed to take a char* as pointer - argument, so don't pass it a const char* + Prevents configure-time "present but cannot be compiled" warning. + +commit bc02181c24fc551aab85eb2cff0f90380928ef43 +Author: Darren Tucker +Date: Sun Feb 11 19:45:47 2018 +1300 + + Fix test for -z,retpolineplt linker flag. + +commit 3377df00ea3fece5293db85fe63baef33bf5152e +Author: Darren Tucker +Date: Sun Feb 11 09:32:37 2018 +1100 + + Add checks for Spectre v2 mitigation (retpoline) - Upstream-ID: 1ccd91eb7f4dd4f0fa812d4f956987cd00b5f6ec + This adds checks for gcc and clang flags for mitigations for Spectre + variant 2, ie "retpoline". It'll automatically enabled if the compiler + supports it as part of toolchain hardening flag. ok djm@ -commit cfa46825b5ef7097373ed8e31b01a4538a8db565 -Author: benno@openbsd.org -Date: Mon Oct 9 20:12:51 2017 +0000 +commit d9e5cf078ea5380da6df767bb1773802ec557ef0 +Author: djm@openbsd.org +Date: Sat Feb 10 09:25:34 2018 +0000 upstream commit - clarify the order in which config statements are used. ok - jmc@ djm@ + constify some private key-related functions; based on + https://github.com/openssh/openssh-portable/pull/56 by Vincent Brillault - Upstream-ID: e37e27bb6bbac71315e22cb9690fd8a556a501ed + OpenBSD-Commit-ID: dcb94a41834a15f4d00275cb5051616fdc4c988c -commit dceabc7ad7ebc7769c8214a1647af64c9a1d92e5 +commit a7c38215d564bf98e8e9eb40c1079e3adf686f15 Author: djm@openbsd.org -Date: Thu Oct 5 15:52:03 2017 +0000 +Date: Sat Feb 10 09:03:54 2018 +0000 upstream commit - replace statically-sized arrays in ServerOptions with - dynamic ones managed by xrecallocarray, removing some arbitrary (though - large) limits and saving a bit of memory; "much nicer" markus@ + Mention ServerAliveTimeout in context of TCPKeepAlives; + prompted by Christoph Anton Mitterer via github - Upstream-ID: 1732720b2f478fe929d6687ac7b0a97ff2efe9d2 + OpenBSD-Commit-ID: f0cf1b5bd3f1fbf41d71c88d75d93afc1c880ca2 -commit 2b4f3ab050c2aaf6977604dd037041372615178d -Author: jmc@openbsd.org -Date: Thu Oct 5 12:56:50 2017 +0000 +commit 62562ceae61e4f7cf896566592bb840216e71061 +Author: djm@openbsd.org +Date: Sat Feb 10 06:54:38 2018 +0000 upstream commit - %C is hashed; from klemens nanni ok markus + clarify IgnoreUserKnownHosts; based on github PR from + Christoph Anton Mitterer. - Upstream-ID: 6ebed7b2e1b6ee5402a67875d74f5e2859d8f998 + OpenBSD-Commit-ID: 4fff2c17620c342fb2f1f9c2d2e679aab3e589c3 -commit a66714508b86d6814e9055fefe362d9fe4d49ab3 +commit 4f011daa4cada6450fa810f7563b8968639bb562 Author: djm@openbsd.org -Date: Wed Oct 4 18:50:23 2017 +0000 +Date: Sat Feb 10 06:40:28 2018 +0000 upstream commit - exercise PermitOpen a little more thoroughly + Shorter, more accurate explanation of + NoHostAuthenticationForLocalhost without the confusing example. Prompted by + Christoph Anton Mitterer via github and bz#2293. - Upstream-Regress-ID: f41592334e227a4c1f9a983044522de4502d5eac + OpenBSD-Commit-ID: 19dc96bea25b80d78d416b581fb8506f1e7b76df -commit 609ecc8e57eb88e2eac976bd3cae7f7889aaeff6 -Author: dtucker@openbsd.org -Date: Tue Sep 26 22:39:25 2017 +0000 +commit 77e05394af21d3f5faa0c09ed3855e4505a5cf9f +Author: djm@openbsd.org +Date: Sat Feb 10 06:15:12 2018 +0000 upstream commit - UsePrivilegeSeparation is gone, stop trying to test it. + Disable RemoteCommand and RequestTTY in the ssh session + started by scp. sftp is already doing this. From Camden Narzt via github; ok + dtucker - Upstream-Regress-ID: 796a5057cfd79456a20ea935cc53f6eb80ace191 + OpenBSD-Commit-ID: 59e2611141c0b2ee579c6866e8eb9d7d8217bc6b -commit 69bda0228861f3dacd4fb3d28b60ce9d103d254b +commit ca613249a00b64b2eea9f52d3834b55c28cf2862 Author: djm@openbsd.org -Date: Wed Oct 4 18:49:30 2017 +0000 +Date: Sat Feb 10 05:48:46 2018 +0000 upstream commit - fix (another) problem in PermitOpen introduced during the - channels.c refactor: the third and subsequent arguments to PermitOpen were - being silently ignored; ok markus@ + Refuse to create a certificate with an unusable number of + principals; Prompted by gdestuynder via github - Upstream-ID: 067c89f1f53cbc381628012ba776d6861e6782fd + OpenBSD-Commit-ID: 8cfae2451e8f07810e3e2546dfdcce66984cbd29 -commit 66bf74a92131b7effe49fb0eefe5225151869dc5 +commit b56ac069d46b6f800de34e1e935f98d050731d14 Author: djm@openbsd.org -Date: Mon Oct 2 19:33:20 2017 +0000 +Date: Sat Feb 10 05:43:26 2018 +0000 upstream commit - Fix PermitOpen crash; spotted by benno@, ok dtucker@ deraadt@ + fatal if we're unable to write all the public key; previously + we would silently ignore errors writing the comment and terminating newline. + Prompted by github PR from WillerZ; ok dtucker - Upstream-ID: c2cc84ffac070d2e1ff76182c70ca230a387983c + OpenBSD-Commit-ID: 18fbfcfd4e8c6adbc84820039b64d70906e49831 -commit d63b38160a59039708fd952adc75a0b3da141560 -Author: Damien Miller -Date: Sun Oct 1 10:32:25 2017 +1100 +commit cdb10bd431f9f6833475c27e9a82ebb36fdb12db +Author: Darren Tucker +Date: Sat Feb 10 11:18:38 2018 +1100 - update URL again - - I spotted a typo in the draft so uploaded a new version... + Add changelog entry for binary strip change. -commit 6f64f596430cd3576c529f07acaaf2800aa17d58 -Author: Damien Miller -Date: Sun Oct 1 10:01:56 2017 +1100 +commit fbddd91897cfaf456bfc2081f39fb4a2208a0ebf +Author: Darren Tucker +Date: Sat Feb 10 11:14:54 2018 +1100 - sync release notes URL + Remove unused variables. -commit 35ff70a04dd71663a5ac1e73b90d16d270a06e0d -Author: Damien Miller -Date: Sun Oct 1 10:01:25 2017 +1100 +commit 937d96587df99c16c611d828cded292fa474a32b +Author: Darren Tucker +Date: Sat Feb 10 11:12:45 2018 +1100 - sync contrib/ssh-copy-id with upstream + Don't strip binaries so debuginfo gets built. + + Tell install not to strip binaries during package creation so that the + debuginfo package can be built. -commit 290843b8ede85f8b30bf29cd7dceb805c3ea5b66 -Author: Damien Miller -Date: Sun Oct 1 09:59:19 2017 +1100 +commit eb0865f330f59c889ec92696b97bd397090e720c +Author: Darren Tucker +Date: Sat Feb 10 10:33:11 2018 +1100 - update version in RPM spec files + Fix bogus dates in changelog. -commit 4e4e0bb223c5be88d87d5798c75cc6b0d4fef31d -Author: Damien Miller -Date: Sun Oct 1 09:58:24 2017 +1100 +commit 7fbde1b34c1f6c9ca9e9d10805ba1e5e4538e165 +Author: Darren Tucker +Date: Sat Feb 10 10:25:15 2018 +1100 - update agent draft URL + Remove SSH1 from description. -commit e4a798f001d2ecd8bf025c1d07658079f27cc604 -Author: djm@openbsd.org -Date: Sat Sep 30 22:26:33 2017 +0000 +commit 9c34a76f099c4e0634bf6ecc2f40ce93925402c4 +Author: Darren Tucker +Date: Sat Feb 10 10:19:16 2018 +1100 - upstream commit - - openssh-7.6; ok deraadt@ - - Upstream-ID: a39c3a5b63a1baae109ae1ae4c7c34c2a59acde0 + Add support for compat-openssl10 build dep. -commit 5fa1407e16e7e5fda9769d53b626ce39d5588d4d -Author: jmc@openbsd.org -Date: Wed Sep 27 06:45:53 2017 +0000 +commit 04f4e8193cb5a5a751fcc356bd6656291fec539e +Author: Darren Tucker +Date: Sat Feb 10 09:57:04 2018 +1100 - upstream commit - - tweak EposeAuthinfo; diff from lars nooden - - tweaked by sthen; ok djm dtucker + Add leading zero so it'll work when rhel not set. - Upstream-ID: 8f2ea5d2065184363e8be7a0ba24d98a3b259748 + When rhel is not set it will error out with "bad if". Add leading zero + as per https://fedoraproject.org/wiki/Packaging:DistTag so it'll work + on non-RHEL. -commit bba69c246f0331f657fd6ec97724df99fc1ad174 -Author: Damien Miller -Date: Thu Sep 28 16:06:21 2017 -0700 +commit 12abd67a6af28476550807a443b38def2076bb92 +Author: Darren Tucker +Date: Sat Feb 10 09:56:34 2018 +1100 - don't fatal ./configure for LibreSSL + Update openssl-devel dependency. -commit 04dc070e8b4507d9d829f910b29be7e3b2414913 -Author: Damien Miller -Date: Thu Sep 28 14:54:34 2017 -0700 +commit b33e7645f8813719d7f9173fef24463c8833ebb3 +Author: nkadel +Date: Sun Nov 16 18:19:58 2014 -0500 - abort in configure when only openssl-1.1.x found - - We don't support openssl-1.1.x yet (see multiple threads on the - openssh-unix-dev@ mailing list for the reason), but previously - ./configure would accept it and the compilation would subsequently - fail. This makes ./configure display an explicit error message and - abort. + Add mandir with-mandir' for RHEL 5 compatibility. - ok dtucker@ + Activate '--mandir' and '--with-mandir' settings in setup for RHEL + 5 compatibility. -commit 74c1c3660acf996d9dc329e819179418dc115f2c -Author: Darren Tucker -Date: Wed Sep 27 07:44:41 2017 +1000 +commit 94f8bf360eb0162e39ddf39d69925c2e93511e40 +Author: nkadel +Date: Sun Nov 16 18:18:51 2014 -0500 - Check for and handle calloc(p, 0) = NULL. + Discard 'K5DIR' reporting. - On some platforms (AIX, maybe others) allocating zero bytes of memory - via the various *alloc functions returns NULL, which is permitted - by the standards. Autoconf has some macros for detecting this (with - the exception of calloc for some reason) so use these and if necessary - activate shims for them. ok djm@ + It does not work inside 'mock' build environment. -commit 6a9481258a77b0b54b2a313d1761c87360c5f1f5 -Author: markus@openbsd.org -Date: Thu Sep 21 19:18:12 2017 +0000 +commit bb7e54dbaf34b70b3e57acf7982f3a2136c94ee5 +Author: nkadel +Date: Sun Nov 16 18:17:15 2014 -0500 - upstream commit - - test reverse dynamic forwarding with SOCKS - - Upstream-Regress-ID: 95cf290470f7e5e2f691e4bc6ba19b91eced2f79 + Add 'dist' to 'rel' for OS specific RPM names. -commit 1b9f321605733754df60fac8c1d3283c89b74455 -Author: Damien Miller -Date: Tue Sep 26 16:55:55 2017 +1000 +commit 87346f1f57f71150a9b8c7029d8c210e27027716 +Author: nkadel +Date: Sun Nov 16 14:17:38 2014 -0500 - sync missing changes in dynamic-forward.sh + Add openssh-devel >= 0.9.8f for redhat spec file. -commit 44fc334c7a9ebdd08addb6d5fa005369897fddeb -Author: Darren Tucker -Date: Mon Sep 25 09:48:10 2017 +1000 +commit bec1478d710866d3c1b119343a35567a8fc71ec3 +Author: nkadel +Date: Sun Nov 16 13:10:24 2014 -0500 - Add minimal strsignal for platforms without it. + Enhance BuildRequires for openssh-x11-askpass. -commit 218e6f98df566fb9bd363f6aa47018cb65ede196 -Author: djm@openbsd.org -Date: Sun Sep 24 13:45:34 2017 +0000 +commit 3104fcbdd3c70aefcb0cdc3ee24948907db8dc8f +Author: nkadel +Date: Sun Nov 16 13:04:14 2014 -0500 - upstream commit - - fix inverted test on channel open failure path that - "upgraded" a transient failure into a fatal error; reported by sthen and also - seen by benno@; ok sthen@ + Always include x11-ssh-askpass SRPM. - Upstream-ID: b58b3fbb79ba224599c6cd6b60c934fc46c68472 + Always include x11-ssh-askpass tarball in redhat SRPM, even if unused. -commit c704f641f7b8777497dc82e81f2ac89afec7e401 -Author: djm@openbsd.org -Date: Sun Sep 24 09:50:01 2017 +0000 +commit c61d0d038d58eebc365f31830be6e04ce373ad1b +Author: Damien Miller +Date: Sat Feb 10 09:43:12 2018 +1100 - upstream commit - - write the correct buffer when tunnel forwarding; doesn't - matter on OpenBSD (they are the same) but does matter on portable where we - use an output filter to translate os-specific tun/tap headers - - Upstream-ID: f1ca94eff48404827b12e1d12f6139ee99a72284 + this is long unused; prompted by dtucker@ -commit 55486f5cef117354f0c64f991895835077b7c7f7 -Author: djm@openbsd.org -Date: Sat Sep 23 22:04:07 2017 +0000 +commit 745771fb788e41bb7cdad34e5555bf82da3af7ed +Author: dtucker@openbsd.org +Date: Fri Feb 9 02:37:36 2018 +0000 upstream commit - fix tunnel forwarding problem introduced in refactor; - reported by stsp@ ok markus@ + Remove unused sKerberosTgtPassing from enum. From + calestyo via github pull req #11, ok djm@ - Upstream-ID: 81a731cdae1122c8522134095d1a8b60fa9dcd04 + OpenBSD-Commit-ID: 1008f8870865a7c4968b7aed402a0a9e3e5b9540 -commit 609d7a66ce578abf259da2d5f6f68795c2bda731 -Author: markus@openbsd.org -Date: Thu Sep 21 19:16:53 2017 +0000 +commit 1f385f55332db830b0ae22a7663b98279ca2d657 +Author: dtucker@openbsd.org +Date: Thu Feb 8 04:12:32 2018 +0000 upstream commit - Add 'reverse' dynamic forwarding which combines dynamic - forwarding (-D) with remote forwarding (-R) where the remote-forwarded port - expects SOCKS-requests. - - The SSH server code is unchanged and the parsing happens at the SSH - clients side. Thus the full SOCKS-request is sent over the forwarded - channel and the client parses c->output. Parsing happens in - channel_before_prepare_select(), _before_ the select bitmask is - computed in the pre[] handlers, but after network input processing - in the post[] handlers. - - help and ok djm@ + Rename struct umac_ctx to umac128_ctx too. In portable + some linkers complain about two symbols with the same name having differing + sizes. ok djm@ - Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89 + OpenBSD-Commit-ID: cbebf8bdd3310a9795b4939a1e112cfe24061ca3 -commit 36945fa103176c00b39731e1fc1919a0d0808b81 +commit f1f047fb031c0081dbc8738f05bf5d4cc47acadf Author: dtucker@openbsd.org -Date: Wed Sep 20 05:19:00 2017 +0000 +Date: Wed Feb 7 22:52:45 2018 +0000 upstream commit - Use strsignal in debug message instead of casting for the - benefit of portable where sig_atomic_t might not be int. "much nicer" - deraadt@ + ssh_free checks for and handles NULL args, remove NULL + checks from remaining callers. ok djm@ - Upstream-ID: 2dac6c1e40511c700bd90664cd263ed2299dcf79 + OpenBSD-Commit-ID: bb926825c53724c069df68a93a2597f9192f7e7b -commit 3e8d185af326bf183b6f78597d5e3d2eeb2dc40e -Author: millert@openbsd.org -Date: Tue Sep 19 12:10:30 2017 +0000 +commit aee49b2a89b6b323c80dd3b431bd486e51f94c8c +Author: Darren Tucker +Date: Thu Feb 8 12:36:22 2018 +1100 - upstream commit - - Use explicit_bzero() instead of bzero() before free() to - prevent the compiler from optimizing away the bzero() call. OK djm@ + Set SO_REUSEADDR in regression test netcat. - Upstream-ID: cdc6197e64c9684c7250e23d60863ee1b53cef1d + Sometimes multiplex tests fail on Solaris with "netcat: local_listen: + Address already in use" which is likely due to previous invocations + leaving the port in TIME_WAIT. Set SO_REUSEADDR (in addition to + SO_REUSEPORT which is alread set on platforms that support it). ok djm@ -commit 5b8da1f53854c0923ec6e927e86709e4d72737b6 -Author: djm@openbsd.org -Date: Tue Sep 19 04:24:22 2017 +0000 +commit 1749991c55bab716877b7c687cbfbf19189ac6f1 +Author: jsing@openbsd.org +Date: Wed Feb 7 05:17:56 2018 +0000 upstream commit - fix use-after-free in ~^Z escape handler path, introduced - in channels.c refactor; spotted by millert@ "makes sense" deraadt@ + Convert some explicit_bzero()/free() calls to freezero(). - Upstream-ID: 8fa2cdc65c23ad6420c1e59444b0c955b0589b22 + ok deraadt@ dtucker@ + + OpenBSD-Commit-ID: f566ab99149650ebe58b1d4b946ea726c3829609 -commit a3839d8d2b89ff1a80cadd4dd654336710de2c9e -Author: dtucker@openbsd.org -Date: Mon Sep 18 12:03:24 2017 +0000 +commit 94ec2b69d403f4318b7a0d9b17f8bc3efbf4d0d2 +Author: jsing@openbsd.org +Date: Wed Feb 7 05:15:49 2018 +0000 upstream commit - Prevent type mismatch warning in debug on platforms where - sig_atomic_t != int. ok djm@ + Remove some #ifdef notyet code from OpenSSL 0.9.8 days. - Upstream-ID: 306e2375eb0364a4c68e48f091739bea4f4892ed + These functions have never appeared in OpenSSL and are likely never to do + so. + + "kill it with fire" djm@ + + OpenBSD-Commit-ID: fee9560e283fd836efc2631ef381658cc673d23e -commit 30484e5e5f0b63d2c6ba32c6b85f06b6c6fa55fc -Author: dtucker@openbsd.org -Date: Mon Sep 18 09:41:52 2017 +0000 +commit 7cd31632e3a6607170ed0c9ed413a7ded5b9b377 +Author: jsing@openbsd.org +Date: Wed Feb 7 02:06:50 2018 +0000 upstream commit - Add braces missing after channels refactor. ok markus@ + Remove all guards for calls to OpenSSL free functions - + all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards. - Upstream-ID: 72ab325c84e010680dbc88f226e2aa96b11a3980 - -commit b79569190b9b76dfacc6d996faa482f16e8fc026 -Author: Damien Miller -Date: Tue Sep 19 12:29:23 2017 +1000 - - add freezero(3) replacement + Prompted by dtucker@ asking about guards for RSA_free(), when looking at + openssh-portable pr#84 on github. - ok dtucker@ + ok deraadt@ dtucker@ + + OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae -commit 161af8f5ec0961b10cc032efb5cc1b44ced5a92e -Author: Damien Miller -Date: Tue Sep 19 10:18:56 2017 +1000 +commit 3c000d57d46882eb736c6563edfc4995915c24a2 +Author: Darren Tucker +Date: Wed Feb 7 09:19:38 2018 +1100 - move FORTIFY_SOURCE into hardening options group + Remove obsolete "Smartcard support" message - It's still on by default, but now it's possible to turn it off using - --without-hardening. This is useful since it's known to cause problems - with some -fsanitize options. ok dtucker@ + The configure checks that populated $SCARD_MSG were removed in commits + 7ea845e4 and d8f60022 when the smartcard support was replaced with + PKCS#11. -commit 09eacf856e0fe1a6e3fe597ec8032b7046292914 -Author: bluhm@openbsd.org -Date: Wed Sep 13 14:58:26 2017 +0000 +commit 3e615090de0ce36a833d811e01c28aec531247c4 +Author: dtucker@openbsd.org +Date: Tue Feb 6 06:01:54 2018 +0000 upstream commit - Print SKIPPED if sudo and doas configuration is missing. - Prevents that running the regression test with wrong environment is reported - as failure. Keep the fatal there to avoid interfering with other setups for - portable ssh. OK dtucker@ + Replace "trojan horse" with the correct term (MITM). + From maikel at predikkta.com via bz#2822, ok markus@ - Upstream-Regress-ID: f0dc60023caef496ded341ac5aade2a606fa234e + OpenBSD-Commit-ID: e86ac64c512057c89edfadb43302ac0aa81a6c53 -commit cdede10899892f25f1ccdccd7a3fe5e5ef0aa49a -Author: dtucker@openbsd.org -Date: Mon Aug 7 03:52:55 2017 +0000 +commit 3484380110d437c50e17f87d18544286328c75cb +Author: tb@openbsd.org +Date: Mon Feb 5 05:37:46 2018 +0000 upstream commit - Remove obsolete privsep=no fallback test. + Add a couple of non-negativity checks to avoid close(-1). - Upstream-Regress-ID: 7d6e1baa1678ac6be50c2a1555662eb1047638df + ok djm + + OpenBSD-Commit-ID: 4701ce0b37161c891c838d0931305f1d37a50880 -commit ec218c105daa9f5b192f7aa890fdb2d4fdc4e9d8 -Author: dtucker@openbsd.org -Date: Mon Aug 7 00:53:51 2017 +0000 +commit 5069320be93c8b2a6584b9f944c86f60c2b04e48 +Author: tb@openbsd.org +Date: Mon Feb 5 05:36:49 2018 +0000 upstream commit - Remove non-privsep test since disabling privsep is now - deprecated. + The file descriptors for socket, stdin, stdout and stderr + aren't necessarily distinct, so check if they are the same to avoid closing + the same fd several times. - Upstream-Regress-ID: 77ad3f3d8d52e87f514a80f285c6c1229b108ce8 + ok djm + + OpenBSD-Commit-ID: 60d71fd22e9a32f5639d4ba6e25a2f417fc36ac1 -commit 239c57d5bc2253e27e3e6ad7ac52ec8c377ee24e -Author: dtucker@openbsd.org -Date: Fri Jul 28 10:32:08 2017 +0000 +commit 2b428f90ea1b21d7a7c68ec1ee334253b3f9324d +Author: djm@openbsd.org +Date: Mon Feb 5 04:02:53 2018 +0000 upstream commit - Don't call fatal from stop_sshd since it calls cleanup - which calls stop_sshd which will probably fail in the same way. Instead, - just bail. Differentiate between sshd dying without cleanup and not shutting - down. + I accidentially a word - Upstream-Regress-ID: f97315f538618b349e2b0bea02d6b0c9196c6bc4 + OpenBSD-Commit-ID: 4547ee713fa941da861e83ae7a3e6432f915e14a -commit aea59a0d9f120f2a87c7f494a0d9c51eaa79b8ba +commit 130283d5c2545ff017c2162dc1258c5354e29399 Author: djm@openbsd.org -Date: Thu Sep 14 04:32:21 2017 +0000 +Date: Thu Jan 25 03:34:43 2018 +0000 upstream commit - Revert commitid: gJtIN6rRTS3CHy9b. - - ------------- - identify the case where SSHFP records are missing but other DNS RR - types are present and display a more useful error message for this - case; patch by Thordur Bjornsson; bz#2501; ok dtucker@ - ------------- - - This caused unexpected failures when VerifyHostKeyDNS=yes, SSHFP results - are missing but the user already has the key in known_hosts + certificate options are case-sensitive; fix case on one + that had it wrong. - Spotted by dtucker@ + move a badly-place sentence to a less bad place - Upstream-ID: 97e31742fddaf72046f6ffef091ec0d823299920 + OpenBSD-Commit-ID: 231e516bba860699a1eece6d48532d825f5f747b -commit 871f1e4374420b07550041b329627c474abc3010 +commit 89f09ee68730337015bf0c3f138504494a34e9a6 Author: Damien Miller -Date: Tue Sep 12 18:01:35 2017 +1000 +Date: Wed Jan 24 12:20:44 2018 +1100 - adapt portable to channels API changes + crypto_api.h needs includes.h -commit 4ec0bb9f9ad7b4eb0af110fa8eddf8fa199e46bb -Author: djm@openbsd.org -Date: Tue Sep 12 07:55:48 2017 +0000 +commit c9c1bba06ad1c7cad8548549a68c071bd807af60 +Author: stsp@openbsd.org +Date: Tue Jan 23 20:00:58 2018 +0000 upstream commit - unused variable + Fix a logic bug in sshd_exchange_identification which + prevented clients using major protocol version 2 from connecting to the + server. ok millert@ - Upstream-ID: 2f9ba09f2708993d35eac5aa71df910dcc52bac1 + OpenBSD-Commit-ID: 8668dec04586e27f1c0eb039ef1feb93d80a5ee9 -commit 9145a73ce2ba30c82bbf91d7205bfd112529449f -Author: djm@openbsd.org -Date: Tue Sep 12 07:32:04 2017 +0000 +commit a60c5dcfa2538ffc94dc5b5adb3db5b6ed905bdb +Author: stsp@openbsd.org +Date: Tue Jan 23 18:33:49 2018 +0000 upstream commit - fix tun/tap forwarding case in previous + Add missing braces; fixes 'write: Socket is not + connected' error in ssh. ok deraadt@ - Upstream-ID: 43ebe37a930320e24bca6900dccc39857840bc53 + OpenBSD-Commit-ID: db73a3a9e147722d410866cac34d43ed52e1ad24 -commit 9f53229c2ac97dbc6f5a03657de08a1150a9ac7e +commit 20d53ac283e1c60245ea464bdedd015ed9b38f4a +Author: Damien Miller +Date: Tue Jan 23 16:49:43 2018 +1100 + + rebuild depends + +commit 552ea155be44f9c439c1f9f0c38f9e593428f838 +Author: Damien Miller +Date: Tue Jan 23 16:49:22 2018 +1100 + + one SSH_BUG_BANNER instance that got away + +commit 14b5c635d1190633b23ac3372379517fb645b0c2 Author: djm@openbsd.org -Date: Tue Sep 12 06:35:31 2017 +0000 +Date: Tue Jan 23 05:27:21 2018 +0000 upstream commit - Make remote channel ID a u_int - - Previously we tracked the remote channel IDs in an int, but this is - strictly incorrect: the wire protocol uses uint32 and there is nothing - in-principle stopping a SSH implementation from sending, say, 0xffff0000. + Drop compatibility hacks for some ancient SSH + implementations, including ssh.com <=2.* and OpenSSH <= 3.*. - In practice everyone numbers their channels sequentially, so this has - never been a problem. + These versions were all released in or before 2001 and predate the + final SSH RFCs. The hacks in question aren't necessary for RFC- + compliant SSH implementations. ok markus@ - Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73 + OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138 -commit dbee4119b502e3f8b6cd3282c69c537fd01d8e16 +commit 7c77991f5de5d8475cbeb7cbb06d0c7d1611d7bb Author: djm@openbsd.org -Date: Tue Sep 12 06:32:07 2017 +0000 +Date: Tue Jan 23 05:17:04 2018 +0000 upstream commit - refactor channels.c - - Move static state to a "struct ssh_channels" that is allocated at - runtime and tracked as a member of struct ssh. - - Explicitly pass "struct ssh" to all channels functions. - - Replace use of the legacy packet APIs in channels.c. - - Rework sshd_config PermitOpen handling: previously the configuration - parser would call directly into the channels layer. After the refactor - this is not possible, as the channels structures are allocated at - connection time and aren't available when the configuration is parsed. - The server config parser now tracks PermitOpen itself and explicitly - configures the channels code later. - - ok markus@ + try harder to preserve errno during + ssh_connect_direct() to make the final error message possibly accurate; + bz#2814, ok dtucker@ - Upstream-ID: 11828f161656b965cc306576422613614bea2d8f + OpenBSD-Commit-ID: 57de882cb47381c319b04499fef845dd0c2b46ca -commit abd59663df37a42152e37980113ccaa405b9a282 +commit 9e9c4a7e57b96ab29fe6d7545ed09d2e5bddbdec Author: djm@openbsd.org -Date: Thu Sep 7 23:48:09 2017 +0000 +Date: Tue Jan 23 05:12:12 2018 +0000 upstream commit - typo in comment + unbreak support for clients that advertise a protocol + version of "1.99" (indicating both v2 and v1 support). Busted by me during + SSHv1 purge in r1.358; bz2810, ok dtucker - Upstream-ID: a93b1e6f30f1f9b854b5b964b9fd092d0c422c47 + OpenBSD-Commit-ID: e8f9c2bee11afc16c872bb79d6abe9c555bd0e4b -commit 149a8cd24ce9dd47c36f571738681df5f31a326c -Author: jmc@openbsd.org -Date: Mon Sep 4 06:34:43 2017 +0000 +commit fc21ea97968264ad9bb86b13fedaaec8fd3bf97d +Author: djm@openbsd.org +Date: Tue Jan 23 05:06:25 2018 +0000 upstream commit - tweak previous; + don't attempt to force hostnames that are addresses to + lowercase, but instead canonicalise them through getnameinfo/getaddrinfo to + remove ambiguities (e.g. ::0001 => ::1) before they are matched against + known_hosts; bz#2763, ok dtucker@ - Upstream-ID: bb8cc40b61b15f6a13d81da465ac5bfc65cbfc4b + OpenBSD-Commit-ID: ba0863ff087e61e5c65efdbe53be3cb92c9aefa0 -commit ec9d22cc251cc5acfe7b2bcef9cc7a1fe0e949d8 -Author: Damien Miller -Date: Fri Sep 8 12:44:13 2017 +1000 +commit d6364f6fb1a3d753d7ca9bf15b2adce961324513 +Author: djm@openbsd.org +Date: Tue Jan 23 05:01:15 2018 +0000 - Fuzzer harnesses for sig verify and pubkey parsing + upstream commit - These are some basic clang libfuzzer harnesses for signature - verification and public key parsing. Some assembly (metaphorical) - required. + avoid modifying pw->pw_passwd; let endpwent() clean up + for us, but keep a scrubbed copy; bz2777, ok dtucker@ + + OpenBSD-Commit-ID: 715afc0f59c6b82c4929a73279199ed241ce0752 -commit de35c382894964a896a63ecd5607d3a3b93af75d -Author: Damien Miller -Date: Fri Sep 8 12:38:31 2017 +1000 +commit a69bbb07cd6fb4dfb9bdcacd370ab26d0a2b4215 +Author: naddy@openbsd.org +Date: Sat Jan 13 00:24:09 2018 +0000 - Give configure ability to set CFLAGS/LDFLAGS later + upstream commit - Some CFLAGS/LDFLAGS may disrupt the configure script's operation, - in particular santization and fuzzer options that break assumptions - about memory and file descriptor dispositions. + clarify authorship; prodded by and ok markus@ - This adds two flags to configure --with-cflags-after and - --with-ldflags-after that allow specifying additional compiler and - linker options that are added to the resultant Makefiles but not - used in the configure run itself. + OpenBSD-Commit-ID: e1938eee58c89b064befdabe232835fa83bb378c + +commit 04214b30be3d3e73a01584db4e040d5ccbaaddd4 +Author: markus@openbsd.org +Date: Mon Jan 8 15:37:21 2018 +0000 + + upstream commit - E.g. + group shared source files (e.g. SRCS_KEX) and allow + compilation w/o OPENSSL ok djm@ - env CC=clang-3.9 ./configure \ - --with-cflags-after=-fsantize=address \ - --with-ldflags-after="-g -fsanitize=address" + OpenBSD-Commit-ID: fa728823ba21c4b45212750e1d3a4b2086fd1a62 -commit 22376d27a349f62c502fec3396dfe0fdcb2a40b7 -Author: djm@openbsd.org -Date: Sun Sep 3 23:33:13 2017 +0000 +commit 25cf9105b849932fc3b141590c009e704f2eeba6 +Author: markus@openbsd.org +Date: Mon Jan 8 15:21:49 2018 +0000 upstream commit - Expand ssh_config's StrictModes option with two new - settings: - - StrictModes=accept-new will automatically accept hitherto-unseen keys - but will refuse connections for changed or invalid hostkeys. + move subprocess() so scp/sftp do not need uidswap.o; ok + djm@ - StrictModes=off is the same as StrictModes=no + OpenBSD-Commit-ID: 6601b8360388542c2e5fef0f4085f8e54750bea8 + +commit b0d34132b3ca26fe94013f01d7b92101e70b68bb +Author: markus@openbsd.org +Date: Mon Jan 8 15:18:46 2018 +0000 + + upstream commit - Motivation: + switch ssh-pkcs11-helper to new API; ok djm@ - StrictModes=no combines two behaviours for host key processing: - automatically learning new hostkeys and continuing to connect to hosts - with invalid/changed hostkeys. The latter behaviour is quite dangerous - since it removes most of the protections the SSH protocol is supposed to - provide. + OpenBSD-Commit-ID: e0c0ed2a568e25b1d2024f3e630f3fea837c2a42 + +commit ec4a9831184c0c6ed5f7f0cfff01ede5455465a3 +Author: markus@openbsd.org +Date: Mon Jan 8 15:15:36 2018 +0000 + + upstream commit - Quite a few users want to automatically learn hostkeys however, so - this makes that feature available with less danger. + split client/server kex; only ssh-keygen needs + uuencode.o; only scp/sftp use progressmeter.o; ok djm@ - At some point in the future, StrictModes=no will change to be a synonym - for accept-new, with its current behaviour remaining available via - StrictModes=off. + OpenBSD-Commit-ID: f2c9feb26963615c4fece921906cf72e248b61ee + +commit ec77efeea06ac62ee1d76fe0b3225f3000775a9e +Author: markus@openbsd.org +Date: Mon Jan 8 15:15:17 2018 +0000 + + upstream commit - bz#2400, suggested by Michael Samuel; ok markus + only ssh-keygen needs uuencode.o; only scp/sftp use + progressmeter.o - Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64 + OpenBSD-Commit-ID: a337e886a49f96701ccbc4832bed086a68abfa85 -commit ff3c42384033514e248ba5d7376aa033f4a2b99a -Author: jmc@openbsd.org -Date: Fri Sep 1 15:41:26 2017 +0000 +commit 25aae35d3d6ee86a8c4c0b1896acafc1eab30172 +Author: markus@openbsd.org +Date: Mon Jan 8 15:14:44 2018 +0000 upstream commit - remove blank line; + uuencode.h is not used - Upstream-ID: 2f46b51a0ddb3730020791719e94d3e418e9f423 + OpenBSD-Commit-ID: 238eb4659f3c119904326b9e94a5e507a912796c -commit b828605d51f57851316d7ba402b4ae06cf37c55d +commit 4f29309c4cb19bcb1774931db84cacc414f17d29 +Author: Damien Miller +Date: Wed Jan 3 19:50:43 2018 +1100 + + unbreak fuzz harness + +commit f6b50bf84dc0b61f22c887c00423e0ea7644e844 Author: djm@openbsd.org -Date: Fri Sep 1 05:53:56 2017 +0000 +Date: Thu Dec 21 05:46:35 2017 +0000 upstream commit - identify the case where SSHFP records are missing but - other DNS RR types are present and display a more useful error message for - this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@ + another libssh casualty - Upstream-ID: 8f7a5a8344f684823d8317a9708b63e75be2c244 + OpenBSD-Regress-ID: 839b970560246de23e7c50215095fb527a5a83ec -commit 8042bad97e2789a50e8f742c3bcd665ebf0add32 +commit 5fb4fb5a0158318fb8ed7dbb32f3869bbf221f13 Author: djm@openbsd.org -Date: Fri Sep 1 05:50:48 2017 +0000 +Date: Thu Dec 21 03:01:49 2017 +0000 upstream commit - document available AuthenticationMethods; bz#2453 ok - dtucker@ + missed one (unbreak after ssh/lib removal) - Upstream-ID: 2c70576f237bb699aff59889dbf2acba4276d3d0 + OpenBSD-Regress-ID: cfdd132143131769e2d2455e7892b5d55854c322 -commit 71e5a536ec815d542b199f2ae6d646c0db9f1b58 +commit e6c4134165d05447009437a96e7201276688807f Author: djm@openbsd.org -Date: Wed Aug 30 03:59:08 2017 +0000 +Date: Thu Dec 21 00:41:22 2017 +0000 upstream commit - pass packet state down to some of the channels function - (more to come...); ok markus@ + unbreak unit tests after removal of src/usr.bin/ssh/lib - Upstream-ID: d8ce7a94f4059d7ac1e01fb0eb01de0c4b36c81b + OpenBSD-Regress-ID: 3a79760494147b20761cbd2bd5c20e86c63dc8f9 -commit 6227fe5b362239c872b91bbdee4bf63cf85aebc5 -Author: jmc@openbsd.org -Date: Tue Aug 29 13:05:58 2017 +0000 +commit d45d69f2a937cea215c7f0424e5a4677b6d8c7fe +Author: djm@openbsd.org +Date: Thu Dec 21 00:00:28 2017 +0000 upstream commit - sort options; + revert stricter key type / signature type checking in + userauth path; too much software generates inconsistent messages, so we need + a better plan. - Upstream-ID: cf21d68cf54e81968bca629aaeddc87f0c684f3c + OpenBSD-Commit-ID: 4a44ddc991c803c4ecc8f1ad40e0ab4d22e1c519 -commit 530591a5795a02d01c78877d58604723918aac87 -Author: dlg@openbsd.org -Date: Tue Aug 29 09:42:29 2017 +0000 +commit c5a6cbdb79752f7e761074abdb487953ea6db671 +Author: djm@openbsd.org +Date: Tue Dec 19 00:49:30 2017 +0000 upstream commit - add a -q option to ssh-add to make it quiet on success. - - if you want to silence ssh-add without this you generally redirect - the output to /dev/null, but that can hide error output which you - should see. + explicitly test all key types and their certificate + counterparts - ok djm@ + refactor a little - Upstream-ID: 2f31b9b13f99dcf587e9a8ba443458e6c0d8997c + OpenBSD-Regress-ID: e9ecd5580821b9ef8b7106919c6980d8e45ca8c4 -commit a54eb27dd64b5eca3ba94e15cec3535124bd5029 +commit f689adb7a370b5572612d88be9837ca9aea75447 Author: dtucker@openbsd.org -Date: Sun Aug 27 00:38:41 2017 +0000 +Date: Mon Dec 11 11:41:56 2017 +0000 upstream commit - Increase the buffer sizes for user prompts to ensure that - they won't be truncated by snprintf. Based on patch from cjwatson at - debian.org via bz#2768, ok djm@ + use cmp in a loop instead of diff -N to compare + directories. The former works on more platforms for Portable. - Upstream-ID: 6ffacf1abec8f40b469de5b94bfb29997d96af3e + OpenBSD-Regress-ID: c3aa72807f9c488e8829a26ae50fe5bcc5b57099 -commit dd9d9b3381a4597b840d480b043823112039327e -Author: Darren Tucker -Date: Mon Aug 28 16:48:27 2017 +1000 +commit 748dd8e5de332b24c40f4b3bbedb902acb048c98 +Author: Damien Miller +Date: Tue Dec 19 16:17:59 2017 +1100 - Switch Capsicum header to sys/capsicum.h. - - FreeBSD's was renamed to in 2014 to - avoid future conflicts with POSIX capabilities (the last release that - didn't have it was 9.3) so switch to that. Patch from des at des.no. + remove blocks.c from Makefile -commit f5e917ab105af5dd6429348d9bc463e52b263f92 -Author: Darren Tucker -Date: Sun Aug 27 08:55:40 2017 +1000 +commit 278856320520e851063b06cef6ef1c60d4c5d652 +Author: djm@openbsd.org +Date: Tue Dec 19 00:24:34 2017 +0000 - Add missing includes for bsd-err.c. + upstream commit - Patch from cjwatson at debian.org via bz#2767. - -commit 878e029797cfc9754771d6f6ea17f8c89e11d225 -Author: Damien Miller -Date: Fri Aug 25 13:25:01 2017 +1000 - - Split platform_sys_dir_uid into its own file + include signature type and CA key (if applicable) in some + debug messages - platform.o is too heavy for libssh.a use; it calls into the server on - many platforms. Move just the function needed by misc.c into its own - file. - -commit 07949bfe9133234eddd01715592aa0dde67745f0 -Author: Damien Miller -Date: Wed Aug 23 20:13:18 2017 +1000 - - misc.c needs functions from platform.c now + OpenBSD-Commit-ID: b71615cc20e78cec7105bb6e940c03ce9ae414a5 -commit b074c3c3f820000a21953441cea7699c4b17d72f +commit 7860731ef190b52119fa480f8064ab03c44a120a Author: djm@openbsd.org -Date: Fri Aug 18 05:48:04 2017 +0000 +Date: Mon Dec 18 23:16:23 2017 +0000 upstream commit - add a "quiet" flag to exited_cleanly() that supresses - errors about exit status (failure due to signal is still reported) + unbreak hostkey rotation; attempting to sign with a + desired signature algorithm of kex->hostkey_alg is incorrect when the key + type isn't capable of making those signatures. ok markus@ - Upstream-ID: db85c39c3aa08e6ff67fc1fb4ffa89f807a9d2f0 + OpenBSD-Commit-ID: 35ae46864e1f5859831ec0d115ee5ea50953a906 -commit de4ae07f12dabf8815ecede54235fce5d22e3f63 +commit 966ef478339ad5e631fb684d2a8effe846ce3fd4 Author: djm@openbsd.org -Date: Fri Aug 18 05:36:45 2017 +0000 +Date: Mon Dec 18 23:14:34 2017 +0000 upstream commit - Move several subprocess-related functions from various - locations to misc.c. Extend subprocess() to offer a little more control over - stdio disposition. - - feedback & ok dtucker@ + log mismatched RSA signature types; ok markus@ - Upstream-ID: 3573dd7109d13ef9bd3bed93a3deb170fbfce049 + OpenBSD-Commit-ID: 381bddfcc1e297a42292222f3bcb5ac2b7ea2418 -commit 643c2ad82910691b2240551ea8b14472f60b5078 +commit 349ecd4da3a985359694a74635748009be6baca6 Author: djm@openbsd.org -Date: Sat Aug 12 06:46:01 2017 +0000 +Date: Mon Dec 18 23:13:42 2017 +0000 upstream commit - make "--" before the hostname terminate command-line - option processing completely; previous behaviour would not prevent further - options appearing after the hostname (ssh has a supported options after the - hostname for >20 years, so that's too late to change). - - ok deraadt@ + pass kex->hostkey_alg and kex->hostkey_nid from pre-auth + to post-auth unpriviledged child processes; ok markus@ - Upstream-ID: ef5ee50571b98ad94dcdf8282204e877ec88ad89 + OpenBSD-Commit-ID: 4a35bc7af0a5f8a232d1361f79f4ebc376137302 -commit 0f3455356bc284d7c6f4d3c1614d31161bd5dcc2 -Author: djm@openbsd.org -Date: Sat Aug 12 06:42:52 2017 +0000 +commit c9e37a8725c083441dd34a8a53768aa45c3c53fe +Author: millert@openbsd.org +Date: Mon Dec 18 17:28:54 2017 +0000 upstream commit - Switch from aes256-cbc to aes256-ctr for encrypting - new-style private keys. The latter having the advantage of being supported - for no-OpenSSL builds; bz#2754 ok markus@ + Add helper function for uri handing in scp where a + missing path simply means ".". Also fix exit code and add warnings when an + invalid uri is encountered. OK otto@ - Upstream-ID: 54179a2afd28f93470471030567ac40431e56909 + OpenBSD-Commit-ID: 47dcf872380586dabf7fcc6e7baf5f8ad508ae1a -commit c4972d0a9bd6f898462906b4827e09b7caea2d9b +commit 04c7e28f83062dc42f2380d1bb3a6bf0190852c0 Author: djm@openbsd.org -Date: Fri Aug 11 04:47:12 2017 +0000 +Date: Mon Dec 18 02:25:15 2017 +0000 upstream commit - refuse to a private keys when its corresponding .pub key - does not match. bz#2737 ok dtucker@ + pass negotiated signing algorithm though to + sshkey_verify() and check that the negotiated algorithm matches the type in + the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@ - Upstream-ID: 54ff5e2db00037f9db8d61690f26ef8f16e0d913 + OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9 -commit 4b3ecbb663c919132dddb3758e17a23089413519 +commit 931c78dfd7fe30669681a59e536bbe66535f3ee9 Author: djm@openbsd.org -Date: Fri Aug 11 04:41:08 2017 +0000 +Date: Mon Dec 18 02:22:29 2017 +0000 upstream commit - don't print verbose error message when ssh disconnects - under sftp; bz#2750; ok dtucker@ + sshkey_sigtype() function to return the type of a + signature; ok markus@ - Upstream-ID: 6d83708aed77b933c47cf155a87dc753ec01f370 + OpenBSD-Commit-ID: d3772b065ad6eed97285589bfb544befed9032e8 -commit 42a8f8bc288ef8cac504c5c73f09ed610bc74a34 -Author: dtucker@openbsd.org -Date: Fri Aug 11 04:16:35 2017 +0000 +commit 4cdc5956f2fcc9e9078938db833142dc07d8f523 +Author: naddy@openbsd.org +Date: Thu Dec 14 21:07:39 2017 +0000 upstream commit - Tweak previous keepalive commit: if last_time + keepalive - <= now instead of just "<" so client_alive_check will fire if the select - happens to return on exact second of the timeout. ok djm@ + Replace ED25519's private SHA-512 implementation with a + call to the regular digest code. This speeds up compilation considerably. ok + markus@ - Upstream-ID: e02756bd6038d11bb8522bfd75a4761c3a684fcc + OpenBSD-Commit-ID: fcce8c3bcfe7389462a28228f63c823e80ade41c -commit b60ff20051ef96dfb207b6bfa45c0ad6c34a542a -Author: dtucker@openbsd.org -Date: Fri Aug 11 03:58:36 2017 +0000 +commit 012e5cb839faf76549e3b6101b192fe1a74d367e +Author: naddy@openbsd.org +Date: Tue Dec 12 15:06:12 2017 +0000 upstream commit - Keep track of the last time we actually heard from the - client and use this to also schedule a client_alive_check(). Prevents - activity on a forwarded port from indefinitely preventing the select timeout - so that client_alive_check() will eventually (although not optimally) be - called. - - Analysis by willchan at google com via bz#2756, feedback & ok djm@ + Create a persistent umac128.c source file: #define the + output size and the name of the entry points for UMAC-128 before including + umac.c. Idea from FreeBSD. ok dtucker@ - Upstream-ID: c08721e0bbda55c6d18e2760f3fe1b17fb71169e + OpenBSD-Commit-ID: 463cfacfa07cb8060a4d4961e63dca307bf3f4b1 -commit 94bc1e7ffba3cbdea8c7dcdab8376bf29283128f -Author: Damien Miller -Date: Fri Jul 28 14:50:59 2017 +1000 +commit b35addfb4cd3b5cdb56a2a489d38e940ada926c7 +Author: Darren Tucker +Date: Mon Dec 11 16:23:28 2017 +1100 - Expose list of completed auth methods to PAM + Update .depend with empty config.h + +commit 2d96f28246938e0ca474a939d8ac82ecd0de27e3 +Author: Darren Tucker +Date: Mon Dec 11 16:21:55 2017 +1100 + + Ensure config.h is always in dependencies. - bz#2408; ok dtucker@ + Put an empty config.h into the dependency list to ensure that it's + always listed and consistent. -commit c78e6eec78c88acf8d51db90ae05a3e39458603d -Author: Damien Miller -Date: Fri Jul 21 14:38:16 2017 +1000 +commit ac4987a55ee5d4dcc8e87f7ae7c1f87be7257d71 +Author: deraadt@openbsd.org +Date: Sun Dec 10 19:37:57 2017 +0000 - fix problems in tunnel forwarding portability code + upstream commit - This fixes a few problems in the tun forwarding code, mostly to do - with host/network byte order confusion. + ssh/lib hasn't worked towards our code-sharing goals for + a quit while, perhaps it is too verbose? Change each */Makefile to + specifying exactly what sources that program requires, compiling it seperate. + Maybe we'll iterate by sorting those into seperatable chunks, splitting up + files which contain common code + server/client specific code, or whatnot. + But this isn't one step, or we'd have done it a long time ago.. ok dtucker + markus djm - Based on a report and patch by stepe AT centaurus.uberspace.de; - bz#2735; ok dtucker@ + OpenBSD-Commit-ID: 5317f294d63a876bfc861e19773b1575f96f027d -commit 2985d4062ebf4204bbd373456a810d558698f9f5 +commit 48c23a39a8f1069a57264dd826f6c90aa12778d5 Author: dtucker@openbsd.org -Date: Tue Jul 25 09:22:25 2017 +0000 +Date: Sun Dec 10 05:55:29 2017 +0000 upstream commit - Make WinSCP patterns for SSH_OLD_DHGEX more specific to - exclude WinSCP 5.10.x and up. bz#2748, from martin at winscp.net, ok djm@ + Put remote client info back into the ClientAlive + connection termination message. Based in part on diff from lars.nooden at + gmail, ok djm - Upstream-ID: 6fd7c32e99af3952db007aa180e73142ddbc741a + OpenBSD-Commit-ID: 80a0f619a29bbf2f32eb5297a69978a0e05d0ee0 -commit 9f0e44e1a0439ff4646495d5735baa61138930a9 -Author: djm@openbsd.org -Date: Mon Jul 24 04:34:28 2017 +0000 +commit aabd75ec76575c1b17232e6526a644097cd798e5 +Author: deraadt@openbsd.org +Date: Fri Dec 8 03:45:52 2017 +0000 upstream commit - g/c unused variable; make a little more portable + time_t printing needs %lld and (long long) casts ok djm - Upstream-ID: 3f5980481551cb823c6fb2858900f93fa9217dea + OpenBSD-Commit-ID: 4a93bc2b0d42a39b8f8de8bb74d07ad2e5e83ef7 -commit 51676ec61491ec6d7cbd06082034e29b377b3bf6 +commit fd4eeeec16537870bd40d04836c7906ec141c17d Author: djm@openbsd.org -Date: Sun Jul 23 23:37:02 2017 +0000 +Date: Fri Dec 8 02:14:33 2017 +0000 upstream commit - Allow IPQoS=none in ssh/sshd to not set an explicit - ToS/DSCP value and just use the operating system default; ok dtucker@ + fix ordering in previous to ensure errno isn't clobbered + before logging. - Upstream-ID: 77906ff8c7b660b02ba7cb1e47b17d66f54f1f7e - -commit 6c1fbd5a50d8d2415f06c920dd3b1279b741072d -Author: Damien Miller -Date: Fri Jul 21 14:24:26 2017 +1000 - - mention libedit + OpenBSD-Commit-ID: e260bc1e145a9690dcb0d5aa9460c7b96a0c8ab2 -commit dc2bd308768386b02c7337120203ca477e67ba62 -Author: markus@openbsd.org -Date: Wed Jul 19 08:30:41 2017 +0000 +commit 155072fdb0d938015df828836beb2f18a294ab8a +Author: djm@openbsd.org +Date: Fri Dec 8 02:13:02 2017 +0000 upstream commit - fix support for unknown key types; ok djm@ + for some reason unix_listener() logged most errors twice + with each message containing only some of the useful information; merge these - Upstream-ID: 53fb29394ed04d616d65b3748dee5aa06b07ab48 + OpenBSD-Commit-ID: 1978a7594a9470c0dddcd719586066311b7c9a4a -commit fd0e8fa5f89d21290b1fb5f9d110ca4f113d81d9 -Author: djm@openbsd.org -Date: Wed Jul 19 01:15:02 2017 +0000 +commit 79c0e1d29959304e5a49af1dbc58b144628c09f3 +Author: Darren Tucker +Date: Mon Dec 11 14:38:33 2017 +1100 - upstream commit + Add autogenerated dependency info to Makefile. - switch from select() to poll() for the ssh-agent - mainloop; ok markus + Adds a .depend file containing dependency information generated by + makedepend, which is appended to the generated Makefile by configure. - Upstream-ID: 4a94888ee67b3fd948fd10693973beb12f802448 + You can regen the file with "make -f Makefile.in depend" if necessary, + but we'll be looking at some way to automatically keep this up to date. + + "no objection" djm@ -commit b1e72df2b813ecc15bd0152167bf4af5f91c36d3 -Author: dtucker@openbsd.org -Date: Fri Jul 14 03:18:21 2017 +0000 +commit f001de8fbf7f3faddddd8efd03df18e57601f7eb +Author: Darren Tucker +Date: Mon Dec 11 13:42:51 2017 +1100 - upstream commit - - Make ""Killed by signal 1" LogLevel verbose so it's not - shown at the default level. Prevents it from appearing during ssh -J and - equivalent ProxyCommand configs. bz#1906, bz#2744, feedback&ok markus@ + Fix pasto in ldns handling. - Upstream-ID: debfaa7e859b272246c2f2633335d288d2e2ae28 + When ldns-config is not found, configure would check the wrong variable. + ok djm@ -commit 1f3d202770a08ee6752ed2a234b7ca6f180eb498 -Author: jmc@openbsd.org -Date: Thu Jul 13 19:16:33 2017 +0000 +commit c5bfe83f67cb64e71cf2fe0d1500f6904b0099ee +Author: Darren Tucker +Date: Sat Dec 9 10:12:23 2017 +1100 + + Portable switched to git so s/CVS/git/. + +commit bb82e61a40a4ee52e4eb904caaee2c27b763ab5b +Author: Darren Tucker +Date: Sat Dec 9 08:06:00 2017 +1100 + + Remove now-used check for perl. + +commit e0ce54c0b9ca3a9388f9c50f4fa6cc25c28a3240 +Author: djm@openbsd.org +Date: Wed Dec 6 05:06:21 2017 +0000 upstream commit - man pages with pseudo synopses which list filenames end - up creating very ugly output in man -k; after some discussion with ingo, we - feel the simplest fix is to remove such SYNOPSIS sections: the info is hardly - helpful at page top, is contained already in FILES, and there are - sufficiently few that just zapping them is simple; - - ok schwarze, who also helpfully ran things through a build to check - output; + don't accept junk after "yes" or "no" responses to + hostkey prompts. bz#2803 reported by Maksim Derbasov; ok dtucker@ - Upstream-ID: 3e211b99457e2f4c925c5927d608e6f97431336c + OpenBSD-Commit-ID: e1b159fb2253be973ce25eb7a7be26e6f967717c -commit 7f13a4827fb28957161de4249bd6d71954f1f2ed -Author: espie@openbsd.org -Date: Mon Jul 10 14:09:59 2017 +0000 +commit 609d96b3d58475a15b2eb6b3d463f2c5d8e510c0 +Author: dtucker@openbsd.org +Date: Tue Dec 5 23:59:47 2017 +0000 upstream commit - zap redundant Makefile variables. okay djm@ + Replace atoi and strtol conversions for integer arguments + to config keywords with a checking wrapper around strtonum. This will + prevent and flag invalid and negative arguments to these keywords. ok djm@ - Upstream-ID: e39b3902fe1d6c4a7ba6a3c58e072219f3c1e604 + OpenBSD-Commit-ID: 99ae3981f3d608a219ccb8d2fff635ae52c17998 -commit dc44dd3a9e2c9795394e6a7e1e71c929cbc70ce0 -Author: jmc@openbsd.org -Date: Sat Jul 8 18:32:54 2017 +0000 +commit 168ecec13f9d7cb80c07df3bf7d414f4e4165e84 +Author: dtucker@openbsd.org +Date: Tue Dec 5 23:56:07 2017 +0000 upstream commit - slightly rework previous, to avoid an article issue; + Add missing break for rdomain. Prevents spurious + "Deprecated option" warnings. ok djm@ - Upstream-ID: 15a315f0460ddd3d4e2ade1f16d6c640a8c41b30 + OpenBSD-Commit-ID: ba28a675d39bb04a974586241c3cba71a9c6099a -commit 853edbe057a84ebd0024c8003e4da21bf2b469f7 +commit 927f8514ceffb1af380a5f63ab4d3f7709b1b198 Author: djm@openbsd.org -Date: Fri Jul 7 03:53:12 2017 +0000 +Date: Tue Dec 5 01:30:19 2017 +0000 upstream commit - When generating all hostkeys (ssh-keygen -A), clobber - existing keys if they exist but are zero length. zero-length keys could - previously be made if ssh-keygen failed part way through generating them, so - avoid that case too. bz#2561 reported by Krzysztof Cieplucha; ok dtucker@ + include the addr:port in bind/listen failure messages - Upstream-ID: f662201c28ab8e1f086b5d43c59cddab5ade4044 + OpenBSD-Commit-ID: fdadb69fe1b38692608809cf0376b71c2c28e58e -commit 43616876ba68a2ffaece6a6c792def4b039f2d6e -Author: djm@openbsd.org -Date: Sat Jul 1 22:55:44 2017 +0000 +commit a8c89499543e2d889629c4e5e8dcf47a655cf889 +Author: dtucker@openbsd.org +Date: Wed Nov 29 05:49:54 2017 +0000 upstream commit - actually remove these files + Import updated moduli. - Upstream-ID: 1bd41cba06a7752de4df304305a8153ebfb6b0ac + OpenBSD-Commit-ID: 524d210f982af6007aa936ca7f4c977f4d32f38a -commit 83fa3a044891887369ce8b487ce88d713a04df48 -Author: djm@openbsd.org -Date: Sat Jul 1 13:50:45 2017 +0000 +commit 3dde09ab38c8e1cfc28252be473541a81bc57097 +Author: dtucker@openbsd.org +Date: Tue Nov 28 21:10:22 2017 +0000 upstream commit - remove post-SSHv1 removal dead code from rsa.c and merge - the remaining bit that it still used into ssh-rsa.c; ok markus + Have sftp print a warning about shell cleanliness when + decoding the first packet fails, which is usually caused by shells polluting + stdout of non-interactive starups. bz#2800, ok markus@ deraadt@. - Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f - -commit 738c73dca2c99ee78c531b4cbeefc2008fe438f0 -Author: Damien Miller -Date: Fri Jul 14 14:26:36 2017 +1000 - - make explicit_bzero/memset safe for sz=0 - -commit 8433d51e067e0829f5521c0c646b6fd3fe17e732 -Author: Tim Rice -Date: Tue Jul 11 18:47:56 2017 -0700 - - modified: configure.ac - UnixWare needs BROKEN_TCGETATTR_ICANON like Solaris - Analysis by Robbie Zhang + OpenBSD-Commit-ID: 88d6a9bf3470f9324b76ba1cbd53e50120f685b5 -commit ff3507aea9c7d30cd098e7801e156c68faff7cc7 -Author: Damien Miller -Date: Fri Jul 7 11:21:27 2017 +1000 +commit 6c8a246437f612ada8541076be2414846d767319 +Author: Darren Tucker +Date: Fri Dec 1 17:11:47 2017 +1100 - typo + Replace mkinstalldirs with mkdir -p. + + Check for MIKDIR_P and use it instead of mkinstalldirs. Should fix "mkdir: + cannot create directory:... File exists" during "make install". + Patch from eb at emlix.com. -commit d79bceb9311a9c137d268f5bc481705db4151810 -Author: dtucker@openbsd.org -Date: Fri Jun 30 04:17:23 2017 +0000 +commit 3058dd78d2e43ed0f82ad8eab8bb04b043a72023 +Author: Darren Tucker +Date: Fri Dec 1 17:07:08 2017 +1100 - upstream commit - - Only call close once in confree(). ssh_packet_close will - close the FD so only explicitly close non-SSH channels. bz#2734, from - bagajjal at microsoft.com, ok djm@ + Pull in newer install-sh from autoconf-2.69. - Upstream-ID: a81ce0c8b023527167739fccf1732b154718ab02 + Suggested by eb at emlix.com -commit 197dc9728f062e23ce374f44c95a2b5f9ffa4075 +commit 79226e5413c5b0fda3511351a8511ff457e306d8 Author: Darren Tucker -Date: Thu Jun 29 15:40:25 2017 +1000 +Date: Fri Dec 1 16:55:35 2017 +1100 - Update link for my patches. + Remove RSA1 host key generation. + + SSH1 support is now gone, remove SSH1 key generation. + Patch from eb at emlix.com. -commit a98339edbc1fc21342a390f345179a9c3031bef7 +commit 2937dd02c572a12f33d5c334d518f6cbe0b645eb Author: djm@openbsd.org -Date: Wed Jun 28 01:09:22 2017 +0000 +Date: Tue Nov 28 06:09:38 2017 +0000 upstream commit - Allow ssh-keygen to use a key held in ssh-agent as a CA when - signing certificates. bz#2377 ok markus + more whitespace errors - Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f + OpenBSD-Commit-ID: 5e11c125378327b648940b90145e0d98beb05abb -commit c9cdef35524bd59007e17d5bd2502dade69e2dfb -Author: djm@openbsd.org -Date: Sat Jun 24 06:35:24 2017 +0000 +commit 7f257bf3fd3a759f31098960cbbd1453fafc4164 +Author: djm@openbsd.org@openbsd.org +Date: Tue Nov 28 06:04:51 2017 +0000 upstream commit - regress test for ExposeAuthInfo + whitespace at EOL - Upstream-Regress-ID: 190e5b6866376f4061c411ab157ca4d4e7ae86fd + OpenBSD-Commit-ID: 76d3965202b22d59c2784a8df3a8bfa5ee67b96a -commit f17ee61cad25d210edab69d04ed447ad55fe80c1 -Author: djm@openbsd.org -Date: Sat Jun 24 07:08:57 2017 +0000 +commit 5db6fbf1438b108e5df3e79a1b4de544373bc2d4 +Author: dtucker@openbsd.org@openbsd.org +Date: Sat Nov 25 06:46:22 2017 +0000 upstream commit - correct env var name + Add monotime_ts and monotime_tv that return monotonic + timespec and timeval respectively. Replace calls to gettimeofday() in packet + timing with monotime_tv so that the callers will work over a clock step. + Should prevent integer overflow during clock steps reported by wangle6 at + huawei.com. "I like" markus@ - Upstream-ID: 721e761c2b1d6a4dcf700179f16fd53a1dadb313 + OpenBSD-Commit-ID: 74d684264814ff806f197948b87aa732cb1b0b8a -commit 40962198e3b132cecdb32e9350acd4294e6a1082 -Author: jmc@openbsd.org -Date: Sat Jun 24 06:57:04 2017 +0000 +commit 2d638e986085bdf1a40310ed6e2307463db96ea0 +Author: dtucker@openbsd.org@openbsd.org +Date: Sat Nov 25 05:58:47 2017 +0000 upstream commit - spelling; + Remove get_current_time() and replace with calls to + monotime_double() which uses CLOCK_MONOTONIC and works over clock steps. "I + like" markus@ - Upstream-ID: 606f933c8e2d0be902ea663946bc15e3eee40b25 + OpenBSD-Commit-ID: 3ad2f7d2414e2cfcaef99877a7a5b0baf2242952 -commit 33f86265d7e8a0e88d3a81745d746efbdd397370 -Author: djm@openbsd.org -Date: Sat Jun 24 06:38:11 2017 +0000 +commit ba460acae48a36ef749cb23068f968f4d5d90a24 +Author: Darren Tucker +Date: Fri Nov 24 16:24:31 2017 +1100 - upstream commit - - don't pass pointer to struct sshcipher between privsep - processes, just redo the lookup in each using the already-passed cipher name. - bz#2704 based on patch from Brooks Davis; ok markus dtucker - - Upstream-ID: 2eab434c09bdf549dafd7da3e32a0d2d540adbe0 + Include string.h for explicit_bzero. -commit 8f574959272ac7fe9239c4f5d10fd913f8920ab0 -Author: djm@openbsd.org -Date: Sat Jun 24 06:34:38 2017 +0000 +commit a65655fb1a12b77fb22f9e71559b9d73030ec8ff +Author: Damien Miller +Date: Fri Nov 24 10:23:47 2017 +1100 - upstream commit - - refactor authentication logging - - optionally record successful auth methods and public credentials - used in a file accessible to user sessions - - feedback and ok markus@ + fix incorrect range of OpenSSL versions supported - Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb + Pointed out by Solar Designer -commit e2004d4bb7eb01c663dd3a3e7eb224f1ccdc9bba -Author: jmc@openbsd.org -Date: Sat Jun 24 06:28:50 2017 +0000 +commit 83a1e5dbec52d05775174f368e0c44b08619a308 +Author: djm@openbsd.org@openbsd.org +Date: Wed Nov 15 02:10:16 2017 +0000 upstream commit - word fix; + downgrade a couple more request parsing errors from + process-fatal to just returning failure, making them consistent with the + others that were already like that. - Upstream-ID: 8539bdaf2366603a34a9b2f034527ca13bb795c5 + OpenBSD-Commit-ID: c111461f7a626690a2d53018ef26557b34652918 -commit 4540428cd0adf039bcf5a8a27f2d5cdf09191513 -Author: djm@openbsd.org -Date: Sat Jun 24 05:37:44 2017 +0000 +commit 93c68a8f3da8e5e6acdc3396f54d73919165e242 +Author: djm@openbsd.org@openbsd.org +Date: Wed Nov 15 00:13:40 2017 +0000 upstream commit - switch sshconnect.c from (slightly abused) select() to - poll(); ok deraadt@ a while back + fix regression in 7.6: failure to parse a signature request + message shouldn't be fatal to the process, just the request. Reported by Ron + Frederick - Upstream-ID: efc1937fc591bbe70ac9e9542bb984f354c8c175 + OpenBSD-Commit-ID: e5d01b3819caa1a2ad51fc57d6ded43f48bbcc05 -commit 6f8ca3b92540fa1a9b91670edc98d15448e3d765 -Author: djm@openbsd.org -Date: Sat Jun 24 05:35:05 2017 +0000 +commit 548d3a66feb64c405733932a6b1abeaf7198fa71 +Author: djm@openbsd.org@openbsd.org +Date: Tue Nov 14 00:45:29 2017 +0000 upstream commit - use HostKeyAlias if specified instead of hostname for - matching host certificate principal names; bz#2728; ok dtucker@ + fix problem in configuration parsing when in config dump mode + (sshd -T) without providing a full connection specification (sshd -T -C ...) - Upstream-ID: dc2e11c83ae9201bbe74872a0c895ae9725536dd + spotted by bluhm@ + + OpenBSD-Commit-ID: 7125faf5740eaa9d3a2f25400a0bc85e94e28b8f -commit 8904ffce057b80a7472955f1ec00d7d5c250076c -Author: djm@openbsd.org -Date: Sat Jun 24 05:24:11 2017 +0000 +commit 33edb6ebdc2f81ebed1bceadacdfb8910b64fb88 +Author: djm@openbsd.org@openbsd.org +Date: Fri Nov 3 05:18:44 2017 +0000 upstream commit - no need to call log_init to reinitialise logged PID in - child sessions, since we haven't called openlog() in log_init() since 1999; - ok markus@ + reuse parse_multistate for parse_flag (yes/no arguments). + Saves a few lines of code and makes the parser more consistent wrt case- + sensitivity. bz#2664 ok dtucker@ - Upstream-ID: 0906e4002af5d83d3d544df75e1187c932a3cf2e + OpenBSD-Commit-ID: b2ad1b6086858d5db71c7b11e5a74dba6d60efef -commit e238645d789cd7eb47541b66aea2a887ea122c9b -Author: mestre@openbsd.org -Date: Fri Jun 23 07:24:48 2017 +0000 +commit d52131a98316e76c0caa348f09bf6f7b9b01a1b9 +Author: djm@openbsd.org@openbsd.org +Date: Fri Nov 3 05:14:04 2017 +0000 upstream commit - When using the escape sequence &~ the code path is - client_loop() -> client_simple_escape_filter() -> process_escapes() -> fork() - and the pledge for this path lacks the proc promise and therefore aborts the - process. The solution is to just add proc the promise to this specific - pledge. - - Reported by Gregoire Jadi gjadi ! omecha.info - Insight with tb@, OK jca@ + allow certificate validity intervals that specify only a + start or stop time (we already support specifying both or neither) - Upstream-ID: 63c05e30c28209519f476023b65b0b1b0387a05b + OpenBSD-Commit-ID: 9be486545603c003030bdb5c467d1318b46b4e42 -commit 5abbb31c4e7a6caa922cc1cbb14e87a77f9d19d3 -Author: dtucker@openbsd.org -Date: Fri Jun 23 03:30:42 2017 +0000 +commit fbe8e7ac94c2fa380421a9205a8bc966549c2f91 +Author: djm@openbsd.org@openbsd.org +Date: Fri Nov 3 03:46:52 2017 +0000 upstream commit - Import regenerated moduli. + allow "cd" and "lcd" commands with no explicit path + argument. lcd will change to the local user's home directory as usual. cd + will change to the starting directory for session (because the protocol + offers no way to obtain the remote user's home directory). bz#2760 ok + dtucker@ - Upstream-ID: b25bf747544265b39af74fe0716dc8d9f5b63b95 + OpenBSD-Commit-ID: 15333f5087cee8c1ed1330cac1bd0a3e6a767393 -commit 849c5468b6d9b4365784c5dd88e3f1fb568ba38f -Author: dtucker@openbsd.org -Date: Fri Jun 23 03:25:53 2017 +0000 +commit 0208a48517b5e8e8b091f32fa4addcd67c31ca9e +Author: dtucker@openbsd.org@openbsd.org +Date: Fri Nov 3 03:18:53 2017 +0000 upstream commit - Run the screen twice so we end up with more candidate - groups. ok djm@ + When doing a config test with sshd -T, only require the + attributes that are actually used in Match criteria rather than (an + incomplete list of) all criteria. ok djm@, man page help jmc@ - Upstream-ID: b92c93266d8234d493857bb822260dacf4366157 + OpenBSD-Commit-ID: b4e773c4212d3dea486d0259ae977551aab2c1fc -commit 4626e39c7053c6486c1c8b708ec757e464623f5f -Author: dtucker@openbsd.org -Date: Wed Jun 14 00:31:38 2017 +0000 +commit c357eed5a52cd2f4ff358b17e30e3f9a800644da +Author: djm@openbsd.org@openbsd.org +Date: Fri Nov 3 02:32:19 2017 +0000 upstream commit - Add user@host prefix to client's "Permisison denied" - messages, useful in particular when using "stacked" connections where it's - not clear which host is denying. bz#2720, ok djm@ markus@ + typos in ECDSA certificate names; bz#2787 reported by + Mike Gerow - Upstream-ID: de88e1e9dcb050c98e85377482d1287a9fe0d2be + OpenBSD-Commit-ID: 824938b6aba1b31321324ba1f56c05f84834b163 -commit c948030d54911b2d3cddb96a7a8e9269e15d11cd -Author: djm@openbsd.org -Date: Tue Jun 13 12:13:59 2017 +0000 +commit ecbf005b8fd80b81d0c61dfc1e96fe3da6099395 +Author: djm@openbsd.org@openbsd.org +Date: Fri Nov 3 02:29:17 2017 +0000 upstream commit - Do not require that unknown EXT_INFO extension values not - contain \0 characters. This would cause fatal connection errors if an - implementation sent e.g. string-encoded sub-values inside a value. - - Reported by Denis Bider; ok markus@ + Private keys in PEM format have been encrypted by AES-128 for + a while (not 3DES). bz#2788 reported by Calum Mackay - Upstream-ID: 030e10fdc605563c040244c4b4f1d8ae75811a5c + OpenBSD-Commit-ID: bd33da7acbbb3c882f0a0ee56007a35ce0d8a11a -commit 6026f48dfca78b713e4a7f681ffa42a0afe0929e -Author: djm@openbsd.org -Date: Tue Jun 13 11:22:15 2017 +0000 +commit 81c9ccdbf6ddbf9bfbd6f1f775a5a7c13e47e185 +Author: Darren Tucker +Date: Fri Nov 3 14:52:51 2017 +1100 - upstream commit - - missing prototype. + Check for linux/if.h when enabling rdomain. - Upstream-ID: f443d2be9910fd2165a0667956d03343c46f66c9 + musl libc doesn't seem to have linux/if.h, so check for its presence + before enabling rdomain support on Linux. -commit bcd1485075aa72ba9418003f5cc27af2b049c51b -Author: Damien Miller -Date: Sat Jun 10 23:41:25 2017 +1000 +commit fa1b834cce41a1ce3e6a8d57fb67ef18c9dd803f +Author: Darren Tucker +Date: Fri Nov 3 14:09:45 2017 +1100 - portability for sftp globbed ls sort by mtime + Add headers for sys/sysctl.h and net/route.h - Include replacement timespeccmp() for systems that lack it. - Support time_t struct stat->st_mtime in addition to - timespec stat->st_mtim, as well as unsorted fallback. + On at least older OpenBSDs, sys/sysctl.h and net/route.h require + sys/types and, in the case of sys/sysctl.h, sys/param.h for MAXLOGNAME. -commit 072e172f1d302d2a2c6043ecbfb4004406717b96 -Author: djm@openbsd.org -Date: Sat Jun 10 06:36:46 2017 +0000 +commit 41bff4da21fcd8a7c6a83a7e0f92b018f904f6fb +Author: djm@openbsd.org@openbsd.org +Date: Fri Nov 3 02:22:41 2017 +0000 upstream commit - print '?' instead of incorrect link count (that the - protocol doesn't provide) for remote listings. bz#2710 ok dtucker@ + avoid unused variable warnings for !WITH_OPENSSL; patch from + Marcus Folkesson - Upstream-ID: c611f98a66302cea452ef10f13fff8cf0385242e + OpenBSD-Commit-ID: c01d27a3f907acdc3dd4ea48170fac3ba236d229 -commit 72be5b2f8e7dc37235e8c4b8d0bc7b5ee1301505 -Author: djm@openbsd.org -Date: Sat Jun 10 06:33:34 2017 +0000 +commit 6b373e4635a7470baa94253dd1dc8953663da9e8 +Author: Marcus Folkesson +Date: Sat Oct 28 19:48:39 2017 +0200 - upstream commit - - implement sorting for globbed ls; bz#2649 ok dtucker@ + only enable functions in dh.c when openssl is used - Upstream-ID: ed3110f351cc9703411bf847ba864041fb7216a8 + Signed-off-by: Marcus Folkesson -commit 5b2f34a74aa6a524cd57e856b23e1b7b25007721 -Author: djm@openbsd.org -Date: Fri Jun 9 06:47:13 2017 +0000 +commit 939b30ba23848b572e15bf92f0f1a3d9cf3acc2b +Author: djm@openbsd.org@openbsd.org +Date: Wed Nov 1 00:04:15 2017 +0000 upstream commit - return failure rather than fatal() for more cases during - mux negotiations. Causes the session to fall back to a non-mux connection if - they occur. bz#2707 ok dtucker@ + fix broken stdout in ControlPersist mode, introduced by me in + r1.467 and reported by Alf Schlichting - Upstream-ID: d2a7892f464d434e1f615334a1c9d0cdb83b29ab + OpenBSD-Commit-ID: 3750a16e02108fc25f747e4ebcedb7123c1ef509 -commit 7f5637c4a67a49ef256cb4eedf14e8590ac30976 -Author: djm@openbsd.org -Date: Fri Jun 9 06:43:01 2017 +0000 +commit f21455a084f9cc3942cf1bde64055a4916849fed +Author: Darren Tucker +Date: Tue Oct 31 10:09:33 2017 +1100 - upstream commit + Include includes.h for HAVE_GETPAGESIZE. - in description of public key authentication, mention that - the server will send debug messages to the client for some error conditions - after authentication has completed. bz#2709 ok dtucker + The configure script checks for getpagesize() and sets HAVE_GETPAGESIZE in + config.h, but bsd-getpagesize.c forgot to include includes.h (which + indirectly includes config.h) so the checks always fails, causing linker + issues when linking statically on systems with getpagesize(). - Upstream-ID: 750127dbd58c5a2672c2d28bc35fe221fcc8d1dd + Patch from Peter Korsgaard -commit 2076e4adb986512ce8c415dd194fd4e52136c4b4 -Author: djm@openbsd.org -Date: Fri Jun 9 06:40:24 2017 +0000 +commit f2ad63c0718b93ac1d1e85f53fee33b06eef86b5 +Author: djm@openbsd.org@openbsd.org +Date: Mon Oct 30 22:01:52 2017 +0000 upstream commit - better translate libcrypto errors by looking deeper in - the accursed error stack for codes that indicate the wrong passphrase was - supplied for a PEM key. bz#2699 ok dtucker@ + whitespace at EOL - Upstream-ID: 4da4286326d570f4f0489459bb71f6297e54b681 + OpenBSD-Regress-ID: f4b5df99b28c6f63478deb916c6ed0e794685f07 -commit ad0531614cbe8ec424af3c0fa90c34a8e1ebee4c -Author: dtucker@openbsd.org -Date: Fri Jun 9 04:40:04 2017 +0000 +commit c6415b1f8f1d0c2735564371647fd6a177fb9a3e +Author: djm@openbsd.org@openbsd.org +Date: Mon Oct 30 21:59:43 2017 +0000 upstream commit - Add comments referring to the relevant RFC sections for - rekeying behaviour. + whitespace at EOL - Upstream-ID: 6fc8e82485757a27633f9175ad00468f49a07d40 + OpenBSD-Regress-ID: 19b1394393deee4c8a2114a3b7d18189f27a15cd -commit ce9134260b9b1247e2385a1afed00c26112ba479 -Author: Damien Miller -Date: Fri Jun 9 14:43:47 2017 +1000 +commit e4d4ddbbba0e585ca3ec3a455430750b4622a6d3 +Author: millert@openbsd.org@openbsd.org +Date: Wed Oct 25 20:08:36 2017 +0000 - drop two more privileges in the Solaris sandbox + upstream commit - Drop PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO. - Patch from huieying.lee AT oracle.com via bz#2723 - -commit e0f609c8a2ab940374689ab8c854199c3c285a76 -Author: Darren Tucker -Date: Fri Jun 9 13:36:29 2017 +1000 - - Wrap stdint.h include in #ifdef. + Use printenv to test whether an SSH_USER_AUTH is set + instead of using $SSH_USER_AUTH. The latter won't work with csh which treats + unknown variables as an error when expanding them. OK markus@ + + OpenBSD-Regress-ID: f601e878dd8b71aa40381573dde3a8f567e6f2d1 -commit 1de5e47a85850526a4fdaf77185134046c050f75 -Author: djm@openbsd.org -Date: Wed Jun 7 01:48:15 2017 +0000 +commit 116b1b439413a724ebb3320633a64dd0f3ee1fe7 +Author: millert@openbsd.org@openbsd.org +Date: Tue Oct 24 19:33:32 2017 +0000 upstream commit - unbreak after sshv1 purge + Add tests for URI parsing. OK markus@ - Upstream-Regress-ID: 8ea01a92d5f571b9fba88c1463a4254a7552d51b + OpenBSD-Regress-ID: 5d1df19874f3b916d1a2256a905526e17a98bd3b -commit 550c053168123fcc0791f9952abad684704b5760 -Author: dtucker@openbsd.org -Date: Tue Jun 6 09:12:17 2017 +0000 +commit dbe0662e9cd482593a4a8bf58c6481bfe8a747a4 +Author: djm@openbsd.org@openbsd.org +Date: Fri Oct 27 01:57:06 2017 +0000 upstream commit - Fix compression output stats broken in rev 1.201. Patch - originally by Russell Coker via Debian bug #797964 and Christoph Biedl. ok - djm@ + whitespace at EOL - Upstream-ID: 83a1903b95ec2e4ed100703debb4b4a313b01016 + OpenBSD-Commit-ID: c95549cf5a07d56ea11aaff818415118720214f6 -commit 55d06c6e72a9abf1c06a7ac2749ba733134a1f39 -Author: djm@openbsd.org -Date: Fri Jun 2 06:06:10 2017 +0000 +commit d2135474344335a7c6ee643b6ade6db400fa76ee +Author: djm@openbsd.org@openbsd.org +Date: Fri Oct 27 01:01:17 2017 +0000 upstream commit - rationalise the long list of manual CDIAGFLAGS that we - add; most of these were redundant to -Wall -Wextra + whitespace at EOL (lots) - Upstream-ID: ea80f445e819719ccdcb237022cacfac990fdc5c + OpenBSD-Commit-ID: 757257dd44116794ee1b5a45c6724973de181747 -commit 1527d9f61e6d50f6c2b4a3fa5b45829034b1b0b1 -Author: djm@openbsd.org -Date: Thu Jun 1 06:59:21 2017 +0000 +commit b77c29a07f5a02c7c1998701c73d92bde7ae1608 +Author: djm@openbsd.org@openbsd.org +Date: Fri Oct 27 00:18:41 2017 +0000 upstream commit - no need to bzero allocated space now that we use use - recallocarray; ok deraadt@ + improve printing of rdomain on accept() a little - Upstream-ID: 53333c62ccf97de60b8cb570608c1ba5ca5803c8 + OpenBSD-Commit-ID: 5da58db2243606899cedaa646c70201b2d12247a -commit cc812baf39b93d5355565da98648d8c31f955990 -Author: djm@openbsd.org -Date: Thu Jun 1 06:58:25 2017 +0000 +commit 68d3bbb2e6dfbf117c46e942142795b2cdd0274b +Author: jmc@openbsd.org@openbsd.org +Date: Thu Oct 26 06:44:01 2017 +0000 upstream commit - unconditionally zero init size of buffer; ok markus@ - deraadt@ + mark up the rdomain keyword; - Upstream-ID: 218963e846d8f26763ba25afe79294547b99da29 - -commit 65eb8fae0d7ba45ef4483a3cf0ae7fd0dbc7c226 -Author: Damien Miller -Date: Thu Jun 1 16:25:09 2017 +1000 - - avoid compiler warning + OpenBSD-Commit-ID: 1b597d0ad0ad20e94dbd61ca066057e6f6313b8a -commit 2d75d74272dc2a0521fce13cfe6388800c9a2406 -Author: djm@openbsd.org -Date: Thu Jun 1 06:16:43 2017 +0000 +commit 0b2e2896b9d0d6cfb59e9ec8271085296bd4e99b +Author: jmc@openbsd.org@openbsd.org +Date: Wed Oct 25 06:19:46 2017 +0000 upstream commit - some warnings spotted by clang; ok markus@ + tweak the uri text, specifically removing some markup to + make it a bit more readable; - Upstream-ID: 24381d68ca249c5cee4388ceb0f383fa5b43991b - -commit 151c6e433a5f5af761c78de87d7b5d30a453cf5e -Author: Damien Miller -Date: Thu Jun 1 15:25:13 2017 +1000 - - add recallocarray replacement and dependency + issue reported by - and diff ok - millert - recallocarray() needs getpagesize() so add a tiny replacement for that. - -commit 01e6f78924da308447e71e9a32c8a6104ef4e888 -Author: Damien Miller -Date: Thu Jun 1 15:16:24 2017 +1000 - - add *.0 manpage droppings + OpenBSD-Commit-ID: 8b56a20208040b2d0633536fd926e992de37ef3f -commit 4b2e2d3fd9dccff357e1e26ce9a5f2e103837a36 -Author: djm@openbsd.org -Date: Thu Jun 1 04:51:58 2017 +0000 +commit 7530e77bdc9415386d2a8ea3d086e8b611b2ba40 +Author: jmc@openbsd.org@openbsd.org +Date: Wed Oct 25 06:18:06 2017 +0000 upstream commit - fix casts re constness + simplify macros in previous, and some minor tweaks; - Upstream-ID: e38f2bac162b37dbaf784d349c8327a6626fa266 + OpenBSD-Commit-ID: 6efeca3d8b095b76e21b484607d9cc67ac9a11ca -commit 75b8af8de805c0694b37fcf80ce82783b2acc86f -Author: markus@openbsd.org -Date: Wed May 31 10:54:00 2017 +0000 +commit eb9c582b710dc48976b48eb2204218f6863bae9a +Author: Damien Miller +Date: Tue Oct 31 00:46:29 2017 +1100 - upstream commit + Switch upstream git repository. - make sure we don't pass a NULL string to vfprintf - (triggered by the principals-command regress test); ok bluhm + Previously portable OpenSSH has synced against a conversion of OpenBSD's + CVS repository made using the git cvsimport tool, but this has become + increasingly unreliable. - Upstream-ID: eb49854f274ab37a0b57056a6af379a0b7111990 - -commit 84008608c9ee944d9f72f5100f31ccff743b10f2 -Author: markus@openbsd.org -Date: Wed May 31 10:04:29 2017 +0000 - - upstream commit + As of this commit, portable OpenSSH now tracks a conversion of the + OpenBSD CVS upstream made using the excellent cvs2gitdump tool from + YASUOKA Masahiko: https://github.com/yasuoka/cvs2gitdump - use SO_ZEROIZE for privsep communication (if available) + cvs2gitdump is considerably more reliable than gitcvsimport and the old + version of cvsps that it uses under the hood, and is the same tool used + to export the entire OpenBSD repository to git (so we know it can cope + with future growth). - Upstream-ID: abcbb6d2f8039fc4367a6a78096e5d5c39de4a62 - -commit 9e509d4ec97cb3d71696f1a2f1fdad254cbbce11 -Author: deraadt@openbsd.org -Date: Wed May 31 09:15:42 2017 +0000 - - upstream commit + These new conversions are mirrored at github, so interested parties can + match portable OpenSSH commits to their upstream counterparts. - Switch to recallocarray() for a few operations. Both - growth and shrinkage are handled safely, and there also is no need for - preallocation dances. Future changes in this area will be less error prone. - Review and one bug found by markus + https://github.com/djmdjm/openbsd-openssh-src + https://github.com/djmdjm/openbsd-openssh-regress - Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065 + An unfortunate side effect of switching upstreams is that we must have + a flag day, across which the upstream commit IDs will be inconsistent. + The old commit IDs are recorded with the tags "Upstream-ID" for main + directory commits and "Upstream-Regress-ID" for regress commits. + + To make it clear that the commit IDs do not refer to the same + things, the new repository will instead use "OpenBSD-ID" and + "OpenBSD-Regress-ID" tags instead. + + Apart from being a longwinded explanation of what is going on, this + commit message also serves to synchronise our tools with the state of + the tree, which happens to be: + + OpenBSD-ID: 9c43a9968c7929613284ea18e9fb92e4e2a8e4c1 + OpenBSD-Regress-ID: b33b385719420bf3bc57d664feda6f699c147fef + +commit 2de5c6b53bf063ac698596ef4e23d8e3099656ea +Author: Damien Miller +Date: Fri Oct 27 08:42:33 2017 +1100 + + fix rdomain compilation errors + +commit 6bd5b569fd6dfd5e8c8af20bbc41e45c2d6462ab +Author: Damien Miller +Date: Wed Oct 25 14:15:42 2017 +1100 -commit dc5dc45662773c0f7745c29cf77ae2d52723e55e -Author: deraadt@openbsd.org -Date: Wed May 31 08:58:52 2017 +0000 + autoconf glue to enable Linux VRF - upstream commit - - These shutdown() SHUT_RDWR are not needed before close() - ok djm markus claudio - - Upstream-ID: 36f13ae4ba10f5618cb9347933101eb4a98dbcb5 +commit 97c5aaf925d61641d599071abb56012cde265978 +Author: Damien Miller +Date: Wed Oct 25 14:09:56 2017 +1100 -commit 1e0cdf8efb745d0d1116e1aa22bdc99ee731695e -Author: markus@openbsd.org -Date: Wed May 31 08:09:45 2017 +0000 + basic valid_rdomain() implementation for Linux - upstream commit - - clear session keys from memory; ok djm@ +commit ce1cca39d7935dd394080ce2df62f5ce5b51f485 +Author: Damien Miller +Date: Wed Oct 25 13:47:59 2017 +1100 + + implement get/set_rdomain() for Linux - Upstream-ID: ecd178819868975affd5fd6637458b7c712b6a0f + Not enabled, pending implementation of valid_rdomain() and autoconf glue -commit 92e9fe633130376a95dd533df6e5e6a578c1e6b8 -Author: markus@openbsd.org -Date: Wed May 31 07:00:13 2017 +0000 +commit 6eee79f9b8d4a3b113b698383948a119acb82415 +Author: Damien Miller +Date: Wed Oct 25 13:22:29 2017 +1100 - upstream commit - - remove now obsolete ctx from ssh_dispatch_run; ok djm@ - - Upstream-ID: 9870aabf7f4d71660c31fda91b942b19a8e68d29 + stubs for rdomain replacement functions -commit 17ad5b346043c5bbc5befa864d0dbeb76be39390 -Author: markus@openbsd.org -Date: Wed May 31 05:34:14 2017 +0000 +commit f5594f939f844bbb688313697d6676238da355b3 +Author: Damien Miller +Date: Wed Oct 25 13:13:57 2017 +1100 - upstream commit - - use the ssh_dispatch_run_fatal variant + rename port-tun.[ch] => port-net.[ch] - Upstream-ID: 28c5b364e37c755d1b22652b8cd6735a05c625d8 + Ahead of adding rdomain support -commit 39896b777320a6574dd06707aebac5fb98e666da +commit d685e5a31feea35fb99e1a31a70b3c60a7f2a0eb Author: djm@openbsd.org -Date: Wed May 31 05:08:46 2017 +0000 +Date: Wed Oct 25 02:10:39 2017 +0000 upstream commit - another ctx => ssh conversion (in GSSAPI code) + uninitialised variable in PermitTunnel printing code - Upstream-ID: 4d6574c3948075c60608d8e045af42fe5b5d8ae0 + Upstream-ID: f04dc33e42855704e116b8da61095ecc71bc9e9a -commit 6116bd4ed354a71a733c8fd0f0467ce612f12911 +commit 43c29bb7cfd46bbbc61e0ffa61a11e74d49a712f Author: Damien Miller -Date: Wed May 31 14:56:07 2017 +1000 +Date: Wed Oct 25 13:10:59 2017 +1100 - fix conversion of kexc25519s.c to struct ssh too - - git cvsimport missed this commit for some reason + provide hooks and fallbacks for rdomain support -commit d40dbdc85b6fb2fd78485ba02225511b8cbf20d7 +commit 3235473bc8e075fad7216b7cd62fcd2b0320ea04 +Author: Damien Miller +Date: Wed Oct 25 11:25:43 2017 +1100 + + check for net/route.h and sys/sysctl.h + +commit 4d5456c7de108e17603a0920c4d15bca87244921 Author: djm@openbsd.org -Date: Wed May 31 04:29:44 2017 +0000 +Date: Wed Oct 25 00:21:37 2017 +0000 upstream commit - spell out that custom options/extensions should follow the - usual SSH naming rules, e.g. "extension@example.com" + transfer ownership of stdout to the session channel by + dup2'ing /dev/null to fd 1. This allows propagation of remote stdout close to + the local side; reported by David Newall, ok markus@ - Upstream-ID: ab326666d2fad40769ec96b5a6de4015ffd97b8d + Upstream-ID: 8d9ac18a11d89e6b0415f0cbf67b928ac67f0e79 -commit 2a108277f976e8d0955c8b29d1dfde04dcbb3d5b +commit 68af80e6fdeaeb79432209db614386ff0f37e75f Author: djm@openbsd.org -Date: Wed May 31 04:17:12 2017 +0000 +Date: Wed Oct 25 00:19:47 2017 +0000 upstream commit - one more void *ctx => struct ssh *ssh conversion + add a "rdomain" criteria for the sshd_config Match + keyword to allow conditional configuration that depends on which rdomain(4) a + connection was recevied on. ok markus@ - Upstream-ID: d299d043471c10214cf52c03daa10f1c232759e2 + Upstream-ID: 27d8fd5a3f1bae18c9c6e533afdf99bff887a4fb -commit c04e979503e97f52b750d3b98caa6fe004ab2ab9 +commit 35eb33fb957979e3fcbe6ea0eaee8bf4a217421a Author: djm@openbsd.org -Date: Wed May 31 00:43:04 2017 +0000 +Date: Wed Oct 25 00:17:08 2017 +0000 upstream commit - fix possible OOB strlen() in SOCKS4A hostname parsing; + add sshd_config RDomain keyword to place sshd and the + subsequent user session (including the shell and any TCP/IP forwardings) into + the specified rdomain(4) + ok markus@ - Upstream-ID: c67297cbeb0e5a19d81752aa18ec44d31270cd11 + Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5 -commit a3bb250c93bfe556838c46ed965066afce61cffa -Author: jmc@openbsd.org -Date: Tue May 30 19:38:17 2017 +0000 +commit acf559e1cffbd1d6167cc1742729fc381069f06b +Author: djm@openbsd.org +Date: Wed Oct 25 00:15:35 2017 +0000 upstream commit - tweak previous; + Add optional rdomain qualifier to sshd_config's + ListenAddress option to allow listening on a different rdomain(4), e.g. - Upstream-ID: 66987651046c42d142f7318c9695fb81a6d14031 + ListenAddress 0.0.0.0 rdomain 4 + + Upstream-ID: 24b6622c376feeed9e9be8b9605e593695ac9091 -commit 1112b534a6a7a07190e497e6bf86b0d5c5fb02dc -Author: bluhm@openbsd.org -Date: Tue May 30 18:58:37 2017 +0000 +commit b9903ee8ee8671b447fc260c2bee3761e26c7227 +Author: millert@openbsd.org +Date: Tue Oct 24 19:41:45 2017 +0000 upstream commit - Add RemoteCommand option to specify a command in the - ssh config file instead of giving it on the client's command line. This - command will be executed on the remote host. The feature allows to automate - tasks using ssh config. OK markus@ + Kill dead store and some spaces vs. tabs indent in + parse_user_host_path(). Noticed by markus@ - Upstream-ID: 5d982fc17adea373a9c68cae1021ce0a0904a5ee + Upstream-ID: 114fec91dadf9af46c7c94fd40fc630ea2de8200 -commit eb272ea4099fd6157846f15c129ac5727933aa69 -Author: markus@openbsd.org -Date: Tue May 30 14:29:59 2017 +0000 +commit 0869627e00f4ee2a038cb62d7bd9ffad405e1800 +Author: jmc@openbsd.org +Date: Tue Oct 24 06:27:42 2017 +0000 upstream commit - switch auth2 to ssh_dispatch API; ok djm@ + tweak previous; ok djm - Upstream-ID: a752ca19e2782900dd83060b5c6344008106215f + Upstream-ID: 7d913981ab315296be1f759c67b6e17aea38fca9 -commit 5a146bbd4fdf5c571f9fb438e5210d28cead76d9 -Author: markus@openbsd.org -Date: Tue May 30 14:27:22 2017 +0000 +commit e3fa20e2e58fdc88a0e842358778f2de448b771b +Author: Damien Miller +Date: Mon Oct 23 16:25:24 2017 +1100 - upstream commit - - switch auth2-none.c to modern APIs; ok djm@ - - Upstream-ID: 07252b58e064d332214bcabbeae8e08c44b2001b + avoid -Wsign-compare warning in argv copying -commit 60306b2d2f029f91927c6aa7c8e08068519a0fa2 -Author: markus@openbsd.org -Date: Tue May 30 14:26:49 2017 +0000 +commit b7548b12a6b2b4abf4d057192c353147e0abba08 +Author: djm@openbsd.org +Date: Mon Oct 23 05:08:00 2017 +0000 upstream commit - switch auth2-passwd.c to modern APIs; ok djm@ + Expose devices allocated for tun/tap forwarding. - Upstream-ID: cba0a8b72b4f97adfb7e3b3fd2f8ba3159981fc7 - -commit eb76698b91338bd798c978d4db2d6af624d185e4 -Author: markus@openbsd.org -Date: Tue May 30 14:25:42 2017 +0000 - - upstream commit + At the client, the device may be obtained from a new %T expansion + for LocalCommand. - switch auth2-hostbased.c to modern APIs; ok djm@ + At the server, the allocated devices will be listed in a + SSH_TUNNEL variable exposed to the environment of any user sessions + started after the tunnel forwarding was established. - Upstream-ID: 146af25c36daeeb83d5dbbb8ca52b5d25de88f4e + ok markus + + Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e -commit 2ae666a8fc20b3b871b2f1b90ad65cc027336ccd -Author: markus@openbsd.org -Date: Tue May 30 14:23:52 2017 +0000 +commit 887669ef032d63cf07f53cada216fa8a0c9a7d72 +Author: millert@openbsd.org +Date: Sat Oct 21 23:06:24 2017 +0000 upstream commit - protocol handlers all get struct ssh passed; ok djm@ + Add URI support to ssh, sftp and scp. For example + ssh://user@host or sftp://user@host/path. The connection parameters + described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since + the ssh fingerprint format in the draft uses md5 with no way to specify the + hash function type. OK djm@ - Upstream-ID: 0ca9ea2a5d01a6d2ded94c5024456a930c5bfb5d + Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc -commit 94583beb24a6c5fd19cedb9104ab2d2d5cd052b6 -Author: markus@openbsd.org -Date: Tue May 30 14:19:15 2017 +0000 +commit d27bff293cfeb2252f4c7a58babe5ad3262c6c98 +Author: Damien Miller +Date: Fri Oct 20 13:22:00 2017 +1100 - upstream commit - - ssh: pass struct ssh to auth functions, too; ok djm@ - - Upstream-ID: d13c509cc782f8f19728fbea47ac7cf36f6e85dd + Fix missed RCSID merges -commit 5f4082d886c6173b9e90b9768c9a38a3bfd92c2b -Author: markus@openbsd.org -Date: Tue May 30 14:18:15 2017 +0000 +commit d3b6aeb546242c9e61721225ac4387d416dd3d5e +Author: djm@openbsd.org +Date: Fri Oct 20 02:13:41 2017 +0000 upstream commit - sshd: pass struct ssh to auth functions; ok djm@ + more RCSIDs - Upstream-ID: b00a80c3460884ebcdd14ef550154c761aebe488 + Upstream-Regress-ID: 1aecbe3f8224793f0ec56741a86d619830eb33be -commit 7da5df11ac788bc1133d8d598d298e33500524cc -Author: markus@openbsd.org -Date: Tue May 30 14:16:41 2017 +0000 +commit b011edbb32e41aaab01386ce4c0efcc9ff681c4a +Author: djm@openbsd.org +Date: Fri Oct 20 01:56:39 2017 +0000 upstream commit - remove unused wrapper functions from key.[ch]; ok djm@ + add RCSIDs to these; they make syncing portable a bit + easier - Upstream-ID: ea0f4016666a6817fc11f439dd4be06bab69707e + Upstream-ID: 56cb7021faea599736dd7e7f09c2e714425b1e68 -commit ff7371afd08ac0bbd957d90451d4dcd0da087ef5 -Author: markus@openbsd.org -Date: Tue May 30 14:15:17 2017 +0000 +commit 6eb27597781dccaf0ec2b80107a9f0592a0cb464 +Author: Damien Miller +Date: Fri Oct 20 12:54:15 2017 +1100 upstream commit - sshkey_new() might return NULL (pkcs#11 code only); ok - djm@ + Apply missing commit 1.11 to kexc25519s.c - Upstream-ID: de9f2ad4a42c0b430caaa7d08dea7bac943075dd + Upstream-ID: 5f020e23a1ee6c3597af1f91511e68552cdf15e8 -commit beb965bbc5a984fa69fb1e2b45ebe766ae09d1ef -Author: markus@openbsd.org -Date: Tue May 30 14:13:40 2017 +0000 +commit 6f72280553cb6918859ebcacc717f2d2fafc1a27 +Author: Damien Miller +Date: Fri Oct 20 12:52:50 2017 +1100 upstream commit - switch sshconnect.c to modern APIs; ok djm@ + Apply missing commit 1.127 to servconf.h - Upstream-ID: 27be17f84b950d5e139b7a9b281aa487187945ad + Upstream-ID: f14c4bac74a2b7cf1e3cff6bea5c447f192a7d15 -commit 00ed75c92d1f95fe50032835106c368fa22f0f02 -Author: markus@openbsd.org -Date: Tue May 30 14:10:53 2017 +0000 +commit bb3e16ab25cb911238c2eb7455f9cf490cb143cc +Author: jmc@openbsd.org +Date: Wed Oct 18 05:36:59 2017 +0000 upstream commit - switch auth2-pubkey.c to modern APIs; with & ok djm@ + remove unused Pp; - Upstream-ID: 8f08d4316eb1b0c4ffe4a206c05cdd45ed1daf07 + Upstream-ID: 8ad26467f1f6a40be887234085a8e01a61a00550 -commit 54d90ace1d3535b44d92a8611952dc109a74a031 -Author: markus@openbsd.org -Date: Tue May 30 08:52:19 2017 +0000 +commit 05b69e99570553c8e1eafb895b1fbf1d098d2e14 +Author: djm@openbsd.org +Date: Wed Oct 18 02:49:44 2017 +0000 upstream commit - switch from Key typedef with struct sshkey; ok djm@ + In the description of pattern-lists, clarify negated + matches by explicitly stating that a negated match will never yield a + positive result, and that at least one positive term in the pattern-list must + match. bz#1918 - Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f + Upstream-ID: 652d2f9d993f158fc5f83cef4a95cd9d95ae6a14 -commit c221219b1fbee47028dcaf66613f4f8d6b7640e9 -Author: markus@openbsd.org -Date: Tue May 30 08:49:58 2017 +0000 +commit eb80e26a15c10bc65fed8b8cdb476819a713c0fd +Author: djm@openbsd.org +Date: Fri Oct 13 21:13:54 2017 +0000 upstream commit - remove ssh1 references; ok djm@ + log debug messages sent to peer; ok deraadt markus - Upstream-ID: fc23b7578e7b0a8daaec72946d7f5e58ffff5a3d + Upstream-ID: 3b4fdc0a06ea5083f61d96e20043000f477103d9 -commit afbfa68fa18081ef05a9cd294958509a5d3cda8b -Author: markus@openbsd.org -Date: Tue May 30 08:49:32 2017 +0000 +commit 071325f458d615d7740da5c1c1d5a8b68a0b4605 +Author: jmc@openbsd.org +Date: Fri Oct 13 16:50:45 2017 +0000 upstream commit - revise sshkey_load_public(): remove ssh1 related - comments, remove extra open()/close() on keyfile, prevent leak of 'pub' if - 'keyp' is NULL, replace strlcpy+cat with asprintf; ok djm@ + trim permitrootlogin description somewhat, to avoid + ambiguity; original diff from walter alejandro iglesias, tweaked by sthen and + myself - Upstream-ID: 6175e47cab5b4794dcd99c1175549a483ec673ca + ok sthen schwarze deraadt + + Upstream-ID: 1749418b2bc073f3fdd25fe21f8263c3637fe5d2 -commit 813f55336a24fdfc45e7ed655fccc7d792e8f859 -Author: markus@openbsd.org -Date: Fri May 26 20:34:49 2017 +0000 +commit 10727487becb897a15f658e0cb2d05466236e622 +Author: djm@openbsd.org +Date: Fri Oct 13 06:45:18 2017 +0000 upstream commit - sshbuf_consume: reset empty buffer; ok djm@ + mention SSH_USER_AUTH in the list of environment + variables - Upstream-ID: 0d4583ba57f69e369d38bbd7843d85cac37fa821 + Upstream-ID: 1083397c3ee54b4933121ab058c70a0fc6383691 -commit 6cf711752cc2a7ffaad1fb4de18cae65715ed8bb -Author: markus@openbsd.org -Date: Fri May 26 19:35:50 2017 +0000 +commit 224f193d6a4b57e7a0cb2b9ecd3b6c54d721d8c2 +Author: djm@openbsd.org +Date: Fri Oct 13 06:24:51 2017 +0000 upstream commit - remove SSH_CHANNEL_XXX_DRAINING (ssh1 only); ok djm@ + BIO_get_mem_data() is supposed to take a char* as pointer + argument, so don't pass it a const char* - Upstream-ID: e2e225b6ac67b84dd024f38819afff2554fafe42 + Upstream-ID: 1ccd91eb7f4dd4f0fa812d4f956987cd00b5f6ec -commit 364f0d5edea27767fb0f915ea7fc61aded88d3e8 -Author: markus@openbsd.org -Date: Fri May 26 19:34:12 2017 +0000 +commit cfa46825b5ef7097373ed8e31b01a4538a8db565 +Author: benno@openbsd.org +Date: Mon Oct 9 20:12:51 2017 +0000 upstream commit - remove channel_input_close_confirmation (ssh1 only); ok - djm@ + clarify the order in which config statements are used. ok + jmc@ djm@ - Upstream-ID: 8e7c8c38f322d255bb0294a5c0ebef53fdf576f1 + Upstream-ID: e37e27bb6bbac71315e22cb9690fd8a556a501ed -commit 8ba0fd40082751dbbc23a830433488bbfb1abdca +commit dceabc7ad7ebc7769c8214a1647af64c9a1d92e5 Author: djm@openbsd.org -Date: Fri May 26 01:40:07 2017 +0000 +Date: Thu Oct 5 15:52:03 2017 +0000 upstream commit - fix references to obsolete v00 cert format; spotted by - Jakub Jelen + replace statically-sized arrays in ServerOptions with + dynamic ones managed by xrecallocarray, removing some arbitrary (though + large) limits and saving a bit of memory; "much nicer" markus@ - Upstream-ID: 7600ce193ab8fd19451acfe24fc2eb39d46b2c4f + Upstream-ID: 1732720b2f478fe929d6687ac7b0a97ff2efe9d2 -commit dcc714c65cfb81eb6903095b4590719e8690f3da -Author: Mike Frysinger -Date: Wed May 24 23:21:19 2017 -0400 +commit 2b4f3ab050c2aaf6977604dd037041372615178d +Author: jmc@openbsd.org +Date: Thu Oct 5 12:56:50 2017 +0000 - configure: actually set cache vars when cross-compiling + upstream commit - The cross-compiling fallback message says it's assuming the test - passed, but it didn't actually set the cache var which causes - later tests to fail. + %C is hashed; from klemens nanni ok markus + + Upstream-ID: 6ebed7b2e1b6ee5402a67875d74f5e2859d8f998 -commit 947a3e829a5b8832a4768fd764283709a4ca7955 +commit a66714508b86d6814e9055fefe362d9fe4d49ab3 Author: djm@openbsd.org -Date: Sat May 20 02:35:47 2017 +0000 +Date: Wed Oct 4 18:50:23 2017 +0000 upstream commit - there's no reason to artificially limit the key path - here, just check that it fits PATH_MAX; spotted by Matthew Patton + exercise PermitOpen a little more thoroughly - Upstream-ID: 858addaf2009c9cf04d80164a41b2088edb30b58 + Upstream-Regress-ID: f41592334e227a4c1f9a983044522de4502d5eac -commit 773224802d7cb250bb8b461546fcce10567b4b2e -Author: djm@openbsd.org -Date: Fri May 19 21:07:17 2017 +0000 +commit 609ecc8e57eb88e2eac976bd3cae7f7889aaeff6 +Author: dtucker@openbsd.org +Date: Tue Sep 26 22:39:25 2017 +0000 upstream commit - Now that we no longer support SSHv1, replace the contents - of this file with a pointer to - https://tools.ietf.org/html/draft-miller-ssh-agent-00 It's better edited, - doesn't need to document stuff we no longer implement and does document stuff - that we do implement (RSA SHA256/512 signature flags) + UsePrivilegeSeparation is gone, stop trying to test it. - Upstream-ID: da8cdc46bbcc266efabd565ddddd0d8e556f846e + Upstream-Regress-ID: 796a5057cfd79456a20ea935cc53f6eb80ace191 -commit 54cd41a4663fad66406dd3c8fe0e4760ccd8a899 +commit 69bda0228861f3dacd4fb3d28b60ce9d103d254b Author: djm@openbsd.org -Date: Wed May 17 01:24:17 2017 +0000 +Date: Wed Oct 4 18:49:30 2017 +0000 upstream commit - allow LogLevel in sshd_config Match blocks; ok dtucker - bz#2717 + fix (another) problem in PermitOpen introduced during the + channels.c refactor: the third and subsequent arguments to PermitOpen were + being silently ignored; ok markus@ - Upstream-ID: 662e303be63148f47db1aa78ab81c5c2e732baa8 + Upstream-ID: 067c89f1f53cbc381628012ba776d6861e6782fd -commit 277abcda3f1b08d2376686f0ef20320160d4c8ab +commit 66bf74a92131b7effe49fb0eefe5225151869dc5 Author: djm@openbsd.org -Date: Tue May 16 16:56:15 2017 +0000 +Date: Mon Oct 2 19:33:20 2017 +0000 upstream commit - remove duplicate check; spotted by Jakub Jelen + Fix PermitOpen crash; spotted by benno@, ok dtucker@ deraadt@ - Upstream-ID: 30c2996c1767616a8fdc49d4cee088efac69c3b0 + Upstream-ID: c2cc84ffac070d2e1ff76182c70ca230a387983c -commit adb47ce839c977fa197e770c1be8f852508d65aa -Author: djm@openbsd.org -Date: Tue May 16 16:54:05 2017 +0000 +commit d63b38160a59039708fd952adc75a0b3da141560 +Author: Damien Miller +Date: Sun Oct 1 10:32:25 2017 +1100 - upstream commit - - mention that Ed25519 keys are valid as CA keys; spotted - by Jakub Jelen + update URL again - Upstream-ID: d3f6db58b30418cb1c3058211b893a1ffed3dfd4 + I spotted a typo in the draft so uploaded a new version... -commit 6bdf70f01e700348bb4d8c064c31a0ab90896df6 +commit 6f64f596430cd3576c529f07acaaf2800aa17d58 Author: Damien Miller -Date: Tue May 9 14:35:03 2017 +1000 +Date: Sun Oct 1 10:01:56 2017 +1100 - clean up regress files and add a .gitignore + sync release notes URL -commit 7bdb2eeb1d3c26acdc409bd94532eefa252e440b +commit 35ff70a04dd71663a5ac1e73b90d16d270a06e0d +Author: Damien Miller +Date: Sun Oct 1 10:01:25 2017 +1100 + + sync contrib/ssh-copy-id with upstream + +commit 290843b8ede85f8b30bf29cd7dceb805c3ea5b66 +Author: Damien Miller +Date: Sun Oct 1 09:59:19 2017 +1100 + + update version in RPM spec files + +commit 4e4e0bb223c5be88d87d5798c75cc6b0d4fef31d +Author: Damien Miller +Date: Sun Oct 1 09:58:24 2017 +1100 + + update agent draft URL + +commit e4a798f001d2ecd8bf025c1d07658079f27cc604 Author: djm@openbsd.org -Date: Mon May 8 22:57:38 2017 +0000 +Date: Sat Sep 30 22:26:33 2017 +0000 upstream commit - remove hmac-ripemd160; ok dtucker + openssh-7.6; ok deraadt@ - Upstream-ID: 896e737ea0bad6e23327d1c127e02d5e9e9c654d + Upstream-ID: a39c3a5b63a1baae109ae1ae4c7c34c2a59acde0 -commit 5f02bb1f99f70bb422be8a5c2b77ef853f1db554 -Author: djm@openbsd.org -Date: Mon May 8 06:11:06 2017 +0000 +commit 5fa1407e16e7e5fda9769d53b626ce39d5588d4d +Author: jmc@openbsd.org +Date: Wed Sep 27 06:45:53 2017 +0000 upstream commit - make requesting bad ECDSA bits yield the same error - (SSH_ERR_KEY_LENGTH) as the same mistake for RSA/DSA + tweak EposeAuthinfo; diff from lars nooden - Upstream-ID: bf40d3fee567c271e33f05ef8e4e0fa0b6f0ece6 + tweaked by sthen; ok djm dtucker + + Upstream-ID: 8f2ea5d2065184363e8be7a0ba24d98a3b259748 -commit d757a4b633e8874629a1442c7c2e7b1b55d28c19 -Author: djm@openbsd.org -Date: Mon May 8 06:08:42 2017 +0000 +commit bba69c246f0331f657fd6ec97724df99fc1ad174 +Author: Damien Miller +Date: Thu Sep 28 16:06:21 2017 -0700 - upstream commit + don't fatal ./configure for LibreSSL + +commit 04dc070e8b4507d9d829f910b29be7e3b2414913 +Author: Damien Miller +Date: Thu Sep 28 14:54:34 2017 -0700 + + abort in configure when only openssl-1.1.x found - fix for new SSH_ERR_KEY_LENGTH error value + We don't support openssl-1.1.x yet (see multiple threads on the + openssh-unix-dev@ mailing list for the reason), but previously + ./configure would accept it and the compilation would subsequently + fail. This makes ./configure display an explicit error message and + abort. - Upstream-Regress-ID: c38a6e6174d4c3feca3518df150d4fbae0dca8dc + ok dtucker@ -commit 2e58a69508ac49c02d1bb6057300fa6a76db1045 -Author: djm@openbsd.org -Date: Mon May 8 06:03:39 2017 +0000 +commit 74c1c3660acf996d9dc329e819179418dc115f2c +Author: Darren Tucker +Date: Wed Sep 27 07:44:41 2017 +1000 + + Check for and handle calloc(p, 0) = NULL. + + On some platforms (AIX, maybe others) allocating zero bytes of memory + via the various *alloc functions returns NULL, which is permitted + by the standards. Autoconf has some macros for detecting this (with + the exception of calloc for some reason) so use these and if necessary + activate shims for them. ok djm@ + +commit 6a9481258a77b0b54b2a313d1761c87360c5f1f5 +Author: markus@openbsd.org +Date: Thu Sep 21 19:18:12 2017 +0000 upstream commit - helps if I commit the correct version of the file. fix - missing return statement. + test reverse dynamic forwarding with SOCKS - Upstream-ID: c86394a3beeb1ec6611e659bfa830254f325546c + Upstream-Regress-ID: 95cf290470f7e5e2f691e4bc6ba19b91eced2f79 -commit effaf526bfa57c0ac9056ca236becf52385ce8af -Author: djm@openbsd.org -Date: Mon May 8 01:52:49 2017 +0000 +commit 1b9f321605733754df60fac8c1d3283c89b74455 +Author: Damien Miller +Date: Tue Sep 26 16:55:55 2017 +1000 + + sync missing changes in dynamic-forward.sh + +commit 44fc334c7a9ebdd08addb6d5fa005369897fddeb +Author: Darren Tucker +Date: Mon Sep 25 09:48:10 2017 +1000 - upstream commit - - remove arcfour, blowfish and CAST here too - - Upstream-Regress-ID: c613b3bcbef75df1fe84ca4dc2d3ef253dc5e920 + Add minimal strsignal for platforms without it. -commit 7461a5bc571696273252df28a1f1578968cae506 +commit 218e6f98df566fb9bd363f6aa47018cb65ede196 Author: djm@openbsd.org -Date: Mon May 8 00:21:36 2017 +0000 +Date: Sun Sep 24 13:45:34 2017 +0000 upstream commit - I was too aggressive with the scalpel in the last commit; - unbreak sshd, spotted quickly by naddy@ + fix inverted test on channel open failure path that + "upgraded" a transient failure into a fatal error; reported by sthen and also + seen by benno@; ok sthen@ - Upstream-ID: fb7e75d2b2c7e6ca57dee00ca645e322dd49adbf + Upstream-ID: b58b3fbb79ba224599c6cd6b60c934fc46c68472 -commit bd636f40911094a39c2920bf87d2ec340533c152 +commit c704f641f7b8777497dc82e81f2ac89afec7e401 Author: djm@openbsd.org -Date: Sun May 7 23:15:59 2017 +0000 +Date: Sun Sep 24 09:50:01 2017 +0000 upstream commit - Refuse RSA keys <1024 bits in length. Improve reporting - for keys that do not meet this requirement. ok markus@ + write the correct buffer when tunnel forwarding; doesn't + matter on OpenBSD (they are the same) but does matter on portable where we + use an output filter to translate os-specific tun/tap headers - Upstream-ID: b385e2a7b13b1484792ee681daaf79e1e203df6c + Upstream-ID: f1ca94eff48404827b12e1d12f6139ee99a72284 -commit 70c1218fc45757a030285051eb4d209403f54785 +commit 55486f5cef117354f0c64f991895835077b7c7f7 Author: djm@openbsd.org -Date: Sun May 7 23:13:42 2017 +0000 +Date: Sat Sep 23 22:04:07 2017 +0000 upstream commit - Don't offer CBC ciphers by default in the client. ok - markus@ + fix tunnel forwarding problem introduced in refactor; + reported by stsp@ ok markus@ - Upstream-ID: 94c9ce8d0d1a085052e11c7f3307950fdc0901ef + Upstream-ID: 81a731cdae1122c8522134095d1a8b60fa9dcd04 -commit acaf34fd823235d549c633c0146ee03ac5956e82 -Author: djm@openbsd.org -Date: Sun May 7 23:12:57 2017 +0000 +commit 609d7a66ce578abf259da2d5f6f68795c2bda731 +Author: markus@openbsd.org +Date: Thu Sep 21 19:16:53 2017 +0000 upstream commit - As promised in last release announcement: remove - support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@ + Add 'reverse' dynamic forwarding which combines dynamic + forwarding (-D) with remote forwarding (-R) where the remote-forwarded port + expects SOCKS-requests. - Upstream-ID: 21f8facdba3fd8da248df6417000867cec6ba222 - -commit 3e371bd2124427403971db853fb2e36ce789b6fd -Author: naddy@openbsd.org -Date: Fri May 5 10:42:49 2017 +0000 - - upstream commit + The SSH server code is unchanged and the parsing happens at the SSH + clients side. Thus the full SOCKS-request is sent over the forwarded + channel and the client parses c->output. Parsing happens in + channel_before_prepare_select(), _before_ the select bitmask is + computed in the pre[] handlers, but after network input processing + in the post[] handlers. - more simplification and removal of SSHv1-related code; - ok djm@ + help and ok djm@ - Upstream-ID: d2f041aa0b79c0ebd98c68a01e5a0bfab2cf3b55 + Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89 -commit 2e9c324b3a7f15c092d118c2ac9490939f6228fd -Author: naddy@openbsd.org -Date: Fri May 5 10:41:58 2017 +0000 +commit 36945fa103176c00b39731e1fc1919a0d0808b81 +Author: dtucker@openbsd.org +Date: Wed Sep 20 05:19:00 2017 +0000 upstream commit - remove superfluous protocol 2 mentions; ok jmc@ + Use strsignal in debug message instead of casting for the + benefit of portable where sig_atomic_t might not be int. "much nicer" + deraadt@ - Upstream-ID: 0aaf7567c9f2e50fac5906b6a500a39c33c4664d + Upstream-ID: 2dac6c1e40511c700bd90664cd263ed2299dcf79 -commit 744bde79c3361e2153cb395a2ecdcee6c713585d -Author: djm@openbsd.org -Date: Thu May 4 06:10:57 2017 +0000 +commit 3e8d185af326bf183b6f78597d5e3d2eeb2dc40e +Author: millert@openbsd.org +Date: Tue Sep 19 12:10:30 2017 +0000 upstream commit - since a couple of people have asked, leave a comment - explaining why we retain SSH v.1 support in the "delete all keys from agent" - path. + Use explicit_bzero() instead of bzero() before free() to + prevent the compiler from optimizing away the bzero() call. OK djm@ - Upstream-ID: 4b42dcfa339813c15fe9248a2c1b7ed41c21bbb4 + Upstream-ID: cdc6197e64c9684c7250e23d60863ee1b53cef1d -commit 0c378ff6d98d80bc465a4a6a787670fb9cc701ee +commit 5b8da1f53854c0923ec6e927e86709e4d72737b6 Author: djm@openbsd.org -Date: Thu May 4 01:33:21 2017 +0000 +Date: Tue Sep 19 04:24:22 2017 +0000 upstream commit - another tentacle: cipher_set_key_string() was only ever - used for SSHv1 + fix use-after-free in ~^Z escape handler path, introduced + in channels.c refactor; spotted by millert@ "makes sense" deraadt@ - Upstream-ID: 7fd31eb6c48946f7e7cc12af0699fe8eb637e94a + Upstream-ID: 8fa2cdc65c23ad6420c1e59444b0c955b0589b22 -commit 9a82e24b986e3e0dc70849dbb2c19aa6c707b37f -Author: naddy@openbsd.org -Date: Wed May 3 21:49:18 2017 +0000 +commit a3839d8d2b89ff1a80cadd4dd654336710de2c9e +Author: dtucker@openbsd.org +Date: Mon Sep 18 12:03:24 2017 +0000 upstream commit - restore mistakenly deleted description of the - ConnectionAttempts option ok markus@ + Prevent type mismatch warning in debug on platforms where + sig_atomic_t != int. ok djm@ - Upstream-ID: 943002b1b7c470caea3253ba7b7348c359de0348 + Upstream-ID: 306e2375eb0364a4c68e48f091739bea4f4892ed -commit 768405fddf64ff83aa6ef701ebb3c1f82d98a2f3 -Author: naddy@openbsd.org -Date: Wed May 3 21:08:09 2017 +0000 +commit 30484e5e5f0b63d2c6ba32c6b85f06b6c6fa55fc +Author: dtucker@openbsd.org +Date: Mon Sep 18 09:41:52 2017 +0000 upstream commit - remove miscellaneous SSH1 leftovers; ok markus@ + Add braces missing after channels refactor. ok markus@ - Upstream-ID: af23696022ae4d45a1abc2fb8b490d8d9dd63b7c + Upstream-ID: 72ab325c84e010680dbc88f226e2aa96b11a3980 -commit 1a1b24f8229bf7a21f89df21987433283265527a -Author: jmc@openbsd.org -Date: Wed May 3 10:01:44 2017 +0000 +commit b79569190b9b76dfacc6d996faa482f16e8fc026 +Author: Damien Miller +Date: Tue Sep 19 12:29:23 2017 +1000 - upstream commit - - more protocol 1 bits removed; ok djm + add freezero(3) replacement - Upstream-ID: b5b977eaf756915acb56aef3604a650e27f7c2b9 + ok dtucker@ -commit 2b6f799e9b230cf13a7eefc05ecead7d8569d6b5 -Author: jmc@openbsd.org -Date: Wed May 3 06:32:02 2017 +0000 +commit 161af8f5ec0961b10cc032efb5cc1b44ced5a92e +Author: Damien Miller +Date: Tue Sep 19 10:18:56 2017 +1000 - upstream commit - - more protocol 1 stuff to go; ok djm + move FORTIFY_SOURCE into hardening options group - Upstream-ID: 307a30441d2edda480fd1661d998d36665671e47 + It's still on by default, but now it's possible to turn it off using + --without-hardening. This is useful since it's known to cause problems + with some -fsanitize options. ok dtucker@ -commit f10c0d32cde2084d2a0b19bc47d80cb93e85a093 -Author: jmc@openbsd.org -Date: Tue May 2 17:04:09 2017 +0000 +commit 09eacf856e0fe1a6e3fe597ec8032b7046292914 +Author: bluhm@openbsd.org +Date: Wed Sep 13 14:58:26 2017 +0000 upstream commit - rsa1 is no longer valid; + Print SKIPPED if sudo and doas configuration is missing. + Prevents that running the regression test with wrong environment is reported + as failure. Keep the fatal there to avoid interfering with other setups for + portable ssh. OK dtucker@ - Upstream-ID: 9953d09ed9841c44b7dcf7019fa874783a709d89 + Upstream-Regress-ID: f0dc60023caef496ded341ac5aade2a606fa234e -commit 42b690b4fd0faef78c4d68225948b6e5c46c5163 -Author: jmc@openbsd.org -Date: Tue May 2 14:06:37 2017 +0000 +commit cdede10899892f25f1ccdccd7a3fe5e5ef0aa49a +Author: dtucker@openbsd.org +Date: Mon Aug 7 03:52:55 2017 +0000 upstream commit - add PubKeyAcceptedKeyTypes to the -o list: scp(1) has - it, so i guess this should too; + Remove obsolete privsep=no fallback test. - Upstream-ID: 7fab32e869ca5831d09ab0c40d210b461d527a2c + Upstream-Regress-ID: 7d6e1baa1678ac6be50c2a1555662eb1047638df -commit d852603214defd93e054de2877b20cc79c19d0c6 -Author: jmc@openbsd.org -Date: Tue May 2 13:44:51 2017 +0000 +commit ec218c105daa9f5b192f7aa890fdb2d4fdc4e9d8 +Author: dtucker@openbsd.org +Date: Mon Aug 7 00:53:51 2017 +0000 upstream commit - remove now obsolete protocol1 options from the -o - lists; + Remove non-privsep test since disabling privsep is now + deprecated. - Upstream-ID: 828e478a440bc5f9947672c392420510a362b3dd + Upstream-Regress-ID: 77ad3f3d8d52e87f514a80f285c6c1229b108ce8 -commit 8b60ce8d8111e604c711c4cdd9579ffe0edced74 -Author: jmc@openbsd.org -Date: Tue May 2 09:05:58 2017 +0000 +commit 239c57d5bc2253e27e3e6ad7ac52ec8c377ee24e +Author: dtucker@openbsd.org +Date: Fri Jul 28 10:32:08 2017 +0000 upstream commit - more -O shuffle; ok djm + Don't call fatal from stop_sshd since it calls cleanup + which calls stop_sshd which will probably fail in the same way. Instead, + just bail. Differentiate between sshd dying without cleanup and not shutting + down. - Upstream-ID: c239991a3a025cdbb030b73e990188dd9bfbeceb + Upstream-Regress-ID: f97315f538618b349e2b0bea02d6b0c9196c6bc4 -commit 3575f0b12afe6b561681582fd3c34067d1196231 +commit aea59a0d9f120f2a87c7f494a0d9c51eaa79b8ba Author: djm@openbsd.org -Date: Tue May 2 08:54:19 2017 +0000 +Date: Thu Sep 14 04:32:21 2017 +0000 upstream commit - remove -1 / -2 options; pointed out by jmc@ - - Upstream-ID: 65d2a816000741a95df1c7cfdb5fa8469fcc7daa - -commit 4f1ca823bad12e4f9614895eefe0d0073b84a28f -Author: jmc@openbsd.org -Date: Tue May 2 08:06:33 2017 +0000 - - upstream commit + Revert commitid: gJtIN6rRTS3CHy9b. - remove options -12 from usage(); + ------------- + identify the case where SSHFP records are missing but other DNS RR + types are present and display a more useful error message for this + case; patch by Thordur Bjornsson; bz#2501; ok dtucker@ + ------------- - Upstream-ID: db7ceef25132e63b50ed05289bf447fece1d1270 - -commit 6b84897f7fd39956b849eac7810319d8a9958568 -Author: jmc@openbsd.org -Date: Tue May 2 07:13:31 2017 +0000 - - upstream commit + This caused unexpected failures when VerifyHostKeyDNS=yes, SSHFP results + are missing but the user already has the key in known_hosts - tidy up -O somewhat; ok djm + Spotted by dtucker@ - Upstream-ID: 804405f716bf7ef15c1f36ab48581ca16aeb4d52 + Upstream-ID: 97e31742fddaf72046f6ffef091ec0d823299920 -commit d1c6b7fdbdfe4a7a37ecd48a97f0796b061c2868 -Author: djm@openbsd.org -Date: Mon May 1 22:09:48 2017 +0000 +commit 871f1e4374420b07550041b329627c474abc3010 +Author: Damien Miller +Date: Tue Sep 12 18:01:35 2017 +1000 - upstream commit - - when freeing a bitmap, zero all it bytes; spotted by Ilya - Kaliman - - Upstream-ID: 834ac024f2c82389d6ea6b1c7d6701b3836e28e4 + adapt portable to channels API changes -commit 0f163983016c2988a92e039d18a7569f9ea8e071 +commit 4ec0bb9f9ad7b4eb0af110fa8eddf8fa199e46bb Author: djm@openbsd.org -Date: Mon May 1 14:08:26 2017 +0000 +Date: Tue Sep 12 07:55:48 2017 +0000 upstream commit - this one I did forget to "cvs rm" + unused variable - Upstream-ID: 5781670c0578fe89663c9085ed3ba477cf7e7913 + Upstream-ID: 2f9ba09f2708993d35eac5aa71df910dcc52bac1 -commit 21ed00a8e26fe8a772bcca782175fafc2b0890ed +commit 9145a73ce2ba30c82bbf91d7205bfd112529449f Author: djm@openbsd.org -Date: Mon May 1 09:27:45 2017 +0000 +Date: Tue Sep 12 07:32:04 2017 +0000 upstream commit - don't know why cvs didn't exterminate these the first - time around, I use rm -f and everuthing... - - pointed out by sobrado@ + fix tun/tap forwarding case in previous - Upstream-ID: a6c44a0c2885330d322ee01fcfd7f6f209b1e15d - -commit d29ba6f45086703fdcb894532848ada3427dfde6 -Author: Darren Tucker -Date: Mon May 1 13:53:07 2017 +1000 - - Define INT32_MAX and INT64_MAX if needed. - -commit 329037e389f02ec95c8e16bf93ffede94d3d44ce -Author: Darren Tucker -Date: Mon May 1 13:19:41 2017 +1000 - - Wrap stdint.h in HAVE_STDINT_H + Upstream-ID: 43ebe37a930320e24bca6900dccc39857840bc53 -commit f382362e8dfb6b277f16779ab1936399d7f2af78 +commit 9f53229c2ac97dbc6f5a03657de08a1150a9ac7e Author: djm@openbsd.org -Date: Mon May 1 02:27:11 2017 +0000 +Date: Tue Sep 12 06:35:31 2017 +0000 upstream commit - remove unused variable + Make remote channel ID a u_int - Upstream-ID: 66011f00819d0e71b14700449a98414033284516 + Previously we tracked the remote channel IDs in an int, but this is + strictly incorrect: the wire protocol uses uint32 and there is nothing + in-principle stopping a SSH implementation from sending, say, 0xffff0000. + + In practice everyone numbers their channels sequentially, so this has + never been a problem. + + ok markus@ + + Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73 -commit dd369320d2435b630a5974ab270d686dcd92d024 +commit dbee4119b502e3f8b6cd3282c69c537fd01d8e16 Author: djm@openbsd.org -Date: Sun Apr 30 23:34:55 2017 +0000 +Date: Tue Sep 12 06:32:07 2017 +0000 upstream commit - eliminate explicit specification of protocol in tests and - loops over protocol. We only support SSHv2 now. + refactor channels.c - Upstream-Regress-ID: 0082838a9b8a382b7ee9cbf0c1b9db727784fadd + Move static state to a "struct ssh_channels" that is allocated at + runtime and tracked as a member of struct ssh. + + Explicitly pass "struct ssh" to all channels functions. + + Replace use of the legacy packet APIs in channels.c. + + Rework sshd_config PermitOpen handling: previously the configuration + parser would call directly into the channels layer. After the refactor + this is not possible, as the channels structures are allocated at + connection time and aren't available when the configuration is parsed. + The server config parser now tracks PermitOpen itself and explicitly + configures the channels code later. + + ok markus@ + + Upstream-ID: 11828f161656b965cc306576422613614bea2d8f -commit 557f921aad004be15805e09fd9572969eb3d9321 +commit abd59663df37a42152e37980113ccaa405b9a282 Author: djm@openbsd.org -Date: Sun Apr 30 23:33:48 2017 +0000 +Date: Thu Sep 7 23:48:09 2017 +0000 upstream commit - remove SSHv1 support from unit tests + typo in comment - Upstream-Regress-ID: 395ca2aa48f1f7d23eefff6cb849ea733ca8bbfe + Upstream-ID: a93b1e6f30f1f9b854b5b964b9fd092d0c422c47 -commit e77e1562716fb3da413e4c2397811017b762f5e3 -Author: djm@openbsd.org -Date: Mon May 1 00:03:18 2017 +0000 +commit 149a8cd24ce9dd47c36f571738681df5f31a326c +Author: jmc@openbsd.org +Date: Mon Sep 4 06:34:43 2017 +0000 upstream commit - fixup setting ciphercontext->plaintext (lost in SSHv1 purge), - though it isn't really used for much anymore. + tweak previous; - Upstream-ID: 859b8bce84ff4865b32097db5430349d04b9b747 + Upstream-ID: bb8cc40b61b15f6a13d81da465ac5bfc65cbfc4b -commit f7849e6c83a4e0f602dea6c834a24091c622d68e +commit ec9d22cc251cc5acfe7b2bcef9cc7a1fe0e949d8 Author: Damien Miller -Date: Mon May 1 09:55:56 2017 +1000 +Date: Fri Sep 8 12:44:13 2017 +1000 - remove configure --with-ssh1 + Fuzzer harnesses for sig verify and pubkey parsing + + These are some basic clang libfuzzer harnesses for signature + verification and public key parsing. Some assembly (metaphorical) + required. -commit f4a6a88ddb6dba6d2f7bfb9e2c9879fcc9633043 -Author: djm@openbsd.org -Date: Sun Apr 30 23:29:10 2017 +0000 +commit de35c382894964a896a63ecd5607d3a3b93af75d +Author: Damien Miller +Date: Fri Sep 8 12:38:31 2017 +1000 - upstream commit + Give configure ability to set CFLAGS/LDFLAGS later - flense SSHv1 support from ssh-agent, considerably - simplifying it + Some CFLAGS/LDFLAGS may disrupt the configure script's operation, + in particular santization and fuzzer options that break assumptions + about memory and file descriptor dispositions. - ok markus + This adds two flags to configure --with-cflags-after and + --with-ldflags-after that allow specifying additional compiler and + linker options that are added to the resultant Makefiles but not + used in the configure run itself. - Upstream-ID: 71d772cdcefcb29f76e01252e8361e6fc2dfc365 + E.g. + + env CC=clang-3.9 ./configure \ + --with-cflags-after=-fsantize=address \ + --with-ldflags-after="-g -fsanitize=address" -commit 930e8d2827853bc2e196c20c3e000263cc87fb75 +commit 22376d27a349f62c502fec3396dfe0fdcb2a40b7 Author: djm@openbsd.org -Date: Sun Apr 30 23:28:41 2017 +0000 +Date: Sun Sep 3 23:33:13 2017 +0000 upstream commit - obliterate ssh1.h and some dead code that used it + Expand ssh_config's StrictModes option with two new + settings: - ok markus@ + StrictModes=accept-new will automatically accept hitherto-unseen keys + but will refuse connections for changed or invalid hostkeys. - Upstream-ID: 1ca9159a9fb95618f9d51e069ac8e1131a087343 + StrictModes=off is the same as StrictModes=no + + Motivation: + + StrictModes=no combines two behaviours for host key processing: + automatically learning new hostkeys and continuing to connect to hosts + with invalid/changed hostkeys. The latter behaviour is quite dangerous + since it removes most of the protections the SSH protocol is supposed to + provide. + + Quite a few users want to automatically learn hostkeys however, so + this makes that feature available with less danger. + + At some point in the future, StrictModes=no will change to be a synonym + for accept-new, with its current behaviour remaining available via + StrictModes=off. + + bz#2400, suggested by Michael Samuel; ok markus + + Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64 -commit a3710d5d529a34b8f56aa62db798c70e85d576a0 -Author: djm@openbsd.org -Date: Sun Apr 30 23:28:12 2017 +0000 +commit ff3c42384033514e248ba5d7376aa033f4a2b99a +Author: jmc@openbsd.org +Date: Fri Sep 1 15:41:26 2017 +0000 upstream commit - exterminate the -1 flag from scp - - ok markus@ + remove blank line; - Upstream-ID: 26d247f7065da15056b209cef5f594ff591b89db + Upstream-ID: 2f46b51a0ddb3730020791719e94d3e418e9f423 -commit aebd0abfaa8a41e75d50f9f7934267b0a2d9acb4 +commit b828605d51f57851316d7ba402b4ae06cf37c55d Author: djm@openbsd.org -Date: Sun Apr 30 23:26:54 2017 +0000 +Date: Fri Sep 1 05:53:56 2017 +0000 upstream commit - purge the last traces of SSHv1 from the TTY modes - handling code - - ok markus + identify the case where SSHFP records are missing but + other DNS RR types are present and display a more useful error message for + this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@ - Upstream-ID: 963a19f1e06577377c38a3b7ce468f121b966195 + Upstream-ID: 8f7a5a8344f684823d8317a9708b63e75be2c244 -commit dfa641f758d4b8b2608ab1b00abaf88df0a8e36a +commit 8042bad97e2789a50e8f742c3bcd665ebf0add32 Author: djm@openbsd.org -Date: Sun Apr 30 23:26:16 2017 +0000 +Date: Fri Sep 1 05:50:48 2017 +0000 upstream commit - remove the (in)famous SSHv1 CRC compensation attack - detector. + document available AuthenticationMethods; bz#2453 ok + dtucker@ - Despite your cameo in The Matrix movies, you will not be missed. + Upstream-ID: 2c70576f237bb699aff59889dbf2acba4276d3d0 + +commit 71e5a536ec815d542b199f2ae6d646c0db9f1b58 +Author: djm@openbsd.org +Date: Wed Aug 30 03:59:08 2017 +0000 + + upstream commit - ok markus + pass packet state down to some of the channels function + (more to come...); ok markus@ - Upstream-ID: 44261fce51a56d93cdb2af7b6e184be629f667e0 + Upstream-ID: d8ce7a94f4059d7ac1e01fb0eb01de0c4b36c81b -commit e5d3bd36ef67d82092861f39b5bf422cb12b31a6 -Author: djm@openbsd.org -Date: Sun Apr 30 23:25:03 2017 +0000 +commit 6227fe5b362239c872b91bbdee4bf63cf85aebc5 +Author: jmc@openbsd.org +Date: Tue Aug 29 13:05:58 2017 +0000 upstream commit - undo some local debugging stuff that I committed by - accident + sort options; - Upstream-ID: fe5b31f69a60d47171836911f144acff77810217 + Upstream-ID: cf21d68cf54e81968bca629aaeddc87f0c684f3c -commit 3d6d09f2e90f4ad650ebda6520bf2da446f37f14 -Author: djm@openbsd.org -Date: Sun Apr 30 23:23:54 2017 +0000 +commit 530591a5795a02d01c78877d58604723918aac87 +Author: dlg@openbsd.org +Date: Tue Aug 29 09:42:29 2017 +0000 upstream commit - remove SSHv1 support from packet and buffer APIs + add a -q option to ssh-add to make it quiet on success. - ok markus@ + if you want to silence ssh-add without this you generally redirect + the output to /dev/null, but that can hide error output which you + should see. - Upstream-ID: bfc290053d40b806ecac46317d300677d80e1dc9 + ok djm@ + + Upstream-ID: 2f31b9b13f99dcf587e9a8ba443458e6c0d8997c -commit 05164358577c82de18ed7373196bc7dbd8a3f79c -Author: djm@openbsd.org -Date: Sun Apr 30 23:21:54 2017 +0000 +commit a54eb27dd64b5eca3ba94e15cec3535124bd5029 +Author: dtucker@openbsd.org +Date: Sun Aug 27 00:38:41 2017 +0000 upstream commit - remove SSHv1-related buffers from client code + Increase the buffer sizes for user prompts to ensure that + they won't be truncated by snprintf. Based on patch from cjwatson at + debian.org via bz#2768, ok djm@ - Upstream-ID: dca5d01108f891861ceaf7ba1c0f2eb274e0c7dd + Upstream-ID: 6ffacf1abec8f40b469de5b94bfb29997d96af3e -commit 873d3e7d9a4707d0934fb4c4299354418f91b541 -Author: djm@openbsd.org -Date: Sun Apr 30 23:18:44 2017 +0000 +commit dd9d9b3381a4597b840d480b043823112039327e +Author: Darren Tucker +Date: Mon Aug 28 16:48:27 2017 +1000 - upstream commit + Switch Capsicum header to sys/capsicum.h. - remove KEY_RSA1 + FreeBSD's was renamed to in 2014 to + avoid future conflicts with POSIX capabilities (the last release that + didn't have it was 9.3) so switch to that. Patch from des at des.no. + +commit f5e917ab105af5dd6429348d9bc463e52b263f92 +Author: Darren Tucker +Date: Sun Aug 27 08:55:40 2017 +1000 + + Add missing includes for bsd-err.c. - ok markus@ + Patch from cjwatson at debian.org via bz#2767. + +commit 878e029797cfc9754771d6f6ea17f8c89e11d225 +Author: Damien Miller +Date: Fri Aug 25 13:25:01 2017 +1000 + + Split platform_sys_dir_uid into its own file - Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133 + platform.o is too heavy for libssh.a use; it calls into the server on + many platforms. Move just the function needed by misc.c into its own + file. -commit 788ac799a6efa40517f2ac0d895a610394298ffc -Author: djm@openbsd.org -Date: Sun Apr 30 23:18:22 2017 +0000 +commit 07949bfe9133234eddd01715592aa0dde67745f0 +Author: Damien Miller +Date: Wed Aug 23 20:13:18 2017 +1000 - upstream commit - - remove SSHv1 configuration options and man pages bits - - ok markus@ - - Upstream-ID: 84638c23546c056727b7a7d653c72574e0f19424 + misc.c needs functions from platform.c now -commit e6882463a8ae0594aacb6d6575a6318a41973d84 +commit b074c3c3f820000a21953441cea7699c4b17d72f Author: djm@openbsd.org -Date: Sun Apr 30 23:17:37 2017 +0000 +Date: Fri Aug 18 05:48:04 2017 +0000 upstream commit - remove SSH1 make flag and associated files ok markus@ + add a "quiet" flag to exited_cleanly() that supresses + errors about exit status (failure due to signal is still reported) - Upstream-ID: ba9feacc5787337c413db7cf26ea3d53f854cfef + Upstream-ID: db85c39c3aa08e6ff67fc1fb4ffa89f807a9d2f0 -commit cdccebdf85204bf7542b7fcc1aa2ea3f36661833 +commit de4ae07f12dabf8815ecede54235fce5d22e3f63 Author: djm@openbsd.org -Date: Sun Apr 30 23:15:04 2017 +0000 +Date: Fri Aug 18 05:36:45 2017 +0000 upstream commit - remove SSHv1 ciphers; ok markus@ + Move several subprocess-related functions from various + locations to misc.c. Extend subprocess() to offer a little more control over + stdio disposition. - Upstream-ID: e5ebc5e540d7f23a8c1266db1839794d4d177890 + feedback & ok dtucker@ + + Upstream-ID: 3573dd7109d13ef9bd3bed93a3deb170fbfce049 -commit 97f4d3083b036ce3e68d6346a6140a22123d5864 +commit 643c2ad82910691b2240551ea8b14472f60b5078 Author: djm@openbsd.org -Date: Sun Apr 30 23:13:25 2017 +0000 +Date: Sat Aug 12 06:46:01 2017 +0000 upstream commit - remove compat20/compat13/compat15 variables + make "--" before the hostname terminate command-line + option processing completely; previous behaviour would not prevent further + options appearing after the hostname (ssh has a supported options after the + hostname for >20 years, so that's too late to change). - ok markus@ + ok deraadt@ - Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c + Upstream-ID: ef5ee50571b98ad94dcdf8282204e877ec88ad89 -commit 99f95ba82673d33215dce17bfa1512b57f54ec09 +commit 0f3455356bc284d7c6f4d3c1614d31161bd5dcc2 Author: djm@openbsd.org -Date: Sun Apr 30 23:11:45 2017 +0000 +Date: Sat Aug 12 06:42:52 2017 +0000 upstream commit - remove options.protocol and client Protocol - configuration knob - - ok markus@ + Switch from aes256-cbc to aes256-ctr for encrypting + new-style private keys. The latter having the advantage of being supported + for no-OpenSSL builds; bz#2754 ok markus@ - Upstream-ID: 5a967f5d06e2d004b0235457b6de3a9a314e9366 + Upstream-ID: 54179a2afd28f93470471030567ac40431e56909 -commit 56912dea6ef63dae4eb1194e5d88973a7c6c5740 +commit c4972d0a9bd6f898462906b4827e09b7caea2d9b Author: djm@openbsd.org -Date: Sun Apr 30 23:10:43 2017 +0000 +Date: Fri Aug 11 04:47:12 2017 +0000 upstream commit - unifdef WITH_SSH1 ok markus@ + refuse to a private keys when its corresponding .pub key + does not match. bz#2737 ok dtucker@ - Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7 + Upstream-ID: 54ff5e2db00037f9db8d61690f26ef8f16e0d913 -commit d4084cd230f7319056559b00db8b99296dad49d5 -Author: jmc@openbsd.org -Date: Sat Apr 29 06:06:01 2017 +0000 +commit 4b3ecbb663c919132dddb3758e17a23089413519 +Author: djm@openbsd.org +Date: Fri Aug 11 04:41:08 2017 +0000 upstream commit - tweak previous; + don't print verbose error message when ssh disconnects + under sftp; bz#2750; ok dtucker@ - Upstream-ID: a3abc6857455299aa42a046d232b7984568bceb9 + Upstream-ID: 6d83708aed77b933c47cf155a87dc753ec01f370 -commit 249516e428e8461b46340a5df5d5ed1fbad2ccce -Author: djm@openbsd.org -Date: Sat Apr 29 04:12:25 2017 +0000 +commit 42a8f8bc288ef8cac504c5c73f09ed610bc74a34 +Author: dtucker@openbsd.org +Date: Fri Aug 11 04:16:35 2017 +0000 upstream commit - allow ssh-keygen to include arbitrary string or flag - certificate extensions and critical options. ok markus@ dtucker@ + Tweak previous keepalive commit: if last_time + keepalive + <= now instead of just "<" so client_alive_check will fire if the select + happens to return on exact second of the timeout. ok djm@ - Upstream-ID: 2cf28dd6c5489eb9fc136e0b667ac3ea10241646 + Upstream-ID: e02756bd6038d11bb8522bfd75a4761c3a684fcc -commit 47a287bb6ac936c26b4f3ae63279c02902ded3b9 -Author: jmc@openbsd.org -Date: Fri Apr 28 06:15:03 2017 +0000 +commit b60ff20051ef96dfb207b6bfa45c0ad6c34a542a +Author: dtucker@openbsd.org +Date: Fri Aug 11 03:58:36 2017 +0000 upstream commit - sort; + Keep track of the last time we actually heard from the + client and use this to also schedule a client_alive_check(). Prevents + activity on a forwarded port from indefinitely preventing the select timeout + so that client_alive_check() will eventually (although not optimally) be + called. - Upstream-ID: 7e6b56e52b039cf44d0418e9de9aca20a2d2d15a - -commit 36465a76a79ad5040800711b41cf5f32249d5120 -Author: Darren Tucker -Date: Fri Apr 28 14:44:28 2017 +1000 - - Typo. + Analysis by willchan at google com via bz#2756, feedback & ok djm@ - Upstream-Regress-ID: 1e6b51ddf767cbad0a4e63eb08026c127e654308 + Upstream-ID: c08721e0bbda55c6d18e2760f3fe1b17fb71169e -commit 9d18cb7bdeb00b20205fd13d412aae8c0e0457ed -Author: Darren Tucker -Date: Fri Apr 28 14:41:17 2017 +1000 +commit 94bc1e7ffba3cbdea8c7dcdab8376bf29283128f +Author: Damien Miller +Date: Fri Jul 28 14:50:59 2017 +1000 - Add 2 regress commits I applied by hand. + Expose list of completed auth methods to PAM - Upstream-Regress-ID: 30c20180c87cbc99fa1020489fe7fd8245b6420c - Upstream-Regress-ID: 1e6b51ddf767cbad0a4e63eb08026c127e654308 + bz#2408; ok dtucker@ -commit 9504ea6b27f9f0ece64e88582ebb9235e664a100 -Author: Darren Tucker -Date: Fri Apr 28 14:33:43 2017 +1000 +commit c78e6eec78c88acf8d51db90ae05a3e39458603d +Author: Damien Miller +Date: Fri Jul 21 14:38:16 2017 +1000 - Merge integrity.sh rev 1.22. + fix problems in tunnel forwarding portability code - Merge missing bits from Colin Watson's patch in bz#2658 which make integrity - tests more robust against timeouts. ok djm@ - -commit 06ec837a34542627e2183a412d6a9d2236f22140 -Author: Darren Tucker -Date: Fri Apr 28 14:30:03 2017 +1000 - - Id sync for integrity.sh rev 1.21 which pulls in some shell portability fixes + This fixes a few problems in the tun forwarding code, mostly to do + with host/network byte order confusion. + + Based on a report and patch by stepe AT centaurus.uberspace.de; + bz#2735; ok dtucker@ -commit e0194b471efe7d3daedc9cc66686cb1ab69d3be8 -Author: jsg@openbsd.org -Date: Mon Apr 17 11:02:31 2017 +0000 +commit 2985d4062ebf4204bbd373456a810d558698f9f5 +Author: dtucker@openbsd.org +Date: Tue Jul 25 09:22:25 2017 +0000 upstream commit - Change COMPILER_VERSION tests which limited additional - warnings to gcc4 to instead skip them on gcc3 as clang can handle - -Wpointer-sign and -Wold-style-definition. + Make WinSCP patterns for SSH_OLD_DHGEX more specific to + exclude WinSCP 5.10.x and up. bz#2748, from martin at winscp.net, ok djm@ - Upstream-Regress-ID: e48d7dc13e48d9334b8195ef884dfbc51316012f + Upstream-ID: 6fd7c32e99af3952db007aa180e73142ddbc741a -commit 6830be90e71f46bcd182a9202b151eaf2b299434 +commit 9f0e44e1a0439ff4646495d5735baa61138930a9 Author: djm@openbsd.org -Date: Fri Apr 28 03:24:53 2017 +0000 +Date: Mon Jul 24 04:34:28 2017 +0000 upstream commit - include key fingerprint in "Offering public key" debug - message + g/c unused variable; make a little more portable - Upstream-ID: 964749f820c2ed4cf6a866268b1a05e907315c52 + Upstream-ID: 3f5980481551cb823c6fb2858900f93fa9217dea -commit 066437187e16dcafcbc19f9402ef0e6575899b1d -Author: millert@openbsd.org -Date: Fri Apr 28 03:21:12 2017 +0000 +commit 51676ec61491ec6d7cbd06082034e29b377b3bf6 +Author: djm@openbsd.org +Date: Sun Jul 23 23:37:02 2017 +0000 upstream commit - Avoid relying on implementation-specific behavior when - detecting whether the timestamp or file size overflowed. If time_t and off_t - are not either 32-bit or 64-bit scp will exit with an error. OK djm@ + Allow IPQoS=none in ssh/sshd to not set an explicit + ToS/DSCP value and just use the operating system default; ok dtucker@ - Upstream-ID: f31caae73ddab6df496b7bbbf7da431e267ad135 + Upstream-ID: 77906ff8c7b660b02ba7cb1e47b17d66f54f1f7e -commit 68d3a2a059183ebd83b15e54984ffaced04d2742 -Author: dtucker@openbsd.org -Date: Fri Apr 28 03:20:27 2017 +0000 +commit 6c1fbd5a50d8d2415f06c920dd3b1279b741072d +Author: Damien Miller +Date: Fri Jul 21 14:24:26 2017 +1000 - upstream commit - - Add SyslogFacility option to ssh(1) matching the - equivalent option in sshd(8). bz#2705, patch from erahn at arista.com, ok - djm@ - - Upstream-ID: d5115c2c0193ceb056ed857813b2a7222abda9ed + mention libedit -commit e13aad66e73a14b062d13aee4e98f1e21a3f6a14 -Author: jsg@openbsd.org -Date: Thu Apr 27 13:40:05 2017 +0000 +commit dc2bd308768386b02c7337120203ca477e67ba62 +Author: markus@openbsd.org +Date: Wed Jul 19 08:30:41 2017 +0000 upstream commit - remove a static array unused since rev 1.306 spotted by - clang ok djm@ + fix support for unknown key types; ok djm@ - Upstream-ID: 249b3eed2446f6074ba2219ccc46919dd235a7b8 + Upstream-ID: 53fb29394ed04d616d65b3748dee5aa06b07ab48 -commit 91bd2181866659f00714903e78e1c3edd4c45f3d -Author: millert@openbsd.org -Date: Thu Apr 27 11:53:12 2017 +0000 +commit fd0e8fa5f89d21290b1fb5f9d110ca4f113d81d9 +Author: djm@openbsd.org +Date: Wed Jul 19 01:15:02 2017 +0000 upstream commit - Avoid potential signed int overflow when parsing the file - size. Use strtoul() instead of parsing manually. OK djm@ + switch from select() to poll() for the ssh-agent + mainloop; ok markus - Upstream-ID: 1f82640861c7d905bbb05e7d935d46b0419ced02 + Upstream-ID: 4a94888ee67b3fd948fd10693973beb12f802448 -commit 17a54a03f5a1d35e33cc24e22cd7a9d0f6865dc4 -Author: Darren Tucker -Date: Tue Apr 25 08:32:27 2017 +1000 +commit b1e72df2b813ecc15bd0152167bf4af5f91c36d3 +Author: dtucker@openbsd.org +Date: Fri Jul 14 03:18:21 2017 +0000 - Fix typo in "socketcall". + upstream commit - Pointed out by jjelen at redhat.com. + Make ""Killed by signal 1" LogLevel verbose so it's not + shown at the default level. Prevents it from appearing during ssh -J and + equivalent ProxyCommand configs. bz#1906, bz#2744, feedback&ok markus@ + + Upstream-ID: debfaa7e859b272246c2f2633335d288d2e2ae28 -commit 8b0eee148f7cf8b248c30d1bae57300f2cc5aafd -Author: Darren Tucker -Date: Mon Apr 24 19:40:31 2017 +1000 +commit 1f3d202770a08ee6752ed2a234b7ca6f180eb498 +Author: jmc@openbsd.org +Date: Thu Jul 13 19:16:33 2017 +0000 - Deny socketcall in seccomp filter on ppc64le. + upstream commit - OpenSSL is using socket() calls (in FIPS mode) when handling ECDSA keys - in privsep child. The socket() syscall is already denied in the seccomp - filter, but in ppc64le kernel, it is implemented using socketcall() - syscall, which is not denied yet (only SYS_SHUTDOWN is allowed) and - therefore fails hard. + man pages with pseudo synopses which list filenames end + up creating very ugly output in man -k; after some discussion with ingo, we + feel the simplest fix is to remove such SYNOPSIS sections: the info is hardly + helpful at page top, is contained already in FILES, and there are + sufficiently few that just zapping them is simple; - Patch from jjelen at redhat.com. + ok schwarze, who also helpfully ran things through a build to check + output; + + Upstream-ID: 3e211b99457e2f4c925c5927d608e6f97431336c -commit f8500b2be599053daa05248a86a743232ec6a536 -Author: schwarze@openbsd.org -Date: Mon Apr 17 14:31:23 2017 +0000 +commit 7f13a4827fb28957161de4249bd6d71954f1f2ed +Author: espie@openbsd.org +Date: Mon Jul 10 14:09:59 2017 +0000 upstream commit - Recognize nl_langinfo(CODESET) return values "646" and "" - as aliases for "US-ASCII", useful for different versions of NetBSD and - Solaris. Found by dtucker@ and by Tom G. Christensen . OK dtucker@ deraadt@ + zap redundant Makefile variables. okay djm@ - Upstream-ID: 38c2133817cbcae75c88c63599ac54228f0fa384 + Upstream-ID: e39b3902fe1d6c4a7ba6a3c58e072219f3c1e604 -commit 7480dfedf8c5c93baaabef444b3def9331e86ad5 -Author: jsg@openbsd.org -Date: Mon Apr 17 11:02:31 2017 +0000 +commit dc44dd3a9e2c9795394e6a7e1e71c929cbc70ce0 +Author: jmc@openbsd.org +Date: Sat Jul 8 18:32:54 2017 +0000 upstream commit - Change COMPILER_VERSION tests which limited additional - warnings to gcc4 to instead skip them on gcc3 as clang can handle - -Wpointer-sign and -Wold-style-definition. + slightly rework previous, to avoid an article issue; - Upstream-ID: 5cbe348aa76dc1adf55be6c0e388fafaa945439a + Upstream-ID: 15a315f0460ddd3d4e2ade1f16d6c640a8c41b30 -commit 4d827f0d75a53d3952288ab882efbddea7ffadfe +commit 853edbe057a84ebd0024c8003e4da21bf2b469f7 Author: djm@openbsd.org -Date: Tue Apr 4 00:24:56 2017 +0000 +Date: Fri Jul 7 03:53:12 2017 +0000 upstream commit - disallow creation (of empty files) in read-only mode; - reported by Michal Zalewski, feedback & ok deraadt@ + When generating all hostkeys (ssh-keygen -A), clobber + existing keys if they exist but are zero length. zero-length keys could + previously be made if ssh-keygen failed part way through generating them, so + avoid that case too. bz#2561 reported by Krzysztof Cieplucha; ok dtucker@ - Upstream-ID: 5d9c8f2fa8511d4ecf95322994ffe73e9283899b + Upstream-ID: f662201c28ab8e1f086b5d43c59cddab5ade4044 -commit ef47843af0a904a21c920e619c5aec97b65dd9ac -Author: deraadt@openbsd.org -Date: Sun Mar 26 00:18:52 2017 +0000 +commit 43616876ba68a2ffaece6a6c792def4b039f2d6e +Author: djm@openbsd.org +Date: Sat Jul 1 22:55:44 2017 +0000 upstream commit - incorrect renditions of this quote bother me + actually remove these files - Upstream-ID: 1662be3ebb7a71d543da088119c31d4d463a9e49 + Upstream-ID: 1bd41cba06a7752de4df304305a8153ebfb6b0ac -commit d9048861bea842c4eba9c2dbbf97064cc2a5ef02 -Author: Darren Tucker -Date: Fri Mar 31 11:04:43 2017 +1100 +commit 83fa3a044891887369ce8b487ce88d713a04df48 +Author: djm@openbsd.org +Date: Sat Jul 1 13:50:45 2017 +0000 - Check for and use gcc's -pipe. + upstream commit - Speeds up configure and build by a couple of percent. ok djm@ - -commit 282cad2240c4fbc104c2f2df86d688192cbbe4bb -Author: Darren Tucker -Date: Wed Mar 29 16:34:44 2017 +1100 - - Import fmt_scaled.c rev 1.16 from OpenBSD. + remove post-SSHv1 removal dead code from rsa.c and merge + the remaining bit that it still used into ssh-rsa.c; ok markus - Fix overly-conservative overflow checks on mulitplications and add checks - on additions. This allows scan_scaled to work up to +/-LLONG_MAX (LLONG_MIN - will still be flagged as a range error). ok millert@ + Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f -commit c73a229e4edf98920f395e19fd310684fc6bb951 -Author: Darren Tucker -Date: Wed Mar 29 16:34:02 2017 +1100 +commit 738c73dca2c99ee78c531b4cbeefc2008fe438f0 +Author: Damien Miller +Date: Fri Jul 14 14:26:36 2017 +1000 - Import fmt_scaled.c rev 1.15 from OpenBSD. - - Collapse underflow and overflow checks into a single block. - ok djm@ millert@ + make explicit_bzero/memset safe for sz=0 -commit d427b73bf5a564f663d16546dbcbd84ba8b9d4af -Author: Darren Tucker -Date: Wed Mar 29 16:32:57 2017 +1100 +commit 8433d51e067e0829f5521c0c646b6fd3fe17e732 +Author: Tim Rice +Date: Tue Jul 11 18:47:56 2017 -0700 - Import fmt_scaled.c rev 1.14 from OpenBSD. - - Catch integer underflow in scan_scaled reported by Nicolas Iooss. - ok deraadt@ djm@ + modified: configure.ac + UnixWare needs BROKEN_TCGETATTR_ICANON like Solaris + Analysis by Robbie Zhang -commit d13281f2964abc5f2e535e1613c77fc61b0c53e7 -Author: Darren Tucker -Date: Wed Mar 29 12:39:39 2017 +1100 +commit ff3507aea9c7d30cd098e7801e156c68faff7cc7 +Author: Damien Miller +Date: Fri Jul 7 11:21:27 2017 +1000 - Don't check privsep user or path when unprivileged - - If running with privsep (mandatory now) as a non-privileged user, we - don't chroot or change to an unprivileged user however we still checked - the existence of the user and directory. Don't do those checks if we're - not going to use them. Based in part on a patch from Lionel Fourquaux - via Corinna Vinschen, ok djm@ + typo -commit f2742a481fe151e493765a3fbdef200df2ea7037 -Author: Darren Tucker -Date: Wed Mar 29 10:50:31 2017 +1100 +commit d79bceb9311a9c137d268f5bc481705db4151810 +Author: dtucker@openbsd.org +Date: Fri Jun 30 04:17:23 2017 +0000 - Remove SHA256 EVP wrapper implementation. + upstream commit - All supported versions of OpenSSL should now have SHA256 so remove our - EVP wrapper implementaion. ok djm@ - -commit 5346f271fc76549caf4a8e65b5fba319be422fe9 -Author: Darren Tucker -Date: Wed Mar 29 10:23:58 2017 +1100 - - Remove check for OpenSSL < 0.9.8g. + Only call close once in confree(). ssh_packet_close will + close the FD so only explicitly close non-SSH channels. bz#2734, from + bagajjal at microsoft.com, ok djm@ - We no longer support OpenSSL < 1.0.1 so remove check for unreliable ECC - in OpenSSL < 0.9.8g. + Upstream-ID: a81ce0c8b023527167739fccf1732b154718ab02 -commit 8fed0a5fe7b4e78a6810b133d8e91be9742ee0a1 +commit 197dc9728f062e23ce374f44c95a2b5f9ffa4075 Author: Darren Tucker -Date: Wed Mar 29 10:16:15 2017 +1100 +Date: Thu Jun 29 15:40:25 2017 +1000 - Remove compat code for OpenSSL < 0.9.7. - - Resyncs that code with OpenBSD upstream. + Update link for my patches. -commit 608ec1f62ff22fdccc3952e51463d79c43cbd0d3 -Author: Darren Tucker -Date: Wed Mar 29 09:50:54 2017 +1100 +commit a98339edbc1fc21342a390f345179a9c3031bef7 +Author: djm@openbsd.org +Date: Wed Jun 28 01:09:22 2017 +0000 - Remove SSHv1 code path. + upstream commit - Server-side support for Protocol 1 has been removed so remove !compat20 - PAM code path. - -commit 7af27bf538cbc493d609753f9a6d43168d438f1b -Author: Darren Tucker -Date: Fri Mar 24 09:44:56 2017 +1100 - - Enable ldns when using ldns-config. + Allow ssh-keygen to use a key held in ssh-agent as a CA when + signing certificates. bz#2377 ok markus - Actually enable ldns when attempting to use ldns-config. bz#2697, patch - from fredrik at fornwall.net. + Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f -commit 58b8cfa2a062b72139d7229ae8de567f55776f24 -Author: Damien Miller -Date: Wed Mar 22 12:43:02 2017 +1100 +commit c9cdef35524bd59007e17d5bd2502dade69e2dfb +Author: djm@openbsd.org +Date: Sat Jun 24 06:35:24 2017 +0000 - Missing header on Linux/s390 + upstream commit - Patch from Jakub Jelen + regress test for ExposeAuthInfo + + Upstream-Regress-ID: 190e5b6866376f4061c411ab157ca4d4e7ae86fd -commit 096fb65084593f9f3c1fc91b6d9052759a272a00 +commit f17ee61cad25d210edab69d04ed447ad55fe80c1 Author: djm@openbsd.org -Date: Mon Mar 20 22:08:06 2017 +0000 +Date: Sat Jun 24 07:08:57 2017 +0000 upstream commit - remove /usr/bin/time calls around tests, makes diffing test - runs harder. Based on patch from Mike Frysinger + correct env var name - Upstream-Regress-ID: 81c1083b14dcf473b23d2817882f40b346ebc95c + Upstream-ID: 721e761c2b1d6a4dcf700179f16fd53a1dadb313 -commit 6b853c6f8ba5eecc50f3b57af8e63f8184eb0fa6 -Author: Damien Miller -Date: Tue Mar 21 08:47:55 2017 +1100 +commit 40962198e3b132cecdb32e9350acd4294e6a1082 +Author: jmc@openbsd.org +Date: Sat Jun 24 06:57:04 2017 +0000 - Fix syntax error on Linux/X32 + upstream commit - Patch from Mike Frysinger - -commit d38f05dbdd291212bc95ea80648b72b7177e9f4e -Author: Darren Tucker -Date: Mon Mar 20 13:38:27 2017 +1100 - - Add llabs() implementation. - -commit 72536316a219b7394996a74691a5d4ec197480f7 -Author: Damien Miller -Date: Mon Mar 20 12:23:04 2017 +1100 - - crank version numbers + spelling; + + Upstream-ID: 606f933c8e2d0be902ea663946bc15e3eee40b25 -commit 3be52bc36bdfd24ded7e0f46999e7db520fb4e3f +commit 33f86265d7e8a0e88d3a81745d746efbdd397370 Author: djm@openbsd.org -Date: Mon Mar 20 01:18:59 2017 +0000 +Date: Sat Jun 24 06:38:11 2017 +0000 upstream commit - openssh-7.5 + don't pass pointer to struct sshcipher between privsep + processes, just redo the lookup in each using the already-passed cipher name. + bz#2704 based on patch from Brooks Davis; ok markus dtucker - Upstream-ID: b8b9a4a949427c393cd868215e1724ceb3467ee5 + Upstream-ID: 2eab434c09bdf549dafd7da3e32a0d2d540adbe0 -commit db84e52fe9cfad57f22e7e23c5fbf00092385129 -Author: Damien Miller -Date: Mon Mar 20 12:07:20 2017 +1100 +commit 8f574959272ac7fe9239c4f5d10fd913f8920ab0 +Author: djm@openbsd.org +Date: Sat Jun 24 06:34:38 2017 +0000 - I'm a doofus. + upstream commit - Unbreak obvious syntax error. - -commit 89f04852db27643717c9c3a2b0dde97ae50099ee -Author: Damien Miller -Date: Mon Mar 20 11:53:34 2017 +1100 - - on Cygwin, check paths from server for backslashes + refactor authentication logging - Pointed out by Jann Horn of Google Project Zero - -commit 7ef1f9bafc2cc8d97ff2fbd4f280002b6e8ea5d9 -Author: Damien Miller -Date: Mon Mar 20 11:48:34 2017 +1100 - - Yet another synonym for ASCII: "646" + optionally record successful auth methods and public credentials + used in a file accessible to user sessions - Used by NetBSD; this unbreaks mprintf() and friends there for the C - locale (caught by dtucker@ and his menagerie of test systems). + feedback and ok markus@ + + Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb -commit 9165abfea3f68a0c684a6ed2e575e59bc31a3a6b -Author: Damien Miller -Date: Mon Mar 20 09:58:34 2017 +1100 +commit e2004d4bb7eb01c663dd3a3e7eb224f1ccdc9bba +Author: jmc@openbsd.org +Date: Sat Jun 24 06:28:50 2017 +0000 - create test mux socket in /tmp + upstream commit - Creating the socket in $OBJ could blow past the (quite limited) - path limit for Unix domain sockets. As a bandaid for bz#2660, - reported by Colin Watson; ok dtucker@ + word fix; + + Upstream-ID: 8539bdaf2366603a34a9b2f034527ca13bb795c5 -commit 2adbe1e63bc313d03e8e84e652cc623af8ebb163 -Author: markus@openbsd.org -Date: Wed Mar 15 07:07:39 2017 +0000 +commit 4540428cd0adf039bcf5a8a27f2d5cdf09191513 +Author: djm@openbsd.org +Date: Sat Jun 24 05:37:44 2017 +0000 upstream commit - disallow KEXINIT before NEWKEYS; ok djm; report by - vegard.nossum at oracle.com + switch sshconnect.c from (slightly abused) select() to + poll(); ok deraadt@ a while back - Upstream-ID: 3668852d1f145050e62f1da08917de34cb0c5234 + Upstream-ID: efc1937fc591bbe70ac9e9542bb984f354c8c175 -commit 2fbf91684d76d38b9cf06550b69c9e41bca5a71c -Author: Darren Tucker -Date: Thu Mar 16 14:05:46 2017 +1100 +commit 6f8ca3b92540fa1a9b91670edc98d15448e3d765 +Author: djm@openbsd.org +Date: Sat Jun 24 05:35:05 2017 +0000 - Include includes.h for compat bits. + upstream commit + + use HostKeyAlias if specified instead of hostname for + matching host certificate principal names; bz#2728; ok dtucker@ + + Upstream-ID: dc2e11c83ae9201bbe74872a0c895ae9725536dd -commit b55f634e96b9c5b0cd991e23a9ca181bec4bdbad -Author: Darren Tucker -Date: Thu Mar 16 13:45:17 2017 +1100 +commit 8904ffce057b80a7472955f1ec00d7d5c250076c +Author: djm@openbsd.org +Date: Sat Jun 24 05:24:11 2017 +0000 - Wrap stdint.h in #ifdef HAVE_STDINT_H + upstream commit + + no need to call log_init to reinitialise logged PID in + child sessions, since we haven't called openlog() in log_init() since 1999; + ok markus@ + + Upstream-ID: 0906e4002af5d83d3d544df75e1187c932a3cf2e -commit 55a1117d7342a0bf8b793250cf314bab6b482b99 -Author: Damien Miller -Date: Thu Mar 16 11:22:42 2017 +1100 +commit e238645d789cd7eb47541b66aea2a887ea122c9b +Author: mestre@openbsd.org +Date: Fri Jun 23 07:24:48 2017 +0000 - Adapt Cygwin config script to privsep knob removal + upstream commit - Patch from Corinna Vinschen. + When using the escape sequence &~ the code path is + client_loop() -> client_simple_escape_filter() -> process_escapes() -> fork() + and the pledge for this path lacks the proc promise and therefore aborts the + process. The solution is to just add proc the promise to this specific + pledge. + + Reported by Gregoire Jadi gjadi ! omecha.info + Insight with tb@, OK jca@ + + Upstream-ID: 63c05e30c28209519f476023b65b0b1b0387a05b -commit 1a321bfdb91defe3c4d9cca5651724ae167e5436 -Author: deraadt@openbsd.org -Date: Wed Mar 15 03:52:30 2017 +0000 +commit 5abbb31c4e7a6caa922cc1cbb14e87a77f9d19d3 +Author: dtucker@openbsd.org +Date: Fri Jun 23 03:30:42 2017 +0000 upstream commit - accidents happen to the best of us; ok djm + Import regenerated moduli. - Upstream-ID: b7a9dbd71011ffde95e06f6945fe7197dedd1604 + Upstream-ID: b25bf747544265b39af74fe0716dc8d9f5b63b95 -commit 25f837646be8c2017c914d34be71ca435dfc0e07 -Author: djm@openbsd.org -Date: Wed Mar 15 02:25:09 2017 +0000 +commit 849c5468b6d9b4365784c5dd88e3f1fb568ba38f +Author: dtucker@openbsd.org +Date: Fri Jun 23 03:25:53 2017 +0000 upstream commit - fix regression in 7.4: deletion of PKCS#11-hosted keys - would fail unless they were specified by full physical pathname. Report and - fix from Jakub Jelen via bz#2682; ok dtucker@ + Run the screen twice so we end up with more candidate + groups. ok djm@ - Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268 + Upstream-ID: b92c93266d8234d493857bb822260dacf4366157 -commit a8c5eeacf032a7d3408957e45dd7603cc1baf55f -Author: djm@openbsd.org -Date: Wed Mar 15 02:19:09 2017 +0000 +commit 4626e39c7053c6486c1c8b708ec757e464623f5f +Author: dtucker@openbsd.org +Date: Wed Jun 14 00:31:38 2017 +0000 upstream commit - Fix segfault when sshd attempts to load RSA1 keys (can - only happen when protocol v.1 support is enabled for the client). Reported by - Jakub Jelen in bz#2686; ok dtucker + Add user@host prefix to client's "Permisison denied" + messages, useful in particular when using "stacked" connections where it's + not clear which host is denying. bz#2720, ok djm@ markus@ - Upstream-ID: 8fdaec2ba4b5f65db1d094f6714ce64b25d871d7 + Upstream-ID: de88e1e9dcb050c98e85377482d1287a9fe0d2be -commit 66705948c0639a7061a0d0753266da7685badfec +commit c948030d54911b2d3cddb96a7a8e9269e15d11cd Author: djm@openbsd.org -Date: Tue Mar 14 07:19:07 2017 +0000 +Date: Tue Jun 13 12:13:59 2017 +0000 upstream commit - Mark the sshd_config UsePrivilegeSeparation option as - deprecated, effectively making privsep mandatory in sandboxing mode. ok - markus@ deraadt@ + Do not require that unknown EXT_INFO extension values not + contain \0 characters. This would cause fatal connection errors if an + implementation sent e.g. string-encoded sub-values inside a value. - (note: this doesn't remove the !privsep code paths, though that will - happen eventually). + Reported by Denis Bider; ok markus@ - Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a + Upstream-ID: 030e10fdc605563c040244c4b4f1d8ae75811a5c -commit f86586b03fe6cd8f595289bde200a94bc2c191af -Author: Damien Miller -Date: Tue Mar 14 18:26:29 2017 +1100 +commit 6026f48dfca78b713e4a7f681ffa42a0afe0929e +Author: djm@openbsd.org +Date: Tue Jun 13 11:22:15 2017 +0000 - Make seccomp-bpf sandbox work on Linux/X32 + upstream commit - Allow clock_gettime syscall with X32 bit masked off. Apparently - this is required for at least some kernel versions. bz#2142 - Patch mostly by Colin Watson. ok dtucker@ + missing prototype. + + Upstream-ID: f443d2be9910fd2165a0667956d03343c46f66c9 -commit 2429cf78dd2a9741ce27ba25ac41c535274a0af6 +commit bcd1485075aa72ba9418003f5cc27af2b049c51b Author: Damien Miller -Date: Tue Mar 14 18:01:52 2017 +1100 +Date: Sat Jun 10 23:41:25 2017 +1000 - require OpenSSL >=1.0.1 + portability for sftp globbed ls sort by mtime + + Include replacement timespeccmp() for systems that lack it. + Support time_t struct stat->st_mtime in addition to + timespec stat->st_mtim, as well as unsorted fallback. -commit e3ea335abeab731c68f2b2141bee85a4b0bf680f -Author: Damien Miller -Date: Tue Mar 14 17:48:43 2017 +1100 +commit 072e172f1d302d2a2c6043ecbfb4004406717b96 +Author: djm@openbsd.org +Date: Sat Jun 10 06:36:46 2017 +0000 - Remove macro trickery; no binary change + upstream commit - This stops the SC_ALLOW(), SC_ALLOW_ARG() and SC_DENY() macros - prepending __NR_ to the syscall number parameter and just makes - them explicit in the macro invocations. + print '?' instead of incorrect link count (that the + protocol doesn't provide) for remote listings. bz#2710 ok dtucker@ - No binary change in stripped object file before/after. + Upstream-ID: c611f98a66302cea452ef10f13fff8cf0385242e -commit 5f1596e11d55539678c41f68aed358628d33d86f -Author: Damien Miller -Date: Tue Mar 14 13:15:18 2017 +1100 +commit 72be5b2f8e7dc37235e8c4b8d0bc7b5ee1301505 +Author: djm@openbsd.org +Date: Sat Jun 10 06:33:34 2017 +0000 - support ioctls for ICA crypto card on Linux/s390 + upstream commit - Based on patch from Eduardo Barretto; ok dtucker@ - -commit b1b22dd0df2668b322dda174e501dccba2cf5c44 -Author: Darren Tucker -Date: Tue Mar 14 14:19:36 2017 +1100 - - Plumb conversion test into makefile. + implement sorting for globbed ls; bz#2649 ok dtucker@ + + Upstream-ID: ed3110f351cc9703411bf847ba864041fb7216a8 -commit f57783f1ddfb4cdfbd612c6beb5ec01cb5b9a6b9 -Author: dtucker@openbsd.org -Date: Tue Mar 14 01:20:29 2017 +0000 +commit 5b2f34a74aa6a524cd57e856b23e1b7b25007721 +Author: djm@openbsd.org +Date: Fri Jun 9 06:47:13 2017 +0000 upstream commit - Add unit test for convtime(). + return failure rather than fatal() for more cases during + mux negotiations. Causes the session to fall back to a non-mux connection if + they occur. bz#2707 ok dtucker@ - Upstream-Regress-ID: 8717bc0ca4c21120f6dd3a1d3b7a363f707c31e1 + Upstream-ID: d2a7892f464d434e1f615334a1c9d0cdb83b29ab -commit 8884b7247d094cd11ff9e39c325ba928c5bdbc6c -Author: dtucker@openbsd.org -Date: Tue Mar 14 01:10:07 2017 +0000 +commit 7f5637c4a67a49ef256cb4eedf14e8590ac30976 +Author: djm@openbsd.org +Date: Fri Jun 9 06:43:01 2017 +0000 upstream commit - Add ASSERT_LONG_* helpers. + in description of public key authentication, mention that + the server will send debug messages to the client for some error conditions + after authentication has completed. bz#2709 ok dtucker - Upstream-Regress-ID: fe15beaea8f5063c7f21b0660c722648e3d76431 + Upstream-ID: 750127dbd58c5a2672c2d28bc35fe221fcc8d1dd -commit c6774d21185220c0ba11e8fd204bf0ad1a432071 -Author: dtucker@openbsd.org -Date: Tue Mar 14 00:55:37 2017 +0000 +commit 2076e4adb986512ce8c415dd194fd4e52136c4b4 +Author: djm@openbsd.org +Date: Fri Jun 9 06:40:24 2017 +0000 upstream commit - Fix convtime() overflow test on boundary condition, - spotted by & ok djm. + better translate libcrypto errors by looking deeper in + the accursed error stack for codes that indicate the wrong passphrase was + supplied for a PEM key. bz#2699 ok dtucker@ - Upstream-ID: 51f14c507ea87a3022e63f574100613ab2ba5708 + Upstream-ID: 4da4286326d570f4f0489459bb71f6297e54b681 -commit f5746b40cfe6d767c8e128fe50c43274b31cd594 +commit ad0531614cbe8ec424af3c0fa90c34a8e1ebee4c Author: dtucker@openbsd.org -Date: Tue Mar 14 00:25:03 2017 +0000 +Date: Fri Jun 9 04:40:04 2017 +0000 upstream commit - Check for integer overflow when parsing times in - convtime(). Reported by nicolas.iooss at m4x.org, ok djm@ + Add comments referring to the relevant RFC sections for + rekeying behaviour. - Upstream-ID: 35e6a4e98f6fa24df50bfb8ba1307cf70e966f13 + Upstream-ID: 6fc8e82485757a27633f9175ad00468f49a07d40 -commit f5907982f42a8d88a430b8a46752cbb7859ba979 +commit ce9134260b9b1247e2385a1afed00c26112ba479 +Author: Damien Miller +Date: Fri Jun 9 14:43:47 2017 +1000 + + drop two more privileges in the Solaris sandbox + + Drop PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO. + Patch from huieying.lee AT oracle.com via bz#2723 + +commit e0f609c8a2ab940374689ab8c854199c3c285a76 Author: Darren Tucker -Date: Tue Mar 14 13:38:15 2017 +1100 +Date: Fri Jun 9 13:36:29 2017 +1000 - Add a "unit" target to run only unit tests. + Wrap stdint.h include in #ifdef. -commit 9e96b41682aed793fadbea5ccd472f862179fb02 -Author: Damien Miller -Date: Tue Mar 14 12:24:47 2017 +1100 +commit 1de5e47a85850526a4fdaf77185134046c050f75 +Author: djm@openbsd.org +Date: Wed Jun 7 01:48:15 2017 +0000 - Fix weakness in seccomp-bpf sandbox arg inspection + upstream commit - Syscall arguments are passed via an array of 64-bit values in struct - seccomp_data, but we were only inspecting the bottom 32 bits and not - even those correctly for BE systems. + unbreak after sshv1 purge + + Upstream-Regress-ID: 8ea01a92d5f571b9fba88c1463a4254a7552d51b + +commit 550c053168123fcc0791f9952abad684704b5760 +Author: dtucker@openbsd.org +Date: Tue Jun 6 09:12:17 2017 +0000 + + upstream commit - Fortunately, the only case argument inspection was used was in the - socketcall filtering so using this for sandbox escape seems - impossible. + Fix compression output stats broken in rev 1.201. Patch + originally by Russell Coker via Debian bug #797964 and Christoph Biedl. ok + djm@ - ok dtucker + Upstream-ID: 83a1903b95ec2e4ed100703debb4b4a313b01016 -commit 8ff3fc3f2f7c13e8968717bc2b895ee32c441275 +commit 55d06c6e72a9abf1c06a7ac2749ba733134a1f39 Author: djm@openbsd.org -Date: Sat Mar 11 23:44:16 2017 +0000 +Date: Fri Jun 2 06:06:10 2017 +0000 upstream commit - regress tests for loading certificates without public keys; - bz#2617 based on patch from Adam Eijdenberg; ok markus@ dtucker@ + rationalise the long list of manual CDIAGFLAGS that we + add; most of these were redundant to -Wall -Wextra - Upstream-Regress-ID: 0145d19328ed995b73fe2d9da33596b17429d0d0 + Upstream-ID: ea80f445e819719ccdcb237022cacfac990fdc5c -commit 1e24552716194db8f2f620587b876158a9ef56ad +commit 1527d9f61e6d50f6c2b4a3fa5b45829034b1b0b1 Author: djm@openbsd.org -Date: Sat Mar 11 23:40:26 2017 +0000 +Date: Thu Jun 1 06:59:21 2017 +0000 upstream commit - allow ssh to use certificates accompanied by a private - key file but no corresponding plain *.pub public key. bz#2617 based on patch - from Adam Eijdenberg; ok dtucker@ markus@ + no need to bzero allocated space now that we use use + recallocarray; ok deraadt@ - Upstream-ID: 295668dca2c39505281577217583ddd2bd4b00b9 + Upstream-ID: 53333c62ccf97de60b8cb570608c1ba5ca5803c8 -commit 0fb1a617a07b8df5de188dd5a0c8bf293d4bfc0e -Author: markus@openbsd.org -Date: Sat Mar 11 13:07:35 2017 +0000 +commit cc812baf39b93d5355565da98648d8c31f955990 +Author: djm@openbsd.org +Date: Thu Jun 1 06:58:25 2017 +0000 upstream commit - Don't count the initial block twice when computing how - many bytes to discard for the work around for the attacks against CBC-mode. - ok djm@; report from Jean Paul, Kenny, Martin and Torben @ RHUL + unconditionally zero init size of buffer; ok markus@ + deraadt@ - Upstream-ID: f445f509a4e0a7ba3b9c0dae7311cb42458dc1e2 + Upstream-ID: 218963e846d8f26763ba25afe79294547b99da29 -commit ef653dd5bd5777132d9f9ee356225f9ee3379504 -Author: dtucker@openbsd.org -Date: Fri Mar 10 07:18:32 2017 +0000 +commit 65eb8fae0d7ba45ef4483a3cf0ae7fd0dbc7c226 +Author: Damien Miller +Date: Thu Jun 1 16:25:09 2017 +1000 + + avoid compiler warning + +commit 2d75d74272dc2a0521fce13cfe6388800c9a2406 +Author: djm@openbsd.org +Date: Thu Jun 1 06:16:43 2017 +0000 upstream commit - krl.c + some warnings spotted by clang; ok markus@ - Upstream-ID: fc5e695d5d107d730182e2da7b23f00b489e0ee1 + Upstream-ID: 24381d68ca249c5cee4388ceb0f383fa5b43991b -commit d94c1dfef2ea30ca67b1204ada7c3b537c54f4d0 +commit 151c6e433a5f5af761c78de87d7b5d30a453cf5e Author: Damien Miller -Date: Sun Mar 12 10:48:14 2017 +1100 +Date: Thu Jun 1 15:25:13 2017 +1000 - sync fmt_scaled.c with OpenBSD - - revision 1.13 - date: 2017/03/11 23:37:23; author: djm; state: Exp; lines: +14 -1; commitid: jnFKyHkB3CEiEZ2R; - fix signed integer overflow in scan_scaled. Found by Nicolas Iooss - using AFL against ssh_config. ok deraadt@ millert@ - ---------------------------- - revision 1.12 - date: 2013/11/29 19:00:51; author: deraadt; state: Exp; lines: +6 -5; - fairly simple unsigned char casts for ctype - ok krw - ---------------------------- - revision 1.11 - date: 2012/11/12 14:07:20; author: halex; state: Exp; lines: +4 -2; - make scan_scaled set errno to EINVAL rather than ERANGE if it encounters - an invalid multiplier, like the man page says it should + add recallocarray replacement and dependency - "looks sensible" deraadt@, ok ian@ - ---------------------------- - revision 1.10 - date: 2009/06/20 15:00:04; author: martynas; state: Exp; lines: +4 -4; - use llabs instead of the home-grown version; and some comment changes - ok ian@, millert@ - ---------------------------- + recallocarray() needs getpagesize() so add a tiny replacement for that. -commit 894221a63fa061e52e414ca58d47edc5fe645968 +commit 01e6f78924da308447e71e9a32c8a6104ef4e888 +Author: Damien Miller +Date: Thu Jun 1 15:16:24 2017 +1000 + + add *.0 manpage droppings + +commit 4b2e2d3fd9dccff357e1e26ce9a5f2e103837a36 Author: djm@openbsd.org -Date: Fri Mar 10 05:01:13 2017 +0000 +Date: Thu Jun 1 04:51:58 2017 +0000 upstream commit - When updating hostkeys, accept RSA keys if - HostkeyAlgorithms contains any RSA keytype. Previously, ssh could ignore RSA - keys when any of the ssh-rsa-sha2-* methods was enabled in HostkeyAlgorithms - nit ssh-rsa (SHA1 signatures) was not. bz#2650 reported by Luis Ressel; ok - dtucker@ + fix casts re constness - Upstream-ID: c5e8cfee15c42f4a05d126158a0766ea06da79d2 + Upstream-ID: e38f2bac162b37dbaf784d349c8327a6626fa266 -commit dd3e2298663f4cc1a06bc69582d00dcfee27d73c -Author: djm@openbsd.org -Date: Fri Mar 10 04:24:55 2017 +0000 +commit 75b8af8de805c0694b37fcf80ce82783b2acc86f +Author: markus@openbsd.org +Date: Wed May 31 10:54:00 2017 +0000 upstream commit - make hostname matching really insensitive to case; - bz#2685, reported by Petr Cerny; ok dtucker@ + make sure we don't pass a NULL string to vfprintf + (triggered by the principals-command regress test); ok bluhm - Upstream-ID: e467622ff154269e36ba8b6c9e3d105e1c4a9253 + Upstream-ID: eb49854f274ab37a0b57056a6af379a0b7111990 -commit 77a9be9446697fe8b5499fe651f4a82a71a4b51f -Author: djm@openbsd.org -Date: Fri Mar 10 03:52:48 2017 +0000 +commit 84008608c9ee944d9f72f5100f31ccff743b10f2 +Author: markus@openbsd.org +Date: Wed May 31 10:04:29 2017 +0000 upstream commit - reword a comment to make it fit 80 columns + use SO_ZEROIZE for privsep communication (if available) - Upstream-ID: 4ef509a66b96c7314bbcc87027c2af71fa9d0ba4 + Upstream-ID: abcbb6d2f8039fc4367a6a78096e5d5c39de4a62 -commit 61b8ef6a66efaec07e023342cb94a10bdc2254dc -Author: djm@openbsd.org -Date: Fri Mar 10 04:27:32 2017 +0000 +commit 9e509d4ec97cb3d71696f1a2f1fdad254cbbce11 +Author: deraadt@openbsd.org +Date: Wed May 31 09:15:42 2017 +0000 upstream commit - better match sshd config parser behaviour: fatal() if - line is overlong, increase line buffer to match sshd's; bz#2651 reported by - Don Fong; ok dtucker@ + Switch to recallocarray() for a few operations. Both + growth and shrinkage are handled safely, and there also is no need for + preallocation dances. Future changes in this area will be less error prone. + Review and one bug found by markus - Upstream-ID: b175ae7e0ba403833f1ee566edf10f67443ccd18 + Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065 -commit db2597207e69912f2592cd86a1de8e948a9d7ffb -Author: djm@openbsd.org -Date: Fri Mar 10 04:26:06 2017 +0000 +commit dc5dc45662773c0f7745c29cf77ae2d52723e55e +Author: deraadt@openbsd.org +Date: Wed May 31 08:58:52 2017 +0000 upstream commit - ensure hostname is lower-case before hashing it; - bz#2591 reported by Griff Miller II; ok dtucker@ + These shutdown() SHUT_RDWR are not needed before close() + ok djm markus claudio - Upstream-ID: c3b8b93804f376bd00d859b8bcd9fc0d86b4db17 + Upstream-ID: 36f13ae4ba10f5618cb9347933101eb4a98dbcb5 -commit df9936936c695f85c1038bd706d62edf752aca4b -Author: djm@openbsd.org -Date: Fri Mar 10 04:24:55 2017 +0000 +commit 1e0cdf8efb745d0d1116e1aa22bdc99ee731695e +Author: markus@openbsd.org +Date: Wed May 31 08:09:45 2017 +0000 upstream commit - make hostname matching really insensitive to case; - bz#2685, reported by Petr Cerny; ok dtucker@ + clear session keys from memory; ok djm@ - Upstream-ID: e632b7a9bf0d0558d5ff56dab98b7cca6c3db549 + Upstream-ID: ecd178819868975affd5fd6637458b7c712b6a0f -commit 67eed24bfa7645d88fa0b883745fccb22a0e527e -Author: dtucker@openbsd.org -Date: Fri Mar 10 04:11:00 2017 +0000 +commit 92e9fe633130376a95dd533df6e5e6a578c1e6b8 +Author: markus@openbsd.org +Date: Wed May 31 07:00:13 2017 +0000 upstream commit - Remove old null check from config dumper. Patch from - jjelen at redhat.com vi bz#2687, ok djm@ + remove now obsolete ctx from ssh_dispatch_run; ok djm@ - Upstream-ID: 824ab71467b78c4bab0dd1b3a38e8bc5f63dd528 + Upstream-ID: 9870aabf7f4d71660c31fda91b942b19a8e68d29 -commit 183ba55aaaecca0206184b854ad6155df237adbe -Author: djm@openbsd.org -Date: Fri Mar 10 04:07:20 2017 +0000 +commit 17ad5b346043c5bbc5befa864d0dbeb76be39390 +Author: markus@openbsd.org +Date: Wed May 31 05:34:14 2017 +0000 upstream commit - fix regression in 7.4 server-sig-algs, where we were - accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno - Goncalves; ok dtucker@ + use the ssh_dispatch_run_fatal variant - Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8 + Upstream-ID: 28c5b364e37c755d1b22652b8cd6735a05c625d8 -commit 66be4fe8c4435af5bbc82998501a142a831f1181 -Author: dtucker@openbsd.org -Date: Fri Mar 10 03:53:11 2017 +0000 +commit 39896b777320a6574dd06707aebac5fb98e666da +Author: djm@openbsd.org +Date: Wed May 31 05:08:46 2017 +0000 upstream commit - Check for NULL return value from key_new. Patch from - jjelen at redhat.com via bz#2687, ok djm@ + another ctx => ssh conversion (in GSSAPI code) - Upstream-ID: 059e33cd43cba88dc8caf0b1936fd4dd88fd5b8e + Upstream-ID: 4d6574c3948075c60608d8e045af42fe5b5d8ae0 -commit ec2892b5c7fea199914cb3a6afb3af38f84990bf +commit 6116bd4ed354a71a733c8fd0f0467ce612f12911 +Author: Damien Miller +Date: Wed May 31 14:56:07 2017 +1000 + + fix conversion of kexc25519s.c to struct ssh too + + git cvsimport missed this commit for some reason + +commit d40dbdc85b6fb2fd78485ba02225511b8cbf20d7 Author: djm@openbsd.org -Date: Fri Mar 10 03:52:48 2017 +0000 +Date: Wed May 31 04:29:44 2017 +0000 upstream commit - reword a comment to make it fit 80 columns + spell out that custom options/extensions should follow the + usual SSH naming rules, e.g. "extension@example.com" - Upstream-ID: b4b48b4487c0821d16e812c40c9b09f03b28e349 + Upstream-ID: ab326666d2fad40769ec96b5a6de4015ffd97b8d -commit 7fadbb6da3f4122de689165651eb39985e1cba85 -Author: dtucker@openbsd.org -Date: Fri Mar 10 03:48:57 2017 +0000 +commit 2a108277f976e8d0955c8b29d1dfde04dcbb3d5b +Author: djm@openbsd.org +Date: Wed May 31 04:17:12 2017 +0000 upstream commit - Check for NULL argument to sshkey_read. Patch from - jjelen at redhat.com via bz#2687, ok djm@ + one more void *ctx => struct ssh *ssh conversion - Upstream-ID: c2d00c2ea50c4861d271d0a586f925cc64a87e0e + Upstream-ID: d299d043471c10214cf52c03daa10f1c232759e2 -commit 5a06b9e019e2b0b0f65a223422935b66f3749de3 -Author: dtucker@openbsd.org -Date: Fri Mar 10 03:45:40 2017 +0000 +commit c04e979503e97f52b750d3b98caa6fe004ab2ab9 +Author: djm@openbsd.org +Date: Wed May 31 00:43:04 2017 +0000 upstream commit - Plug some mem leaks mostly on error paths. From jjelen - at redhat.com via bz#2687, ok djm@ + fix possible OOB strlen() in SOCKS4A hostname parsing; + ok markus@ - Upstream-ID: 3fb030149598957a51b7c8beb32bf92cf30c96f2 + Upstream-ID: c67297cbeb0e5a19d81752aa18ec44d31270cd11 -commit f6edbe9febff8121f26835996b1229b5064d31b7 -Author: dtucker@openbsd.org -Date: Fri Mar 10 03:24:48 2017 +0000 +commit a3bb250c93bfe556838c46ed965066afce61cffa +Author: jmc@openbsd.org +Date: Tue May 30 19:38:17 2017 +0000 upstream commit - Plug mem leak on GLOB_NOMATCH case. From jjelen at - redhat.com via bz#2687, ok djm@ + tweak previous; - Upstream-ID: 8016a7ae97719d3aa55fb723fc2ad3200058340d + Upstream-ID: 66987651046c42d142f7318c9695fb81a6d14031 -commit 566b3a46e89a2fda2db46f04f2639e92da64a120 -Author: dtucker@openbsd.org -Date: Fri Mar 10 03:22:40 2017 +0000 +commit 1112b534a6a7a07190e497e6bf86b0d5c5fb02dc +Author: bluhm@openbsd.org +Date: Tue May 30 18:58:37 2017 +0000 upstream commit - Plug descriptor leaks of auth_sock. From jjelen at - redhat.com via bz#2687, ok djm@ + Add RemoteCommand option to specify a command in the + ssh config file instead of giving it on the client's command line. This + command will be executed on the remote host. The feature allows to automate + tasks using ssh config. OK markus@ - Upstream-ID: 248acb99a5ed2fdca37d1aa33c0fcee7be286d88 + Upstream-ID: 5d982fc17adea373a9c68cae1021ce0a0904a5ee -commit 8a2834454c73dfc1eb96453c0e97690595f3f4c2 -Author: djm@openbsd.org -Date: Fri Mar 10 03:18:24 2017 +0000 +commit eb272ea4099fd6157846f15c129ac5727933aa69 +Author: markus@openbsd.org +Date: Tue May 30 14:29:59 2017 +0000 upstream commit - correctly hash hosts with a port number. Reported by Josh - Powers in bz#2692; ok dtucker@ + switch auth2 to ssh_dispatch API; ok djm@ - Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442 + Upstream-ID: a752ca19e2782900dd83060b5c6344008106215f -commit 9747b9c742de409633d4753bf1a752cbd211e2d3 -Author: djm@openbsd.org -Date: Fri Mar 10 03:15:58 2017 +0000 +commit 5a146bbd4fdf5c571f9fb438e5210d28cead76d9 +Author: markus@openbsd.org +Date: Tue May 30 14:27:22 2017 +0000 upstream commit - don't truncate off \r\n from long stderr lines; bz#2688, - reported by Brian Dyson; ok dtucker@ + switch auth2-none.c to modern APIs; ok djm@ - Upstream-ID: cdfdc4ba90639af807397ce996153c88af046ca4 + Upstream-ID: 07252b58e064d332214bcabbeae8e08c44b2001b -commit 4a4b75adac862029a1064577eb5af299b1580cdd -Author: dtucker@openbsd.org -Date: Fri Mar 10 02:59:51 2017 +0000 +commit 60306b2d2f029f91927c6aa7c8e08068519a0fa2 +Author: markus@openbsd.org +Date: Tue May 30 14:26:49 2017 +0000 upstream commit - Validate digest arg in ssh_digest_final; from jjelen at - redhat.com via bz#2687, ok djm@ + switch auth2-passwd.c to modern APIs; ok djm@ - Upstream-ID: dbe5494dfddfe523fab341a3dab5a79e7338f878 + Upstream-ID: cba0a8b72b4f97adfb7e3b3fd2f8ba3159981fc7 -commit bee0167be2340d8de4bdc1ab1064ec957c85a447 -Author: Darren Tucker -Date: Fri Mar 10 13:40:18 2017 +1100 +commit eb76698b91338bd798c978d4db2d6af624d185e4 +Author: markus@openbsd.org +Date: Tue May 30 14:25:42 2017 +0000 - Check for NULL from malloc. + upstream commit - Part of bz#2687, from jjelen at redhat.com. - -commit da39b09d43b137a5a3d071b51589e3efb3701238 -Author: Darren Tucker -Date: Fri Mar 10 13:22:32 2017 +1100 - - If OSX is using launchd, remove screen no. + switch auth2-hostbased.c to modern APIs; ok djm@ - Check for socket with and without screen number. From Apple and Jakob - Schlyter via bz#2341, with contributions from Ron Frederick, ok djm@ + Upstream-ID: 146af25c36daeeb83d5dbbb8ca52b5d25de88f4e -commit 8fb15311a011517eb2394bb95a467c209b8b336c -Author: djm@openbsd.org -Date: Wed Mar 8 12:07:47 2017 +0000 +commit 2ae666a8fc20b3b871b2f1b90ad65cc027336ccd +Author: markus@openbsd.org +Date: Tue May 30 14:23:52 2017 +0000 upstream commit - quote [host]:port in generated ProxyJump commandline; the - [ / ] characters can confuse some shells (e.g. zsh). Reported by Lauri - Tirkkonen via bugs@ + protocol handlers all get struct ssh passed; ok djm@ - Upstream-ID: 65cdd161460e1351c3d778e974c1c2a4fa4bc182 + Upstream-ID: 0ca9ea2a5d01a6d2ded94c5024456a930c5bfb5d -commit 18501151cf272a15b5f2c5e777f2e0933633c513 -Author: dtucker@openbsd.org -Date: Mon Mar 6 02:03:20 2017 +0000 +commit 94583beb24a6c5fd19cedb9104ab2d2d5cd052b6 +Author: markus@openbsd.org +Date: Tue May 30 14:19:15 2017 +0000 upstream commit - Check l->hosts before dereferencing; fixes potential null - pointer deref. ok djm@ + ssh: pass struct ssh to auth functions, too; ok djm@ - Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301 + Upstream-ID: d13c509cc782f8f19728fbea47ac7cf36f6e85dd -commit d072370793f1a20f01ad827ba8fcd3b8f2c46165 -Author: dtucker@openbsd.org -Date: Mon Mar 6 00:44:51 2017 +0000 +commit 5f4082d886c6173b9e90b9768c9a38a3bfd92c2b +Author: markus@openbsd.org +Date: Tue May 30 14:18:15 2017 +0000 upstream commit - linenum is unsigned long so use %lu in log formats. ok - deraadt@ + sshd: pass struct ssh to auth functions; ok djm@ - Upstream-ID: 9dc582d9bb887ebe0164e030d619fc20b1a4ea08 + Upstream-ID: b00a80c3460884ebcdd14ef550154c761aebe488 -commit 12d3767ba4c84c32150cbe6ff6494498780f12c9 -Author: djm@openbsd.org -Date: Fri Mar 3 06:13:11 2017 +0000 +commit 7da5df11ac788bc1133d8d598d298e33500524cc +Author: markus@openbsd.org +Date: Tue May 30 14:16:41 2017 +0000 upstream commit - fix ssh-keygen -H accidentally corrupting known_hosts that - contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by - hostkeys_foreach() when hostname matching is in use, so we need to look for - the hash marker explicitly. + remove unused wrapper functions from key.[ch]; ok djm@ - Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528 + Upstream-ID: ea0f4016666a6817fc11f439dd4be06bab69707e -commit d7abb771bd5a941b26144ba400a34563a1afa589 -Author: djm@openbsd.org -Date: Tue Feb 28 06:10:08 2017 +0000 +commit ff7371afd08ac0bbd957d90451d4dcd0da087ef5 +Author: markus@openbsd.org +Date: Tue May 30 14:15:17 2017 +0000 upstream commit - small memleak: free fd_set on connection timeout (though - we are heading to exit anyway). From Tom Rix in bz#2683 + sshkey_new() might return NULL (pkcs#11 code only); ok + djm@ - Upstream-ID: 10e3dadbb8199845b66581473711642d9e6741c4 + Upstream-ID: de9f2ad4a42c0b430caaa7d08dea7bac943075dd -commit 78142e3ab3887e53a968d6e199bcb18daaf2436e -Author: jmc@openbsd.org -Date: Mon Feb 27 14:30:33 2017 +0000 +commit beb965bbc5a984fa69fb1e2b45ebe766ae09d1ef +Author: markus@openbsd.org +Date: Tue May 30 14:13:40 2017 +0000 upstream commit - errant dot; from klemens nanni + switch sshconnect.c to modern APIs; ok djm@ - Upstream-ID: 83d93366a5acf47047298c5d3ebc5e7426f37921 + Upstream-ID: 27be17f84b950d5e139b7a9b281aa487187945ad -commit 8071a6924c12bb51406a9a64a4b2892675112c87 -Author: djm@openbsd.org -Date: Fri Feb 24 03:16:34 2017 +0000 +commit 00ed75c92d1f95fe50032835106c368fa22f0f02 +Author: markus@openbsd.org +Date: Tue May 30 14:10:53 2017 +0000 upstream commit - might as well set the listener socket CLOEXEC + switch auth2-pubkey.c to modern APIs; with & ok djm@ - Upstream-ID: 9c538433d6a0ca79f5f21decc5620e46fb68ab57 + Upstream-ID: 8f08d4316eb1b0c4ffe4a206c05cdd45ed1daf07 -commit d5499190559ebe374bcdfa8805408646ceffad64 -Author: djm@openbsd.org -Date: Sun Feb 19 00:11:29 2017 +0000 +commit 54d90ace1d3535b44d92a8611952dc109a74a031 +Author: markus@openbsd.org +Date: Tue May 30 08:52:19 2017 +0000 upstream commit - add test cases for C locale; ok schwarze@ + switch from Key typedef with struct sshkey; ok djm@ - Upstream-Regress-ID: 783d75de35fbc923d46e2a5e6cee30f8f381ba87 + Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f -commit 011c8ffbb0275281a0cf330054cf21be10c43e37 -Author: djm@openbsd.org -Date: Sun Feb 19 00:10:57 2017 +0000 +commit c221219b1fbee47028dcaf66613f4f8d6b7640e9 +Author: markus@openbsd.org +Date: Tue May 30 08:49:58 2017 +0000 upstream commit - Add a common nl_langinfo(CODESET) alias for US-ASCII - "ANSI_X3.4-1968" that is used by Linux. Fixes mprintf output truncation for - non-UTF-8 locales on Linux spotted by dtucker@; ok deraadt@ schwarze@ + remove ssh1 references; ok djm@ - Upstream-ID: c6808956ebffd64066f9075d839f74ff0dd60719 + Upstream-ID: fc23b7578e7b0a8daaec72946d7f5e58ffff5a3d -commit 0c4430a19b73058a569573492f55e4c9eeaae67b -Author: dtucker@openbsd.org -Date: Tue Feb 7 23:03:11 2017 +0000 +commit afbfa68fa18081ef05a9cd294958509a5d3cda8b +Author: markus@openbsd.org +Date: Tue May 30 08:49:32 2017 +0000 upstream commit - Remove deprecated SSH1 options RSAAuthentication and - RhostsRSAAuthentication from regression test sshd_config. + revise sshkey_load_public(): remove ssh1 related + comments, remove extra open()/close() on keyfile, prevent leak of 'pub' if + 'keyp' is NULL, replace strlcpy+cat with asprintf; ok djm@ - Upstream-Regress-ID: 8066b753d9dce7cf02ff87af5c727ff680d99491 + Upstream-ID: 6175e47cab5b4794dcd99c1175549a483ec673ca -commit 3baa4cdd197c95d972ec3d07f1c0d08f2d7d9199 -Author: dtucker@openbsd.org -Date: Fri Feb 17 02:32:05 2017 +0000 +commit 813f55336a24fdfc45e7ed655fccc7d792e8f859 +Author: markus@openbsd.org +Date: Fri May 26 20:34:49 2017 +0000 upstream commit - Do not show rsa1 key type in usage when compiled without - SSH1 support. + sshbuf_consume: reset empty buffer; ok djm@ - Upstream-ID: 068b5c41357a02f319957746fa4e84ea73960f57 + Upstream-ID: 0d4583ba57f69e369d38bbd7843d85cac37fa821 -commit ecc35893715f969e98fee118481f404772de4132 -Author: dtucker@openbsd.org -Date: Fri Feb 17 02:31:14 2017 +0000 +commit 6cf711752cc2a7ffaad1fb4de18cae65715ed8bb +Author: markus@openbsd.org +Date: Fri May 26 19:35:50 2017 +0000 upstream commit - ifdef out "rsa1" from the list of supported keytypes when - compiled without SSH1 support. Found by kdunlop at guralp.com, ok djm@ + remove SSH_CHANNEL_XXX_DRAINING (ssh1 only); ok djm@ - Upstream-ID: cea93a26433d235bb1d64b1d990f19a9c160a70f + Upstream-ID: e2e225b6ac67b84dd024f38819afff2554fafe42 -commit 10577c6d96a55b877a960b2d0b75edef1b9945af -Author: djm@openbsd.org -Date: Fri Feb 17 02:04:15 2017 +0000 +commit 364f0d5edea27767fb0f915ea7fc61aded88d3e8 +Author: markus@openbsd.org +Date: Fri May 26 19:34:12 2017 +0000 upstream commit - For ProxyJump/-J, surround host name with brackets to - allow literal IPv6 addresses. From Dick Visser; ok dtucker@ + remove channel_input_close_confirmation (ssh1 only); ok + djm@ - Upstream-ID: 3a5d3b0171250daf6a5235e91bce09c1d5746bf1 + Upstream-ID: 8e7c8c38f322d255bb0294a5c0ebef53fdf576f1 -commit b2afdaf1b52231aa23d2153f4a8c5a60a694dda4 -Author: jsg@openbsd.org -Date: Wed Feb 15 23:38:31 2017 +0000 +commit 8ba0fd40082751dbbc23a830433488bbfb1abdca +Author: djm@openbsd.org +Date: Fri May 26 01:40:07 2017 +0000 upstream commit - Fix memory leaks in match_filter_list() error paths. + fix references to obsolete v00 cert format; spotted by + Jakub Jelen - ok dtucker@ markus@ + Upstream-ID: 7600ce193ab8fd19451acfe24fc2eb39d46b2c4f + +commit dcc714c65cfb81eb6903095b4590719e8690f3da +Author: Mike Frysinger +Date: Wed May 24 23:21:19 2017 -0400 + + configure: actually set cache vars when cross-compiling - Upstream-ID: c7f96ac0877f6dc9188bbc908100a8d246cc7f0e + The cross-compiling fallback message says it's assuming the test + passed, but it didn't actually set the cache var which causes + later tests to fail. -commit 6d5a41b38b55258213ecfaae9df7a758caa752a1 +commit 947a3e829a5b8832a4768fd764283709a4ca7955 Author: djm@openbsd.org -Date: Wed Feb 15 01:46:47 2017 +0000 +Date: Sat May 20 02:35:47 2017 +0000 upstream commit - fix division by zero crash in "df" output when server - returns zero total filesystem blocks/inodes. Spotted by Guido Vranken; ok - dtucker@ + there's no reason to artificially limit the key path + here, just check that it fits PATH_MAX; spotted by Matthew Patton - Upstream-ID: 6fb6c2ae6b289aa07b6232dbc0be54682ef5419f + Upstream-ID: 858addaf2009c9cf04d80164a41b2088edb30b58 -commit bd5d7d239525d595ecea92765334af33a45d9d63 -Author: Darren Tucker -Date: Sun Feb 12 15:45:15 2017 +1100 +commit 773224802d7cb250bb8b461546fcce10567b4b2e +Author: djm@openbsd.org +Date: Fri May 19 21:07:17 2017 +0000 - ifdef out EVP_R_PRIVATE_KEY_DECODE_ERROR + upstream commit - EVP_R_PRIVATE_KEY_DECODE_ERROR was added in OpenSSL 1.0.0 so ifdef out - for the benefit of OpenSSL versions prior to that. + Now that we no longer support SSHv1, replace the contents + of this file with a pointer to + https://tools.ietf.org/html/draft-miller-ssh-agent-00 It's better edited, + doesn't need to document stuff we no longer implement and does document stuff + that we do implement (RSA SHA256/512 signature flags) + + Upstream-ID: da8cdc46bbcc266efabd565ddddd0d8e556f846e -commit 155d540d00ff55f063421ec182ec8ff2b7ab6cbe +commit 54cd41a4663fad66406dd3c8fe0e4760ccd8a899 Author: djm@openbsd.org -Date: Fri Feb 10 04:34:50 2017 +0000 +Date: Wed May 17 01:24:17 2017 +0000 upstream commit - bring back r1.34 that was backed out for problems loading - public keys: - - translate OpenSSL error codes to something more - meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@ - - with additional fix from Jakub Jelen to solve the backout. - bz#2525 bz#2523 re-ok dtucker@ + allow LogLevel in sshd_config Match blocks; ok dtucker + bz#2717 - Upstream-ID: a9d5bc0306f4473d9b4f4484f880e95f3c1cc031 + Upstream-ID: 662e303be63148f47db1aa78ab81c5c2e732baa8 -commit a287c5ad1e0bf9811c7b9221979b969255076019 +commit 277abcda3f1b08d2376686f0ef20320160d4c8ab Author: djm@openbsd.org -Date: Fri Feb 10 03:36:40 2017 +0000 +Date: Tue May 16 16:56:15 2017 +0000 upstream commit - Sanitise escape sequences in key comments sent to printf - but preserve valid UTF-8 when the locale supports it; bz#2520 ok dtucker@ + remove duplicate check; spotted by Jakub Jelen - Upstream-ID: e8eed28712ba7b22d49be534237eed019875bd1e + Upstream-ID: 30c2996c1767616a8fdc49d4cee088efac69c3b0 -commit e40269be388972848aafcca7060111c70aab5b87 -Author: millert@openbsd.org -Date: Wed Feb 8 20:32:43 2017 +0000 +commit adb47ce839c977fa197e770c1be8f852508d65aa +Author: djm@openbsd.org +Date: Tue May 16 16:54:05 2017 +0000 upstream commit - Avoid printf %s NULL. From semarie@, OK djm@ + mention that Ed25519 keys are valid as CA keys; spotted + by Jakub Jelen - Upstream-ID: 06beef7344da0208efa9275d504d60d2a5b9266c + Upstream-ID: d3f6db58b30418cb1c3058211b893a1ffed3dfd4 -commit 5b90709ab8704dafdb31e5651073b259d98352bc +commit 6bdf70f01e700348bb4d8c064c31a0ab90896df6 +Author: Damien Miller +Date: Tue May 9 14:35:03 2017 +1000 + + clean up regress files and add a .gitignore + +commit 7bdb2eeb1d3c26acdc409bd94532eefa252e440b Author: djm@openbsd.org -Date: Mon Feb 6 09:22:51 2017 +0000 +Date: Mon May 8 22:57:38 2017 +0000 upstream commit - Restore \r\n newline sequence for server ident string. The CR - got lost in the flensing of SSHv1. Pointed out by Stef Bon + remove hmac-ripemd160; ok dtucker - Upstream-ID: 5333fd43ce5396bf5999496096fac5536e678fac + Upstream-ID: 896e737ea0bad6e23327d1c127e02d5e9e9c654d -commit 97c31c46ee2e6b46dfffdfc4f90bbbf188064cbc +commit 5f02bb1f99f70bb422be8a5c2b77ef853f1db554 Author: djm@openbsd.org -Date: Fri Feb 3 23:01:42 2017 +0000 +Date: Mon May 8 06:11:06 2017 +0000 upstream commit - unit test for match_filter_list() function; still want a - better name for this... + make requesting bad ECDSA bits yield the same error + (SSH_ERR_KEY_LENGTH) as the same mistake for RSA/DSA - Upstream-Regress-ID: 840ad6118552c35111f0a897af9c8d93ab8de92a + Upstream-ID: bf40d3fee567c271e33f05ef8e4e0fa0b6f0ece6 -commit f1a193464a7b77646f0d0cedc929068e4a413ab4 +commit d757a4b633e8874629a1442c7c2e7b1b55d28c19 Author: djm@openbsd.org -Date: Fri Feb 3 23:05:57 2017 +0000 +Date: Mon May 8 06:08:42 2017 +0000 upstream commit - use ssh_packet_set_log_preamble() to include connection - username in packet log messages, e.g. - - Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth] - - ok markus@ bz#113 + fix for new SSH_ERR_KEY_LENGTH error value - Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15 + Upstream-Regress-ID: c38a6e6174d4c3feca3518df150d4fbae0dca8dc -commit 07edd7e9537ab32aa52abb5fb2a915c350fcf441 +commit 2e58a69508ac49c02d1bb6057300fa6a76db1045 Author: djm@openbsd.org -Date: Fri Feb 3 23:03:33 2017 +0000 +Date: Mon May 8 06:03:39 2017 +0000 upstream commit - add ssh_packet_set_log_preamble() to allow inclusion of a - preamble string in disconnect messages; ok markus@ + helps if I commit the correct version of the file. fix + missing return statement. - Upstream-ID: 34cb41182cd76d414c214ccb01c01707849afead + Upstream-ID: c86394a3beeb1ec6611e659bfa830254f325546c -commit 68bc8cfa7642d3ccbf2cd64281c16b8b9205be59 +commit effaf526bfa57c0ac9056ca236becf52385ce8af Author: djm@openbsd.org -Date: Fri Feb 3 23:01:19 2017 +0000 +Date: Mon May 8 01:52:49 2017 +0000 upstream commit - support =- for removing methods from algorithms lists, - e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like - it" markus@ + remove arcfour, blowfish and CAST here too - Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d + Upstream-Regress-ID: c613b3bcbef75df1fe84ca4dc2d3ef253dc5e920 -commit c924b2ef941028a1f31e6e94f54dfeeeef462a4e +commit 7461a5bc571696273252df28a1f1578968cae506 Author: djm@openbsd.org -Date: Fri Feb 3 05:05:56 2017 +0000 +Date: Mon May 8 00:21:36 2017 +0000 upstream commit - allow form-feed characters at EOL; bz#2431 ok dtucker@ + I was too aggressive with the scalpel in the last commit; + unbreak sshd, spotted quickly by naddy@ - Upstream-ID: 1f453afaba6da2ae69d6afdf1ae79a917552f1a2 + Upstream-ID: fb7e75d2b2c7e6ca57dee00ca645e322dd49adbf -commit 523db8540b720c4d21ab0ff6f928476c70c38aab -Author: Damien Miller -Date: Fri Feb 3 16:01:22 2017 +1100 +commit bd636f40911094a39c2920bf87d2ec340533c152 +Author: djm@openbsd.org +Date: Sun May 7 23:15:59 2017 +0000 - prefer to use ldns-config to find libldns + upstream commit - Should fix bz#2603 - "Build with ldns and without kerberos support - fails if ldns compiled with kerberos support" by including correct - cflags/libs + Refuse RSA keys <1024 bits in length. Improve reporting + for keys that do not meet this requirement. ok markus@ - ok dtucker@ + Upstream-ID: b385e2a7b13b1484792ee681daaf79e1e203df6c -commit c998bf0afa1a01257a53793eba57941182e9e0b7 -Author: dtucker@openbsd.org -Date: Fri Feb 3 02:56:00 2017 +0000 +commit 70c1218fc45757a030285051eb4d209403f54785 +Author: djm@openbsd.org +Date: Sun May 7 23:13:42 2017 +0000 upstream commit - Make ssh_packet_set_rekey_limits take u32 for the number of - seconds until rekeying (negative values are rejected at config parse time). - This allows the removal of some casts and a signed vs unsigned comparison - warning. + Don't offer CBC ciphers by default in the client. ok + markus@ - rekey_time is cast to int64 for the comparison which is a no-op - on OpenBSD, but should also do the right thing in -portable on - anything still using 32bit time_t (until the system time actually - wraps, anyway). + Upstream-ID: 94c9ce8d0d1a085052e11c7f3307950fdc0901ef + +commit acaf34fd823235d549c633c0146ee03ac5956e82 +Author: djm@openbsd.org +Date: Sun May 7 23:12:57 2017 +0000 + + upstream commit - some early guidance deraadt@, ok djm@ + As promised in last release announcement: remove + support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@ - Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c + Upstream-ID: 21f8facdba3fd8da248df6417000867cec6ba222 -commit 3ec5fa4ba97d4c4853620daea26a33b9f1fe3422 -Author: jsg@openbsd.org -Date: Thu Feb 2 10:54:25 2017 +0000 +commit 3e371bd2124427403971db853fb2e36ce789b6fd +Author: naddy@openbsd.org +Date: Fri May 5 10:42:49 2017 +0000 upstream commit - In vasnmprintf() return an error if malloc fails and - don't set a function argument to the address of free'd memory. - + more simplification and removal of SSHv1-related code; ok djm@ - Upstream-ID: 1efffffff2f51d53c9141f245b90ac23d33b9779 + Upstream-ID: d2f041aa0b79c0ebd98c68a01e5a0bfab2cf3b55 -commit 858252fb1d451ebb0969cf9749116c8f0ee42753 -Author: dtucker@openbsd.org -Date: Wed Feb 1 02:59:09 2017 +0000 +commit 2e9c324b3a7f15c092d118c2ac9490939f6228fd +Author: naddy@openbsd.org +Date: Fri May 5 10:41:58 2017 +0000 upstream commit - Return true reason for port forwarding failures where - feasible rather than always "administratively prohibited". bz#2674, ok djm@ + remove superfluous protocol 2 mentions; ok jmc@ - Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419 + Upstream-ID: 0aaf7567c9f2e50fac5906b6a500a39c33c4664d -commit 6ba9f893838489add6ec4213c7a997b425e4a9e0 -Author: dtucker@openbsd.org -Date: Mon Jan 30 23:27:39 2017 +0000 +commit 744bde79c3361e2153cb395a2ecdcee6c713585d +Author: djm@openbsd.org +Date: Thu May 4 06:10:57 2017 +0000 upstream commit - Small correction to the known_hosts section on when it is - updated. Patch from lkppo at free.fr some time ago, pointed out by smallm at - sdf.org + since a couple of people have asked, leave a comment + explaining why we retain SSH v.1 support in the "delete all keys from agent" + path. - Upstream-ID: 1834d7af179dea1a12ad2137f84566664af225d5 + Upstream-ID: 4b42dcfa339813c15fe9248a2c1b7ed41c21bbb4 -commit c61d5ec3c11e7ff9779b6127421d9f166cf10915 -Author: Darren Tucker -Date: Fri Feb 3 14:10:34 2017 +1100 +commit 0c378ff6d98d80bc465a4a6a787670fb9cc701ee +Author: djm@openbsd.org +Date: Thu May 4 01:33:21 2017 +0000 - Remove _XOPEN_SOURCE from wide char detection. + upstream commit - Having _XOPEN_SOURCE unconditionally causes problems on some platforms - and configurations, notably Solaris 64-bit binaries. It was there for - the benefit of Linux put the required bits in the *-*linux* section. + another tentacle: cipher_set_key_string() was only ever + used for SSHv1 - Patch from yvoinov at gmail.com. + Upstream-ID: 7fd31eb6c48946f7e7cc12af0699fe8eb637e94a -commit f25ee13b3e81fd80efeb871dc150fe49d7fc8afd -Author: djm@openbsd.org -Date: Mon Jan 30 05:22:14 2017 +0000 +commit 9a82e24b986e3e0dc70849dbb2c19aa6c707b37f +Author: naddy@openbsd.org +Date: Wed May 3 21:49:18 2017 +0000 upstream commit - fully unbreak: some $SSH invocations did not have -F - specified and could pick up the ~/.ssh/config of the user running the tests + restore mistakenly deleted description of the + ConnectionAttempts option ok markus@ - Upstream-Regress-ID: f362d1892c0d3e66212d5d3fc02d915c58ef6b89 + Upstream-ID: 943002b1b7c470caea3253ba7b7348c359de0348 -commit 6956e21fb26652887475fe77ea40d2efcf25908b -Author: djm@openbsd.org -Date: Mon Jan 30 04:54:07 2017 +0000 +commit 768405fddf64ff83aa6ef701ebb3c1f82d98a2f3 +Author: naddy@openbsd.org +Date: Wed May 3 21:08:09 2017 +0000 upstream commit - partially unbreak: was not specifying hostname on some - $SSH invocations + remove miscellaneous SSH1 leftovers; ok markus@ - Upstream-Regress-ID: bc8a5e98e57bad0a92ef4f34ed91c1d18294e2cc + Upstream-ID: af23696022ae4d45a1abc2fb8b490d8d9dd63b7c -commit 52763dd3fe0a4678dafdf7aeb32286e514130afc -Author: djm@openbsd.org -Date: Mon Jan 30 01:03:00 2017 +0000 +commit 1a1b24f8229bf7a21f89df21987433283265527a +Author: jmc@openbsd.org +Date: Wed May 3 10:01:44 2017 +0000 upstream commit - revise keys/principals command hang fix (bz#2655) to - consume entire output, avoiding sending SIGPIPE to subprocesses early; ok - dtucker@ + more protocol 1 bits removed; ok djm - Upstream-ID: 7cb04b31a61f8c78c4e48ceededcd2fd5c4ee1bc + Upstream-ID: b5b977eaf756915acb56aef3604a650e27f7c2b9 -commit 381a2615a154a82c4c53b787f4a564ef894fe9ac -Author: djm@openbsd.org -Date: Mon Jan 30 00:38:50 2017 +0000 +commit 2b6f799e9b230cf13a7eefc05ecead7d8569d6b5 +Author: jmc@openbsd.org +Date: Wed May 3 06:32:02 2017 +0000 upstream commit - small cleanup post SSHv1 removal: - - remove SSHv1-isms in commented examples + more protocol 1 stuff to go; ok djm - reorder token table to group deprecated and compile-time conditional tokens - better + Upstream-ID: 307a30441d2edda480fd1661d998d36665671e47 + +commit f10c0d32cde2084d2a0b19bc47d80cb93e85a093 +Author: jmc@openbsd.org +Date: Tue May 2 17:04:09 2017 +0000 + + upstream commit - fix config dumping code for some compile-time conditional options that - weren't being correctly skipped (SSHv1 and PKCS#11) + rsa1 is no longer valid; - Upstream-ID: f2e96b3cb3158d857c5a91ad2e15925df3060105 + Upstream-ID: 9953d09ed9841c44b7dcf7019fa874783a709d89 -commit 4833d01591b7eb049489d9558b65f5553387ed43 -Author: djm@openbsd.org -Date: Mon Jan 30 00:34:01 2017 +0000 +commit 42b690b4fd0faef78c4d68225948b6e5c46c5163 +Author: jmc@openbsd.org +Date: Tue May 2 14:06:37 2017 +0000 upstream commit - some explicit NULL tests when dumping configured - forwardings; from Karsten Weiss + add PubKeyAcceptedKeyTypes to the -o list: scp(1) has + it, so i guess this should too; - Upstream-ID: 40957b8dea69672b0e50df6b4a91a94e3e37f72d + Upstream-ID: 7fab32e869ca5831d09ab0c40d210b461d527a2c -commit 326e2fae9f2e3e067b5651365eba86b35ee5a6b2 -Author: djm@openbsd.org -Date: Mon Jan 30 00:32:28 2017 +0000 +commit d852603214defd93e054de2877b20cc79c19d0c6 +Author: jmc@openbsd.org +Date: Tue May 2 13:44:51 2017 +0000 upstream commit - misplaced braces in test; from Karsten Weiss + remove now obsolete protocol1 options from the -o + lists; - Upstream-ID: f7b794074d3aae8e35b69a91d211c599c94afaae + Upstream-ID: 828e478a440bc5f9947672c392420510a362b3dd -commit 3e032a95e46bfaea9f9e857678ac8fa5f63997fb -Author: djm@openbsd.org -Date: Mon Jan 30 00:32:03 2017 +0000 +commit 8b60ce8d8111e604c711c4cdd9579ffe0edced74 +Author: jmc@openbsd.org +Date: Tue May 2 09:05:58 2017 +0000 upstream commit - don't dereference authctxt before testing != NULL, it - causes compilers to make assumptions; from Karsten Weiss + more -O shuffle; ok djm - Upstream-ID: 794243aad1e976ebc717885b7a97a25e00c031b2 + Upstream-ID: c239991a3a025cdbb030b73e990188dd9bfbeceb -commit 01cfaa2b1cfb84f3cdd32d1bf82b120a8d30e057 +commit 3575f0b12afe6b561681582fd3c34067d1196231 Author: djm@openbsd.org -Date: Fri Jan 6 02:51:16 2017 +0000 +Date: Tue May 2 08:54:19 2017 +0000 upstream commit - use correct ssh-add program; bz#2654, from Colin Watson + remove -1 / -2 options; pointed out by jmc@ - Upstream-Regress-ID: 7042a36e1bdaec6562f6e57e9d047efe9c7a6030 + Upstream-ID: 65d2a816000741a95df1c7cfdb5fa8469fcc7daa -commit e5c7ec67cdc42ae2584085e0fc5cc5ee91133cf5 -Author: dtucker@openbsd.org -Date: Fri Jan 6 02:26:10 2017 +0000 +commit 4f1ca823bad12e4f9614895eefe0d0073b84a28f +Author: jmc@openbsd.org +Date: Tue May 2 08:06:33 2017 +0000 upstream commit - Account for timeouts in the integrity tests as failures. - - If the first test in a series for a given MAC happens to modify the low - bytes of a packet length, then ssh will time out and this will be - interpreted as a test failure. Patch from cjwatson at debian.org via - bz#2658. + remove options -12 from usage(); - Upstream-Regress-ID: e7467613b0badedaa300bc6fc7495ec2f44e2fb9 + Upstream-ID: db7ceef25132e63b50ed05289bf447fece1d1270 -commit dbaf599b61bd6e0f8469363a8c8e7f633b334018 -Author: dtucker@openbsd.org -Date: Fri Jan 6 02:09:25 2017 +0000 +commit 6b84897f7fd39956b849eac7810319d8a9958568 +Author: jmc@openbsd.org +Date: Tue May 2 07:13:31 2017 +0000 upstream commit - Make forwarding test less racy by using unix domain - sockets instead of TCP ports where possible. Patch from cjwatson at - debian.org via bz#2659. + tidy up -O somewhat; ok djm - Upstream-Regress-ID: 4756375aac5916ef9d25452a1c1d5fa9e90299a9 + Upstream-ID: 804405f716bf7ef15c1f36ab48581ca16aeb4d52 -commit 9390b0031ebd6eb5488d3bc4d4333c528dffc0a6 -Author: dtucker@openbsd.org -Date: Sun Jan 29 21:35:23 2017 +0000 +commit d1c6b7fdbdfe4a7a37ecd48a97f0796b061c2868 +Author: djm@openbsd.org +Date: Mon May 1 22:09:48 2017 +0000 upstream commit - Fix typo in ~C error message for bad port forward - cancellation. bz#2672, from Brad Marshall via Colin Watson and Ubuntu's - bugtracker. + when freeing a bitmap, zero all it bytes; spotted by Ilya + Kaliman - Upstream-ID: 0d4a7e5ead6cc59c9a44b4c1e5435ab3aada09af + Upstream-ID: 834ac024f2c82389d6ea6b1c7d6701b3836e28e4 -commit 4ba15462ca38883b8a61a1eccc093c79462d5414 -Author: guenther@openbsd.org -Date: Sat Jan 21 11:32:04 2017 +0000 +commit 0f163983016c2988a92e039d18a7569f9ea8e071 +Author: djm@openbsd.org +Date: Mon May 1 14:08:26 2017 +0000 upstream commit - The POSIX APIs that that sockaddrs all ignore the s*_len - field in the incoming socket, so userspace doesn't need to set it unless it - has its own reasons for tracking the size along with the sockaddr. - - ok phessler@ deraadt@ florian@ + this one I did forget to "cvs rm" - Upstream-ID: ca6e49e2f22f2b9e81d6d924b90ecd7e422e7437 + Upstream-ID: 5781670c0578fe89663c9085ed3ba477cf7e7913 -commit a1187bd3ef3e4940af849ca953a1b849dae78445 -Author: jmc@openbsd.org -Date: Fri Jan 6 16:28:12 2017 +0000 +commit 21ed00a8e26fe8a772bcca782175fafc2b0890ed +Author: djm@openbsd.org +Date: Mon May 1 09:27:45 2017 +0000 upstream commit - keep the tokens list sorted; + don't know why cvs didn't exterminate these the first + time around, I use rm -f and everuthing... - Upstream-ID: b96239dae4fb3aa94146bb381afabcc7740a1638 + pointed out by sobrado@ + + Upstream-ID: a6c44a0c2885330d322ee01fcfd7f6f209b1e15d -commit b64077f9767634715402014f509e58decf1e140d +commit d29ba6f45086703fdcb894532848ada3427dfde6 +Author: Darren Tucker +Date: Mon May 1 13:53:07 2017 +1000 + + Define INT32_MAX and INT64_MAX if needed. + +commit 329037e389f02ec95c8e16bf93ffede94d3d44ce +Author: Darren Tucker +Date: Mon May 1 13:19:41 2017 +1000 + + Wrap stdint.h in HAVE_STDINT_H + +commit f382362e8dfb6b277f16779ab1936399d7f2af78 Author: djm@openbsd.org -Date: Fri Jan 6 09:27:52 2017 +0000 +Date: Mon May 1 02:27:11 2017 +0000 upstream commit - fix previous + remove unused variable - Upstream-ID: c107d6a69bc22325d79fbf78a2a62e04bcac6895 + Upstream-ID: 66011f00819d0e71b14700449a98414033284516 -commit 5e820e9ea2e949aeb93071fe31c80b0c42f2b2de +commit dd369320d2435b630a5974ab270d686dcd92d024 Author: djm@openbsd.org -Date: Fri Jan 6 03:53:58 2017 +0000 +Date: Sun Apr 30 23:34:55 2017 +0000 upstream commit - show a useful error message when included config files - can't be opened; bz#2653, ok dtucker@ + eliminate explicit specification of protocol in tests and + loops over protocol. We only support SSHv2 now. - Upstream-ID: f598b73b5dfe497344cec9efc9386b4e5a3cb95b + Upstream-Regress-ID: 0082838a9b8a382b7ee9cbf0c1b9db727784fadd -commit 13bd2e2d622d01dc85d22b94520a5b243d006049 +commit 557f921aad004be15805e09fd9572969eb3d9321 Author: djm@openbsd.org -Date: Fri Jan 6 03:45:41 2017 +0000 +Date: Sun Apr 30 23:33:48 2017 +0000 upstream commit - sshd_config is documented to set - GSSAPIStrictAcceptorCheck=yes by default, so actually make it do this. - bz#2637 ok dtucker + remove SSHv1 support from unit tests - Upstream-ID: 99ef8ac51f17f0f7aec166cb2e34228d4d72a665 + Upstream-Regress-ID: 395ca2aa48f1f7d23eefff6cb849ea733ca8bbfe -commit f89b928534c9e77f608806a217d39a2960cc7fd0 +commit e77e1562716fb3da413e4c2397811017b762f5e3 Author: djm@openbsd.org -Date: Fri Jan 6 03:41:58 2017 +0000 +Date: Mon May 1 00:03:18 2017 +0000 upstream commit - Avoid confusing error message when attempting to use - ssh-keyscan built without SSH protocol v.1 to scan for v.1 keys; bz#2583 + fixup setting ciphercontext->plaintext (lost in SSHv1 purge), + though it isn't really used for much anymore. - Upstream-ID: 5d214abd3a21337d67c6dcc5aa6f313298d0d165 + Upstream-ID: 859b8bce84ff4865b32097db5430349d04b9b747 -commit 0999533014784579aa6f01c2d3a06e3e8804b680 -Author: dtucker@openbsd.org -Date: Fri Jan 6 02:34:54 2017 +0000 +commit f7849e6c83a4e0f602dea6c834a24091c622d68e +Author: Damien Miller +Date: Mon May 1 09:55:56 2017 +1000 + + remove configure --with-ssh1 + +commit f4a6a88ddb6dba6d2f7bfb9e2c9879fcc9633043 +Author: djm@openbsd.org +Date: Sun Apr 30 23:29:10 2017 +0000 upstream commit - Re-add '%k' token for AuthorizedKeysCommand which was - lost during the re-org in rev 1.235. bz#2656, from jboning at gmail.com. + flense SSHv1 support from ssh-agent, considerably + simplifying it - Upstream-ID: 2884e203c02764d7b3fe7472710d9c24bdc73e38 + ok markus + + Upstream-ID: 71d772cdcefcb29f76e01252e8361e6fc2dfc365 -commit 51045869fa084cdd016fdd721ea760417c0a3bf3 +commit 930e8d2827853bc2e196c20c3e000263cc87fb75 Author: djm@openbsd.org -Date: Wed Jan 4 05:37:40 2017 +0000 +Date: Sun Apr 30 23:28:41 2017 +0000 upstream commit - unbreak Unix domain socket forwarding for root; ok - markus@ + obliterate ssh1.h and some dead code that used it - Upstream-ID: 6649c76eb7a3fa15409373295ca71badf56920a2 - -commit 58fca12ba967ea5c768653535604e1522d177e44 -Author: Darren Tucker -Date: Mon Jan 16 09:08:32 2017 +1100 - - Remove LOGIN_PROGRAM. + ok markus@ - UseLogin is gone, remove leftover. bz#2665, from cjwatson at debian.org + Upstream-ID: 1ca9159a9fb95618f9d51e069ac8e1131a087343 -commit b108ce92aae0ca0376dce9513d953be60e449ae1 +commit a3710d5d529a34b8f56aa62db798c70e85d576a0 Author: djm@openbsd.org -Date: Wed Jan 4 02:21:43 2017 +0000 +Date: Sun Apr 30 23:28:12 2017 +0000 upstream commit - relax PKCS#11 whitelist a bit to allow libexec as well as - lib directories. + exterminate the -1 flag from scp - Upstream-ID: cf5617958e2e2d39f8285fd3bc63b557da484702 + ok markus@ + + Upstream-ID: 26d247f7065da15056b209cef5f594ff591b89db -commit c7995f296b9222df2846f56ecf61e5ae13d7a53d +commit aebd0abfaa8a41e75d50f9f7934267b0a2d9acb4 Author: djm@openbsd.org -Date: Tue Jan 3 05:46:51 2017 +0000 +Date: Sun Apr 30 23:26:54 2017 +0000 upstream commit - check number of entries in SSH2_FXP_NAME response; avoids - unreachable overflow later. Reported by Jann Horn + purge the last traces of SSHv1 from the TTY modes + handling code - Upstream-ID: b6b2b434a6d6035b1644ca44f24cd8104057420f + ok markus + + Upstream-ID: 963a19f1e06577377c38a3b7ce468f121b966195 -commit ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2 +commit dfa641f758d4b8b2608ab1b00abaf88df0a8e36a Author: djm@openbsd.org -Date: Fri Dec 30 22:08:02 2016 +0000 +Date: Sun Apr 30 23:26:16 2017 +0000 upstream commit - fix deadlock when keys/principals command produces a lot of - output and a key is matched early; bz#2655, patch from jboning AT gmail.com + remove the (in)famous SSHv1 CRC compensation attack + detector. - Upstream-ID: e19456429bf99087ea994432c16d00a642060afe - -commit 30eee7d1b2fec33c14870cc11910610be5d2aa6f -Author: Darren Tucker -Date: Tue Dec 20 12:16:11 2016 +1100 - - Re-add missing "Prerequisites" header and fix typo + Despite your cameo in The Matrix movies, you will not be missed. - Patch from HARUYAMA Seigo . + ok markus + + Upstream-ID: 44261fce51a56d93cdb2af7b6e184be629f667e0 -commit c8c60f3663165edd6a52632c6ddbfabfce1ca865 +commit e5d3bd36ef67d82092861f39b5bf422cb12b31a6 Author: djm@openbsd.org -Date: Mon Dec 19 22:35:23 2016 +0000 +Date: Sun Apr 30 23:25:03 2017 +0000 upstream commit - use standard /bin/sh equality test; from Mike Frysinger + undo some local debugging stuff that I committed by + accident - Upstream-Regress-ID: 7b6f0b63525f399844c8ac211003acb8e4b0bec2 - -commit 4a354fc231174901f2629437c2a6e924a2dd6772 -Author: Damien Miller -Date: Mon Dec 19 15:59:26 2016 +1100 - - crank version numbers for release + Upstream-ID: fe5b31f69a60d47171836911f144acff77810217 -commit 5f8d0bb8413d4d909cc7aa3c616fb0538224c3c9 +commit 3d6d09f2e90f4ad650ebda6520bf2da446f37f14 Author: djm@openbsd.org -Date: Mon Dec 19 04:55:51 2016 +0000 +Date: Sun Apr 30 23:23:54 2017 +0000 upstream commit - openssh-7.4 + remove SSHv1 support from packet and buffer APIs - Upstream-ID: 1ee404adba6bbe10ae9277cbae3a94abe2867b79 + ok markus@ + + Upstream-ID: bfc290053d40b806ecac46317d300677d80e1dc9 -commit 3a8213ea0ed843523e34e55ab9c852332bab4c7b +commit 05164358577c82de18ed7373196bc7dbd8a3f79c Author: djm@openbsd.org -Date: Mon Dec 19 04:55:18 2016 +0000 +Date: Sun Apr 30 23:21:54 2017 +0000 upstream commit - remove testcase that depends on exact output and - behaviour of snprintf(..., "%s", NULL) + remove SSHv1-related buffers from client code - Upstream-Regress-ID: cab4288531766bd9593cb556613b91a2eeefb56f + Upstream-ID: dca5d01108f891861ceaf7ba1c0f2eb274e0c7dd -commit eae735a82d759054f6ec7b4e887fb7a5692c66d7 -Author: dtucker@openbsd.org -Date: Mon Dec 19 03:32:57 2016 +0000 +commit 873d3e7d9a4707d0934fb4c4299354418f91b541 +Author: djm@openbsd.org +Date: Sun Apr 30 23:18:44 2017 +0000 upstream commit - Use LOGNAME to get current user and fall back to whoami if - not set. Mainly to benefit -portable since some platforms don't have whoami. + remove KEY_RSA1 - Upstream-Regress-ID: e3a16b7836a3ae24dc8f8a4e43fdf8127a60bdfa + ok markus@ + + Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133 -commit 0d2f88428487518eea60602bd593989013831dcf -Author: dtucker@openbsd.org -Date: Fri Dec 16 03:51:19 2016 +0000 +commit 788ac799a6efa40517f2ac0d895a610394298ffc +Author: djm@openbsd.org +Date: Sun Apr 30 23:18:22 2017 +0000 upstream commit - Add regression test for AllowUsers and DenyUsers. Patch from - Zev Weiss + remove SSHv1 configuration options and man pages bits - Upstream-Regress-ID: 8f1aac24d52728398871dac14ad26ea38b533fb9 - -commit 3bc8180a008929f6fe98af4a56fb37d04444b417 -Author: Darren Tucker -Date: Fri Dec 16 15:02:24 2016 +1100 - - Add missing monitor.h include. + ok markus@ - Fixes warning pointed out by Zev Weiss + Upstream-ID: 84638c23546c056727b7a7d653c72574e0f19424 -commit 410681f9015d76cc7b137dd90dac897f673244a0 +commit e6882463a8ae0594aacb6d6575a6318a41973d84 Author: djm@openbsd.org -Date: Fri Dec 16 02:48:55 2016 +0000 +Date: Sun Apr 30 23:17:37 2017 +0000 upstream commit - revert to rev1.2; the new bits in this test depend on changes - to ssh that aren't yet committed + remove SSH1 make flag and associated files ok markus@ - Upstream-Regress-ID: 828ffc2c7afcf65d50ff2cf3dfc47a073ad39123 + Upstream-ID: ba9feacc5787337c413db7cf26ea3d53f854cfef -commit 2f2ffa4fbe4b671bbffa0611f15ba44cff64d58e -Author: dtucker@openbsd.org -Date: Fri Dec 16 01:06:27 2016 +0000 +commit cdccebdf85204bf7542b7fcc1aa2ea3f36661833 +Author: djm@openbsd.org +Date: Sun Apr 30 23:15:04 2017 +0000 upstream commit - Move the "stop sshd" code into its own helper function. - Patch from Zev Weiss , ok djm@ + remove SSHv1 ciphers; ok markus@ - Upstream-Regress-ID: a113dea77df5bd97fb4633ea31f3d72dbe356329 + Upstream-ID: e5ebc5e540d7f23a8c1266db1839794d4d177890 -commit e15e7152331e3976b35475fd4e9c72897ad0f074 +commit 97f4d3083b036ce3e68d6346a6140a22123d5864 Author: djm@openbsd.org -Date: Fri Dec 16 01:01:07 2016 +0000 +Date: Sun Apr 30 23:13:25 2017 +0000 upstream commit - regression test for certificates along with private key - with no public half. bz#2617, mostly from Adam Eijdenberg + remove compat20/compat13/compat15 variables - Upstream-Regress-ID: 2e74dc2c726f4dc839609b3ce045466b69f01115 + ok markus@ + + Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c -commit 9a70ec085faf6e55db311cd1a329f1a35ad2a500 -Author: dtucker@openbsd.org -Date: Thu Dec 15 23:50:37 2016 +0000 +commit 99f95ba82673d33215dce17bfa1512b57f54ec09 +Author: djm@openbsd.org +Date: Sun Apr 30 23:11:45 2017 +0000 upstream commit - Use $SUDO to read pidfile in case root's umask is - restricted. From portable. + remove options.protocol and client Protocol + configuration knob - Upstream-Regress-ID: f6b1c7ffbc5a0dfb7d430adb2883344899174a98 + ok markus@ + + Upstream-ID: 5a967f5d06e2d004b0235457b6de3a9a314e9366 -commit fe06b68f824f8f55670442fb31f2c03526dd326c -Author: dtucker@openbsd.org -Date: Thu Dec 15 21:29:05 2016 +0000 +commit 56912dea6ef63dae4eb1194e5d88973a7c6c5740 +Author: djm@openbsd.org +Date: Sun Apr 30 23:10:43 2017 +0000 upstream commit - Add missing braces in DenyUsers code. Patch from zev at - bewilderbeest.net, ok deraadt@ + unifdef WITH_SSH1 ok markus@ - Upstream-ID: d747ace338dcf943b077925f90f85f789714b54e + Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7 -commit dcc7d74242a574fd5c4afbb4224795b1644321e7 -Author: dtucker@openbsd.org -Date: Thu Dec 15 21:20:41 2016 +0000 +commit d4084cd230f7319056559b00db8b99296dad49d5 +Author: jmc@openbsd.org +Date: Sat Apr 29 06:06:01 2017 +0000 upstream commit - Fix text in error message. Patch from zev at - bewilderbeest.net. + tweak previous; - Upstream-ID: deb0486e175e7282f98f9a15035d76c55c84f7f6 + Upstream-ID: a3abc6857455299aa42a046d232b7984568bceb9 -commit b737e4d7433577403a31cff6614f6a1b0b5e22f4 +commit 249516e428e8461b46340a5df5d5ed1fbad2ccce Author: djm@openbsd.org -Date: Wed Dec 14 00:36:34 2016 +0000 +Date: Sat Apr 29 04:12:25 2017 +0000 upstream commit - disable Unix-domain socket forwarding when privsep is - disabled + allow ssh-keygen to include arbitrary string or flag + certificate extensions and critical options. ok markus@ dtucker@ - Upstream-ID: ab61516ae0faadad407857808517efa900a0d6d0 + Upstream-ID: 2cf28dd6c5489eb9fc136e0b667ac3ea10241646 -commit 08a1e7014d65c5b59416a0e138c1f73f417496eb -Author: djm@openbsd.org -Date: Fri Dec 9 03:04:29 2016 +0000 +commit 47a287bb6ac936c26b4f3ae63279c02902ded3b9 +Author: jmc@openbsd.org +Date: Fri Apr 28 06:15:03 2017 +0000 upstream commit - log connections dropped in excess of MaxStartups at - verbose LogLevel; bz#2613 based on diff from Tomas Kuthan; ok dtucker@ + sort; - Upstream-ID: 703ae690dbf9b56620a6018f8a3b2389ce76d92b - -commit 10e290ec00964b2bf70faab15a10a5574bb80527 -Author: Darren Tucker -Date: Tue Dec 13 13:51:32 2016 +1100 - - Get default of TEST_SSH_UTF8 from environment. + Upstream-ID: 7e6b56e52b039cf44d0418e9de9aca20a2d2d15a -commit b9b8ba3f9ed92c6220b58d70d1e6d8aa3eea1104 +commit 36465a76a79ad5040800711b41cf5f32249d5120 Author: Darren Tucker -Date: Tue Dec 13 12:56:40 2016 +1100 +Date: Fri Apr 28 14:44:28 2017 +1000 - Remove commented-out includes. + Typo. - These commented-out includes have "Still needed?" comments. Since - they've been commented out for ~13 years I assert that they're not. - -commit 25275f1c9d5f01a0877d39444e8f90521a598ea0 -Author: Darren Tucker -Date: Tue Dec 13 12:54:23 2016 +1100 - - Add prototype for strcasestr in compat library. + Upstream-Regress-ID: 1e6b51ddf767cbad0a4e63eb08026c127e654308 -commit afec07732aa2985142f3e0b9a01eb6391f523dec +commit 9d18cb7bdeb00b20205fd13d412aae8c0e0457ed Author: Darren Tucker -Date: Tue Dec 13 10:23:03 2016 +1100 - - Add strcasestr to compat library. - - Fixes build on (at least) Solaris 10. - -commit dda78a03af32e7994f132d923c2046e98b7c56c8 -Author: Damien Miller -Date: Mon Dec 12 13:57:10 2016 +1100 +Date: Fri Apr 28 14:41:17 2017 +1000 - Force Turkish locales back to C/POSIX; bz#2643 - - Turkish locales are unique in their handling of the letters 'i' and - 'I' (yes, they are different letters) and OpenSSH isn't remotely - prepared to deal with that. For now, the best we can do is to force - OpenSSH to use the C/POSIX locale and try to preserve the UTF-8 - encoding if possible. + Add 2 regress commits I applied by hand. - ok dtucker@ - -commit c35995048f41239fc8895aadc3374c5f75180554 -Author: Darren Tucker -Date: Fri Dec 9 12:52:02 2016 +1100 - - exit is in stdlib.h not unistd.h (that's _exit). - -commit d399a8b914aace62418c0cfa20341aa37a192f98 -Author: Darren Tucker -Date: Fri Dec 9 12:33:25 2016 +1100 - - Include for exit in utf8 locale test. + Upstream-Regress-ID: 30c20180c87cbc99fa1020489fe7fd8245b6420c + Upstream-Regress-ID: 1e6b51ddf767cbad0a4e63eb08026c127e654308 -commit 47b8c99ab3221188ad3926108dd9d36da3b528ec +commit 9504ea6b27f9f0ece64e88582ebb9235e664a100 Author: Darren Tucker -Date: Thu Dec 8 15:48:34 2016 +1100 +Date: Fri Apr 28 14:33:43 2017 +1000 - Check for utf8 local support before testing it. + Merge integrity.sh rev 1.22. - Check for utf8 local support and if not found, do not attempt to run the - utf8 tests. Suggested by djm@ + Merge missing bits from Colin Watson's patch in bz#2658 which make integrity + tests more robust against timeouts. ok djm@ -commit 4089fc1885b3a2822204effbb02b74e3da58240d +commit 06ec837a34542627e2183a412d6a9d2236f22140 Author: Darren Tucker -Date: Thu Dec 8 12:57:24 2016 +1100 +Date: Fri Apr 28 14:30:03 2017 +1000 - Use AC_PATH_TOOL for krb5-config. - - This will use the host-prefixed version when cross compiling; patch from - david.michael at coreos.com. + Id sync for integrity.sh rev 1.21 which pulls in some shell portability fixes -commit b4867e0712c89b93be905220c82f0a15e6865d1e -Author: djm@openbsd.org -Date: Tue Dec 6 07:48:01 2016 +0000 +commit e0194b471efe7d3daedc9cc66686cb1ab69d3be8 +Author: jsg@openbsd.org +Date: Mon Apr 17 11:02:31 2017 +0000 upstream commit - make IdentityFile successfully load and use certificates that - have no corresponding bare public key. E.g. just a private id_rsa and - certificate id_rsa-cert.pub (and no id_rsa.pub). - - bz#2617 ok dtucker@ - - Upstream-ID: c1e9699b8c0e3b63cc4189e6972e3522b6292604 - -commit c9792783a98881eb7ed295680013ca97a958f8ac -Author: Damien Miller -Date: Fri Nov 25 14:04:21 2016 +1100 - - Add a gnome-ssh-askpass3 target for GTK+3 version - - Based on patch from Colin Watson via bz#2640 - -commit 7be85ae02b9de0993ce0a1d1e978e11329f6e763 -Author: Damien Miller -Date: Fri Nov 25 14:03:53 2016 +1100 - - Make gnome-ssh-askpass2.c GTK+3-friendly + Change COMPILER_VERSION tests which limited additional + warnings to gcc4 to instead skip them on gcc3 as clang can handle + -Wpointer-sign and -Wold-style-definition. - Patch from Colin Watson via bz#2640 + Upstream-Regress-ID: e48d7dc13e48d9334b8195ef884dfbc51316012f -commit b9844a45c7f0162fd1b5465683879793d4cc4aaa +commit 6830be90e71f46bcd182a9202b151eaf2b299434 Author: djm@openbsd.org -Date: Sun Dec 4 23:54:02 2016 +0000 +Date: Fri Apr 28 03:24:53 2017 +0000 upstream commit - Fix public key authentication when multiple - authentication is in use. Instead of deleting and re-preparing the entire - keys list, just reset the 'used' flags; the keys list is already in a good - order (with already- tried keys at the back) - - Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@ + include key fingerprint in "Offering public key" debug + message - Upstream-ID: 7123f12dc2f3bcaae715853035a97923d7300176 + Upstream-ID: 964749f820c2ed4cf6a866268b1a05e907315c52 -commit f2398eb774075c687b13af5bc22009eb08889abe -Author: dtucker@openbsd.org -Date: Sun Dec 4 22:27:25 2016 +0000 +commit 066437187e16dcafcbc19f9402ef0e6575899b1d +Author: millert@openbsd.org +Date: Fri Apr 28 03:21:12 2017 +0000 upstream commit - Unlink PidFile on SIGHUP and always recreate it when the - new sshd starts. Regression tests (and possibly other things) depend on the - pidfile being recreated after SIGHUP, and unlinking it means it won't contain - a stale pid if sshd fails to restart. ok djm@ markus@ + Avoid relying on implementation-specific behavior when + detecting whether the timestamp or file size overflowed. If time_t and off_t + are not either 32-bit or 64-bit scp will exit with an error. OK djm@ - Upstream-ID: 132dd6dda0c77dd49d2f15b2573b5794f6160870 + Upstream-ID: f31caae73ddab6df496b7bbbf7da431e267ad135 -commit 85aa2efeba51a96bf6834f9accf2935d96150296 -Author: djm@openbsd.org -Date: Wed Nov 30 03:01:33 2016 +0000 +commit 68d3a2a059183ebd83b15e54984ffaced04d2742 +Author: dtucker@openbsd.org +Date: Fri Apr 28 03:20:27 2017 +0000 upstream commit - test new behaviour of cert force-command restriction vs. - authorized_key/ principals + Add SyslogFacility option to ssh(1) matching the + equivalent option in sshd(8). bz#2705, patch from erahn at arista.com, ok + djm@ - Upstream-Regress-ID: 399efa7469d40c404c0b0a295064ce75d495387c + Upstream-ID: d5115c2c0193ceb056ed857813b2a7222abda9ed -commit 5d333131cd8519d022389cfd3236280818dae1bc -Author: jmc@openbsd.org -Date: Wed Nov 30 06:54:26 2016 +0000 +commit e13aad66e73a14b062d13aee4e98f1e21a3f6a14 +Author: jsg@openbsd.org +Date: Thu Apr 27 13:40:05 2017 +0000 upstream commit - tweak previous; while here fix up FILES and AUTHORS; + remove a static array unused since rev 1.306 spotted by + clang ok djm@ - Upstream-ID: 93f6e54086145a75df8d8ec7d8689bdadbbac8fa + Upstream-ID: 249b3eed2446f6074ba2219ccc46919dd235a7b8 -commit 786d5994da79151180cb14a6cf157ebbba61c0cc -Author: djm@openbsd.org -Date: Wed Nov 30 03:07:37 2016 +0000 +commit 91bd2181866659f00714903e78e1c3edd4c45f3d +Author: millert@openbsd.org +Date: Thu Apr 27 11:53:12 2017 +0000 upstream commit - add a whitelist of paths from which ssh-agent will load - (via ssh-pkcs11-helper) a PKCS#11 module; ok markus@ + Avoid potential signed int overflow when parsing the file + size. Use strtoul() instead of parsing manually. OK djm@ - Upstream-ID: fe79769469d9cd6d26fe0dc15751b83ef2a06e8f + Upstream-ID: 1f82640861c7d905bbb05e7d935d46b0419ced02 -commit 7844f357cdd90530eec81340847783f1f1da010b -Author: djm@openbsd.org -Date: Wed Nov 30 03:00:05 2016 +0000 +commit 17a54a03f5a1d35e33cc24e22cd7a9d0f6865dc4 +Author: Darren Tucker +Date: Tue Apr 25 08:32:27 2017 +1000 - upstream commit + Fix typo in "socketcall". - Add a sshd_config DisableForwaring option that disables - X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as - anything else we might implement in the future. + Pointed out by jjelen at redhat.com. + +commit 8b0eee148f7cf8b248c30d1bae57300f2cc5aafd +Author: Darren Tucker +Date: Mon Apr 24 19:40:31 2017 +1000 + + Deny socketcall in seccomp filter on ppc64le. - This, like the 'restrict' authorized_keys flag, is intended to be a - simple and future-proof way of restricting an account. Suggested as - a complement to 'restrict' by Jann Horn; ok markus@ + OpenSSL is using socket() calls (in FIPS mode) when handling ECDSA keys + in privsep child. The socket() syscall is already denied in the seccomp + filter, but in ppc64le kernel, it is implemented using socketcall() + syscall, which is not denied yet (only SYS_SHUTDOWN is allowed) and + therefore fails hard. - Upstream-ID: 203803f66e533a474086b38a59ceb4cf2410fcf7 + Patch from jjelen at redhat.com. -commit fd6dcef2030d23c43f986d26979f84619c10589d -Author: djm@openbsd.org -Date: Wed Nov 30 02:57:40 2016 +0000 +commit f8500b2be599053daa05248a86a743232ec6a536 +Author: schwarze@openbsd.org +Date: Mon Apr 17 14:31:23 2017 +0000 upstream commit - When a forced-command appears in both a certificate and - an authorized keys/principals command= restriction, refuse to accept the - certificate unless they are identical. - - The previous (documented) behaviour of having the certificate forced- - command override the other could be a bit confused and more error-prone. - - Pointed out by Jann Horn of Project Zero; ok dtucker@ + Recognize nl_langinfo(CODESET) return values "646" and "" + as aliases for "US-ASCII", useful for different versions of NetBSD and + Solaris. Found by dtucker@ and by Tom G. Christensen . OK dtucker@ deraadt@ - Upstream-ID: 79d811b6eb6bbe1221bf146dde6928f92d2cd05f + Upstream-ID: 38c2133817cbcae75c88c63599ac54228f0fa384 -commit 7fc4766ac78abae81ee75b22b7550720bfa28a33 -Author: dtucker@openbsd.org -Date: Wed Nov 30 00:28:31 2016 +0000 +commit 7480dfedf8c5c93baaabef444b3def9331e86ad5 +Author: jsg@openbsd.org +Date: Mon Apr 17 11:02:31 2017 +0000 upstream commit - On startup, check to see if sshd is already daemonized - and if so, skip the call to daemon() and do not rewrite the PidFile. This - means that when sshd re-execs itself on SIGHUP the process ID will no longer - change. Should address bz#2641. ok djm@ markus@. + Change COMPILER_VERSION tests which limited additional + warnings to gcc4 to instead skip them on gcc3 as clang can handle + -Wpointer-sign and -Wold-style-definition. - Upstream-ID: 5ea0355580056fb3b25c1fd6364307d9638a37b9 + Upstream-ID: 5cbe348aa76dc1adf55be6c0e388fafaa945439a -commit c9f880c195c65f1dddcbc4ce9d6bfea7747debcc -Author: Damien Miller -Date: Wed Nov 30 13:51:49 2016 +1100 +commit 4d827f0d75a53d3952288ab882efbddea7ffadfe +Author: djm@openbsd.org +Date: Tue Apr 4 00:24:56 2017 +0000 - factor out common PRNG reseed before privdrop + upstream commit - Add a call to RAND_poll() to ensure than more than pid+time gets - stirred into child processes states. Prompted by analysis from Jann - Horn at Project Zero. ok dtucker@ + disallow creation (of empty files) in read-only mode; + reported by Michal Zalewski, feedback & ok deraadt@ + + Upstream-ID: 5d9c8f2fa8511d4ecf95322994ffe73e9283899b -commit 79e4829ec81dead1b30999e1626eca589319a47f -Author: dtucker@openbsd.org -Date: Fri Nov 25 03:02:01 2016 +0000 +commit ef47843af0a904a21c920e619c5aec97b65dd9ac +Author: deraadt@openbsd.org +Date: Sun Mar 26 00:18:52 2017 +0000 upstream commit - Allow PuTTY interop tests to run unattended. bz#2639, - patch from cjwatson at debian.org. + incorrect renditions of this quote bother me - Upstream-Regress-ID: 4345253558ac23b2082aebabccd48377433b6fe0 + Upstream-ID: 1662be3ebb7a71d543da088119c31d4d463a9e49 -commit 504c3a9a1bf090f6b27260fc3e8ea7d984d163dc -Author: dtucker@openbsd.org -Date: Fri Nov 25 02:56:49 2016 +0000 +commit d9048861bea842c4eba9c2dbbf97064cc2a5ef02 +Author: Darren Tucker +Date: Fri Mar 31 11:04:43 2017 +1100 - upstream commit - - Reverse args to sshd-log-wrapper. Matches change in - portable, where it allows sshd do be optionally run under Valgrind. + Check for and use gcc's -pipe. - Upstream-Regress-ID: b438d1c6726dc5caa2a45153e6103a0393faa906 + Speeds up configure and build by a couple of percent. ok djm@ -commit bd13017736ec2f8f9ca498fe109fb0035f322733 -Author: dtucker@openbsd.org -Date: Fri Nov 25 02:49:18 2016 +0000 +commit 282cad2240c4fbc104c2f2df86d688192cbbe4bb +Author: Darren Tucker +Date: Wed Mar 29 16:34:44 2017 +1100 - upstream commit + Import fmt_scaled.c rev 1.16 from OpenBSD. - Fix typo in trace message; from portable. + Fix overly-conservative overflow checks on mulitplications and add checks + on additions. This allows scan_scaled to work up to +/-LLONG_MAX (LLONG_MIN + will still be flagged as a range error). ok millert@ + +commit c73a229e4edf98920f395e19fd310684fc6bb951 +Author: Darren Tucker +Date: Wed Mar 29 16:34:02 2017 +1100 + + Import fmt_scaled.c rev 1.15 from OpenBSD. - Upstream-Regress-ID: 4c4a2ba0d37faf5fd230a91b4c7edb5699fbd73a + Collapse underflow and overflow checks into a single block. + ok djm@ millert@ -commit 7da751d8b007c7f3e814fd5737c2351440d78b4c -Author: tb@openbsd.org -Date: Tue Nov 1 13:43:27 2016 +0000 +commit d427b73bf5a564f663d16546dbcbd84ba8b9d4af +Author: Darren Tucker +Date: Wed Mar 29 16:32:57 2017 +1100 - upstream commit + Import fmt_scaled.c rev 1.14 from OpenBSD. - Clean up MALLOC_OPTIONS. For the unittests, move - MALLOC_OPTIONS and TEST_ENV to unittets/Makefile.inc. + Catch integer underflow in scan_scaled reported by Nicolas Iooss. + ok deraadt@ djm@ + +commit d13281f2964abc5f2e535e1613c77fc61b0c53e7 +Author: Darren Tucker +Date: Wed Mar 29 12:39:39 2017 +1100 + + Don't check privsep user or path when unprivileged - ok otto + If running with privsep (mandatory now) as a non-privileged user, we + don't chroot or change to an unprivileged user however we still checked + the existence of the user and directory. Don't do those checks if we're + not going to use them. Based in part on a patch from Lionel Fourquaux + via Corinna Vinschen, ok djm@ + +commit f2742a481fe151e493765a3fbdef200df2ea7037 +Author: Darren Tucker +Date: Wed Mar 29 10:50:31 2017 +1100 + + Remove SHA256 EVP wrapper implementation. - Upstream-Regress-ID: 890d497e0a38eeddfebb11cc429098d76cf29f12 + All supported versions of OpenSSL should now have SHA256 so remove our + EVP wrapper implementaion. ok djm@ -commit 36f58e68221bced35e06d1cca8d97c48807a8b71 -Author: tb@openbsd.org -Date: Mon Oct 31 23:45:08 2016 +0000 +commit 5346f271fc76549caf4a8e65b5fba319be422fe9 +Author: Darren Tucker +Date: Wed Mar 29 10:23:58 2017 +1100 - upstream commit + Remove check for OpenSSL < 0.9.8g. - Remove the obsolete A and P flags from MALLOC_OPTIONS. + We no longer support OpenSSL < 1.0.1 so remove check for unreliable ECC + in OpenSSL < 0.9.8g. + +commit 8fed0a5fe7b4e78a6810b133d8e91be9742ee0a1 +Author: Darren Tucker +Date: Wed Mar 29 10:16:15 2017 +1100 + + Remove compat code for OpenSSL < 0.9.7. - ok dtucker + Resyncs that code with OpenBSD upstream. + +commit 608ec1f62ff22fdccc3952e51463d79c43cbd0d3 +Author: Darren Tucker +Date: Wed Mar 29 09:50:54 2017 +1100 + + Remove SSHv1 code path. - Upstream-Regress-ID: 6cc25024c8174a87e5734a0dc830194be216dd59 + Server-side support for Protocol 1 has been removed so remove !compat20 + PAM code path. -commit b0899ee26a6630883c0f2350098b6a35e647f512 -Author: dtucker@openbsd.org -Date: Tue Nov 29 03:54:50 2016 +0000 +commit 7af27bf538cbc493d609753f9a6d43168d438f1b +Author: Darren Tucker +Date: Fri Mar 24 09:44:56 2017 +1100 - upstream commit + Enable ldns when using ldns-config. - Factor out code to disconnect from controlling terminal - into its own function. ok djm@ + Actually enable ldns when attempting to use ldns-config. bz#2697, patch + from fredrik at fornwall.net. + +commit 58b8cfa2a062b72139d7229ae8de567f55776f24 +Author: Damien Miller +Date: Wed Mar 22 12:43:02 2017 +1100 + + Missing header on Linux/s390 - Upstream-ID: 39fd9e8ebd7222615a837312face5cc7ae962885 + Patch from Jakub Jelen -commit 54d022026aae4f53fa74cc636e4a032d9689b64d +commit 096fb65084593f9f3c1fc91b6d9052759a272a00 Author: djm@openbsd.org -Date: Fri Nov 25 23:24:45 2016 +0000 +Date: Mon Mar 20 22:08:06 2017 +0000 upstream commit - use sshbuf_allocate() to pre-allocate the buffer used for - loading keys. This avoids implicit realloc inside the buffer code, which - might theoretically leave fragments of the key on the heap. This doesn't - appear to happen in practice for normal sized keys, but was observed for - novelty oversize ones. - - Pointed out by Jann Horn of Project Zero; ok markus@ + remove /usr/bin/time calls around tests, makes diffing test + runs harder. Based on patch from Mike Frysinger - Upstream-ID: d620e1d46a29fdea56aeadeda120879eddc60ab1 + Upstream-Regress-ID: 81c1083b14dcf473b23d2817882f40b346ebc95c -commit a9c746088787549bb5b1ae3add7d06a1b6d93d5e -Author: djm@openbsd.org -Date: Fri Nov 25 23:22:04 2016 +0000 +commit 6b853c6f8ba5eecc50f3b57af8e63f8184eb0fa6 +Author: Damien Miller +Date: Tue Mar 21 08:47:55 2017 +1100 - upstream commit - - split allocation out of sshbuf_reserve() into a separate - sshbuf_allocate() function; ok markus@ + Fix syntax error on Linux/X32 - Upstream-ID: 11b8a2795afeeb1418d508a2c8095b3355577ec2 + Patch from Mike Frysinger -commit f0ddedee460486fa0e32fefb2950548009e5026e -Author: markus@openbsd.org -Date: Wed Nov 23 23:14:15 2016 +0000 +commit d38f05dbdd291212bc95ea80648b72b7177e9f4e +Author: Darren Tucker +Date: Mon Mar 20 13:38:27 2017 +1100 - upstream commit - - allow ClientAlive{Interval,CountMax} in Match; ok dtucker, - djm - - Upstream-ID: 8beb4c1eadd588f1080b58932281983864979f55 + Add llabs() implementation. -commit 1a6f9d2e2493d445cd9ee496e6e3c2a2f283f66a -Author: djm@openbsd.org -Date: Tue Nov 8 22:04:34 2016 +0000 +commit 72536316a219b7394996a74691a5d4ec197480f7 +Author: Damien Miller +Date: Mon Mar 20 12:23:04 2017 +1100 - upstream commit - - unbreak DenyUsers; reported by henning@ - - Upstream-ID: 1c67d4148f5e953c35acdb62e7c08ae8e33f7cb2 + crank version numbers -commit 010359b32659f455fddd2bd85fd7cc4d7a3b994a +commit 3be52bc36bdfd24ded7e0f46999e7db520fb4e3f Author: djm@openbsd.org -Date: Sun Nov 6 05:46:37 2016 +0000 +Date: Mon Mar 20 01:18:59 2017 +0000 upstream commit - Validate address ranges for AllowUser/DenyUsers at - configuration load time and refuse to accept bad ones. It was previously - possible to specify invalid CIDR address ranges (e.g. djm@127.1.2.3/55) and - these would always match. - - Thanks to Laurence Parry for a detailed bug report. ok markus (for - a previous diff version) + openssh-7.5 - Upstream-ID: 9dfcdd9672b06e65233ea4434c38226680d40bfb + Upstream-ID: b8b9a4a949427c393cd868215e1724ceb3467ee5 -commit efb494e81d1317209256b38b49f4280897c61e69 -Author: djm@openbsd.org -Date: Fri Oct 28 03:33:52 2016 +0000 +commit db84e52fe9cfad57f22e7e23c5fbf00092385129 +Author: Damien Miller +Date: Mon Mar 20 12:07:20 2017 +1100 - upstream commit + I'm a doofus. - Improve pkcs11_add_provider() logging: demote some - excessively verbose error()s to debug()s, include PKCS#11 provider name and - slot in log messages where possible. bz#2610, based on patch from Jakub Jelen + Unbreak obvious syntax error. + +commit 89f04852db27643717c9c3a2b0dde97ae50099ee +Author: Damien Miller +Date: Mon Mar 20 11:53:34 2017 +1100 + + on Cygwin, check paths from server for backslashes - Upstream-ID: 3223ef693cfcbff9079edfc7e89f55bf63e1973d + Pointed out by Jann Horn of Google Project Zero -commit 5ee3fb5affd7646f141749483205ade5fc54adaf -Author: Darren Tucker -Date: Tue Nov 1 08:12:33 2016 +1100 +commit 7ef1f9bafc2cc8d97ff2fbd4f280002b6e8ea5d9 +Author: Damien Miller +Date: Mon Mar 20 11:48:34 2017 +1100 - Use ptrace(PT_DENY_ATTACH, ..) on OS X. + Yet another synonym for ASCII: "646" + + Used by NetBSD; this unbreaks mprintf() and friends there for the C + locale (caught by dtucker@ and his menagerie of test systems). -commit 315d2a4e674d0b7115574645cb51f968420ebb34 +commit 9165abfea3f68a0c684a6ed2e575e59bc31a3a6b Author: Damien Miller -Date: Fri Oct 28 14:34:07 2016 +1100 +Date: Mon Mar 20 09:58:34 2017 +1100 - Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL + create test mux socket in /tmp - ok dtucker@ + Creating the socket in $OBJ could blow past the (quite limited) + path limit for Unix domain sockets. As a bandaid for bz#2660, + reported by Colin Watson; ok dtucker@ -commit a9ff3950b8e80ff971b4d44bbce96df27aed28af -Author: Darren Tucker -Date: Fri Oct 28 14:26:58 2016 +1100 +commit 2adbe1e63bc313d03e8e84e652cc623af8ebb163 +Author: markus@openbsd.org +Date: Wed Mar 15 07:07:39 2017 +0000 - Move OPENSSL_NO_RIPEMD160 to compat. + upstream commit - Move OPENSSL_NO_RIPEMD160 to compat and add ifdefs to mac.c around the - ripemd160 MACs. + disallow KEXINIT before NEWKEYS; ok djm; report by + vegard.nossum at oracle.com + + Upstream-ID: 3668852d1f145050e62f1da08917de34cb0c5234 -commit bce58885160e5db2adda3054c3b81fe770f7285a +commit 2fbf91684d76d38b9cf06550b69c9e41bca5a71c Author: Darren Tucker -Date: Fri Oct 28 13:52:31 2016 +1100 +Date: Thu Mar 16 14:05:46 2017 +1100 - Check if RIPEMD160 is disabled in OpenSSL. + Include includes.h for compat bits. -commit d924640d4c355d1b5eca1f4cc60146a9975dbbff +commit b55f634e96b9c5b0cd991e23a9ca181bec4bdbad Author: Darren Tucker -Date: Fri Oct 28 13:38:19 2016 +1100 +Date: Thu Mar 16 13:45:17 2017 +1100 - Skip ssh1 specfic ciphers. - - cipher-3des1.c and cipher-bf1.c are specific to sshv1 so don't even try - to compile them when Protocol 1 is not enabled. + Wrap stdint.h in #ifdef HAVE_STDINT_H -commit 79d078e7a49caef746516d9710ec369ba45feab6 -Author: jsg@openbsd.org -Date: Tue Oct 25 04:08:13 2016 +0000 +commit 55a1117d7342a0bf8b793250cf314bab6b482b99 +Author: Damien Miller +Date: Thu Mar 16 11:22:42 2017 +1100 - upstream commit - - Fix logic in add_local_forward() that inverted a test - when code was refactored out into bind_permitted(). This broke ssh port - forwarding for non-priv ports as a non root user. - - ok dtucker@ 'looks good' deraadt@ + Adapt Cygwin config script to privsep knob removal - Upstream-ID: ddb8156ca03cc99997de284ce7777536ff9570c9 + Patch from Corinna Vinschen. -commit a903e315dee483e555c8a3a02c2946937f9b4e5d -Author: dtucker@openbsd.org -Date: Mon Oct 24 01:09:17 2016 +0000 +commit 1a321bfdb91defe3c4d9cca5651724ae167e5436 +Author: deraadt@openbsd.org +Date: Wed Mar 15 03:52:30 2017 +0000 upstream commit - Remove dead breaks, found via opencoverage.net. ok - deraadt@ + accidents happen to the best of us; ok djm - Upstream-ID: ad9cc655829d67fad219762810770787ba913069 + Upstream-ID: b7a9dbd71011ffde95e06f6945fe7197dedd1604 -commit b4e96b4c9bea4182846e4942ba2048e6d708ee54 -Author: Darren Tucker -Date: Wed Oct 26 08:43:25 2016 +1100 +commit 25f837646be8c2017c914d34be71ca435dfc0e07 +Author: djm@openbsd.org +Date: Wed Mar 15 02:25:09 2017 +0000 - Use !=NULL instead of >0 for getdefaultproj. + upstream commit - getdefaultproj() returns a pointer so test it for NULL inequality - instead of >0. Fixes compiler warning and is more correct. Patch from - David Binderman. + fix regression in 7.4: deletion of PKCS#11-hosted keys + would fail unless they were specified by full physical pathname. Report and + fix from Jakub Jelen via bz#2682; ok dtucker@ + + Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268 -commit 1c4ef0b808d3d38232aeeb1cebb7e9a43def42c5 -Author: dtucker@openbsd.org -Date: Sun Oct 23 22:04:05 2016 +0000 +commit a8c5eeacf032a7d3408957e45dd7603cc1baf55f +Author: djm@openbsd.org +Date: Wed Mar 15 02:19:09 2017 +0000 upstream commit - Factor out "can bind to low ports" check into its own function. This will - make it easier for Portable to support platforms with permissions models - other than uid==0 (eg bz#2625). ok djm@, "doesn't offend me too much" - deraadt@. + Fix segfault when sshd attempts to load RSA1 keys (can + only happen when protocol v.1 support is enabled for the client). Reported by + Jakub Jelen in bz#2686; ok dtucker - Upstream-ID: 86213df4183e92b8f189a6d2dac858c994bfface + Upstream-ID: 8fdaec2ba4b5f65db1d094f6714ce64b25d871d7 -commit 0b9ee623d57e5de7e83e66fd61a7ba9a5be98894 -Author: dtucker@openbsd.org -Date: Wed Oct 19 23:21:56 2016 +0000 +commit 66705948c0639a7061a0d0753266da7685badfec +Author: djm@openbsd.org +Date: Tue Mar 14 07:19:07 2017 +0000 upstream commit - When tearing down ControlMaster connecctions, don't - pollute stderr when LogLevel=quiet. Patch from Tim Kuijsten via tech@. + Mark the sshd_config UsePrivilegeSeparation option as + deprecated, effectively making privsep mandatory in sandboxing mode. ok + markus@ deraadt@ - Upstream-ID: d9b3a68b2a7c2f2fc7f74678e29a4618d55ceced + (note: this doesn't remove the !privsep code paths, though that will + happen eventually). + + Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a -commit 09e6a7d8354224933febc08ddcbc2010f542284e -Author: Darren Tucker -Date: Mon Oct 24 09:06:18 2016 +1100 +commit f86586b03fe6cd8f595289bde200a94bc2c191af +Author: Damien Miller +Date: Tue Mar 14 18:26:29 2017 +1100 - Wrap stdint.h include in ifdef. + Make seccomp-bpf sandbox work on Linux/X32 + + Allow clock_gettime syscall with X32 bit masked off. Apparently + this is required for at least some kernel versions. bz#2142 + Patch mostly by Colin Watson. ok dtucker@ -commit 08d9e9516e587b25127545c029e5464b2e7f2919 -Author: Darren Tucker -Date: Fri Oct 21 09:46:46 2016 +1100 +commit 2429cf78dd2a9741ce27ba25ac41c535274a0af6 +Author: Damien Miller +Date: Tue Mar 14 18:01:52 2017 +1100 - Fix formatting. + require OpenSSL >=1.0.1 -commit 461f50e7ab8751d3a55e9158c44c13031db7ba1d -Author: Darren Tucker -Date: Fri Oct 21 06:55:58 2016 +1100 +commit e3ea335abeab731c68f2b2141bee85a4b0bf680f +Author: Damien Miller +Date: Tue Mar 14 17:48:43 2017 +1100 - Update links to https. + Remove macro trickery; no binary change - www.openssh.com now supports https and ftp.openbsd.org no longer - supports ftp. Make all links to these https. + This stops the SC_ALLOW(), SC_ALLOW_ARG() and SC_DENY() macros + prepending __NR_ to the syscall number parameter and just makes + them explicit in the macro invocations. + + No binary change in stripped object file before/after. -commit dd4e7212a6141f37742de97795e79db51e4427ad -Author: Darren Tucker -Date: Fri Oct 21 06:48:46 2016 +1100 +commit 5f1596e11d55539678c41f68aed358628d33d86f +Author: Damien Miller +Date: Tue Mar 14 13:15:18 2017 +1100 - Update host key generation examples. + support ioctls for ICA crypto card on Linux/s390 - Remove ssh1 host key generation, add ssh-keygen -A + Based on patch from Eduardo Barretto; ok dtucker@ -commit 6d49ae82634c67e9a4d4af882bee20b40bb8c639 +commit b1b22dd0df2668b322dda174e501dccba2cf5c44 Author: Darren Tucker -Date: Fri Oct 21 05:22:55 2016 +1100 +Date: Tue Mar 14 14:19:36 2017 +1100 - Update links. - - Make links to openssh.com HTTPS now that it's supported, point release - notes link to the HTML release notes page, and update a couple of other - links and bits of text. + Plumb conversion test into makefile. -commit fe0d1ca6ace06376625084b004ee533f2c2ea9d6 -Author: Darren Tucker -Date: Thu Oct 20 03:42:09 2016 +1100 +commit f57783f1ddfb4cdfbd612c6beb5ec01cb5b9a6b9 +Author: dtucker@openbsd.org +Date: Tue Mar 14 01:20:29 2017 +0000 - Remote channels .orig and .rej files. + upstream commit - These files were incorrectly added during an OpenBSD sync. + Add unit test for convtime(). + + Upstream-Regress-ID: 8717bc0ca4c21120f6dd3a1d3b7a363f707c31e1 -commit 246aa842a4ad368d8ce030495e657ef3a0e1f95c +commit 8884b7247d094cd11ff9e39c325ba928c5bdbc6c Author: dtucker@openbsd.org -Date: Tue Oct 18 17:32:54 2016 +0000 +Date: Tue Mar 14 01:10:07 2017 +0000 upstream commit - Remove channel_input_port_forward_request(); the only caller - was the recently-removed SSH1 server code so it's now dead code. ok markus@ + Add ASSERT_LONG_* helpers. - Upstream-ID: 05453983230a1f439562535fec2818f63f297af9 + Upstream-Regress-ID: fe15beaea8f5063c7f21b0660c722648e3d76431 -commit 2c6697c443d2c9c908260eed73eb9143223e3ec9 -Author: millert@openbsd.org -Date: Tue Oct 18 12:41:22 2016 +0000 +commit c6774d21185220c0ba11e8fd204bf0ad1a432071 +Author: dtucker@openbsd.org +Date: Tue Mar 14 00:55:37 2017 +0000 upstream commit - Install a signal handler for tty-generated signals and - wait for the ssh child to suspend before suspending sftp. This lets ssh - restore the terminal mode as needed when it is suspended at the password - prompt. OK dtucker@ + Fix convtime() overflow test on boundary condition, + spotted by & ok djm. - Upstream-ID: a31c1f42aa3e2985dcc91e46e6a17bd22e372d69 + Upstream-ID: 51f14c507ea87a3022e63f574100613ab2ba5708 -commit fd2a8f1033fa2316fff719fd5176968277560158 -Author: jmc@openbsd.org -Date: Sat Oct 15 19:56:25 2016 +0000 +commit f5746b40cfe6d767c8e128fe50c43274b31cd594 +Author: dtucker@openbsd.org +Date: Tue Mar 14 00:25:03 2017 +0000 upstream commit - various formatting fixes, specifically removing Dq; + Check for integer overflow when parsing times in + convtime(). Reported by nicolas.iooss at m4x.org, ok djm@ - Upstream-ID: 81e85df2b8e474f5f93d66e61d9a4419ce87347c + Upstream-ID: 35e6a4e98f6fa24df50bfb8ba1307cf70e966f13 -commit 8f866d8a57b9a2dc5dd04504e27f593b551618e3 +commit f5907982f42a8d88a430b8a46752cbb7859ba979 Author: Darren Tucker -Date: Wed Oct 19 03:26:09 2016 +1100 +Date: Tue Mar 14 13:38:15 2017 +1100 - Import readpassphrase.c rev 1.26. - - Author: miller@openbsd.org: - Avoid generate SIGTTOU when restoring the terminal mode. If we get - SIGTTOU it means the process is not in the foreground process group - which, in most cases, means that the shell has taken control of the tty. - Requiring the user the fg the process in this case doesn't make sense - and can result in both SIGTSTP and SIGTTOU being sent which can lead to - the process being suspended again immediately after being brought into - the foreground. + Add a "unit" target to run only unit tests. -commit f901440cc844062c9bab0183d133f7ccc58ac3a5 -Author: Darren Tucker -Date: Wed Oct 19 03:23:16 2016 +1100 +commit 9e96b41682aed793fadbea5ccd472f862179fb02 +Author: Damien Miller +Date: Tue Mar 14 12:24:47 2017 +1100 - Import readpassphrase.c rev 1.25. + Fix weakness in seccomp-bpf sandbox arg inspection - Wrap so internal calls go direct and - readpassphrase is weak. + Syscall arguments are passed via an array of 64-bit values in struct + seccomp_data, but we were only inspecting the bottom 32 bits and not + even those correctly for BE systems. - (DEF_WEAK is a no-op in portable.) - -commit 032147b69527e5448a511049b2d43dbcae582624 -Author: Darren Tucker -Date: Sat Oct 15 05:51:12 2016 +1100 - - Move DEF_WEAK into defines.h. + Fortunately, the only case argument inspection was used was in the + socketcall filtering so using this for sandbox escape seems + impossible. - As well pull in more recent changes from OpenBSD these will start to - arrive so put it where the definition is shared. + ok dtucker -commit e0259a82ddd950cfb109ddee86fcebbc09c6bd04 -Author: Darren Tucker -Date: Sat Oct 15 04:34:46 2016 +1100 +commit 8ff3fc3f2f7c13e8968717bc2b895ee32c441275 +Author: djm@openbsd.org +Date: Sat Mar 11 23:44:16 2017 +0000 - Remove do_pam_set_tty which is dead code. + upstream commit - The callers of do_pam_set_tty were removed in 2008, so this is now dead - code. bz#2604, pointed out by jjelen at redhat.com. - -commit ca04de83f210959ad2ed870a30ba1732c3ae00e3 -Author: Damien Miller -Date: Thu Oct 13 18:53:43 2016 +1100 - - unbreak principals-command test + regress tests for loading certificates without public keys; + bz#2617 based on patch from Adam Eijdenberg; ok markus@ dtucker@ - Undo inconsistetly updated variable name. + Upstream-Regress-ID: 0145d19328ed995b73fe2d9da33596b17429d0d0 -commit 1723ec92eb485ce06b4cbf49712d21975d873909 +commit 1e24552716194db8f2f620587b876158a9ef56ad Author: djm@openbsd.org -Date: Tue Oct 11 21:49:54 2016 +0000 +Date: Sat Mar 11 23:40:26 2017 +0000 upstream commit - fix the KEX fuzzer - the previous method of obtaining the - packet contents was broken. This now uses the new per-packet input hook, so - it sees exact post-decrypt packets and doesn't have to pass packet integrity - checks. ok markus@ + allow ssh to use certificates accompanied by a private + key file but no corresponding plain *.pub public key. bz#2617 based on patch + from Adam Eijdenberg; ok dtucker@ markus@ - Upstream-Regress-ID: 402fb6ffabd97de590e8e57b25788949dce8d2fd + Upstream-ID: 295668dca2c39505281577217583ddd2bd4b00b9 -commit 09f997893f109799cddbfce6d7e67f787045cbb2 -Author: natano@openbsd.org -Date: Thu Oct 6 09:31:38 2016 +0000 +commit 0fb1a617a07b8df5de188dd5a0c8bf293d4bfc0e +Author: markus@openbsd.org +Date: Sat Mar 11 13:07:35 2017 +0000 upstream commit - Move USER out of the way to unbreak the BUILDUSER - mechanism. ok tb + Don't count the initial block twice when computing how + many bytes to discard for the work around for the attacks against CBC-mode. + ok djm@; report from Jean Paul, Kenny, Martin and Torben @ RHUL - Upstream-Regress-ID: 74ab9687417dd071d62316eaadd20ddad1d5af3c + Upstream-ID: f445f509a4e0a7ba3b9c0dae7311cb42458dc1e2 -commit 3049a012c482a7016f674db168f23fd524edce27 -Author: bluhm@openbsd.org -Date: Fri Sep 30 11:55:20 2016 +0000 +commit ef653dd5bd5777132d9f9ee356225f9ee3379504 +Author: dtucker@openbsd.org +Date: Fri Mar 10 07:18:32 2017 +0000 upstream commit - In ssh tests set REGRESS_FAIL_EARLY with ?= so that the - environment can change it. OK djm@ + krl.c - Upstream-Regress-ID: 77bcb50e47b68c7209c7f0a5a020d73761e5143b + Upstream-ID: fc5e695d5d107d730182e2da7b23f00b489e0ee1 -commit 39af7b444db28c1cb01b7ea468a4f574a44f375b -Author: djm@openbsd.org -Date: Tue Oct 11 21:47:45 2016 +0000 +commit d94c1dfef2ea30ca67b1204ada7c3b537c54f4d0 +Author: Damien Miller +Date: Sun Mar 12 10:48:14 2017 +1100 - upstream commit + sync fmt_scaled.c with OpenBSD - Add a per-packet input hook that is called with the - decrypted packet contents. This will be used for fuzzing; ok markus@ + revision 1.13 + date: 2017/03/11 23:37:23; author: djm; state: Exp; lines: +14 -1; commitid: jnFKyHkB3CEiEZ2R; + fix signed integer overflow in scan_scaled. Found by Nicolas Iooss + using AFL against ssh_config. ok deraadt@ millert@ + ---------------------------- + revision 1.12 + date: 2013/11/29 19:00:51; author: deraadt; state: Exp; lines: +6 -5; + fairly simple unsigned char casts for ctype + ok krw + ---------------------------- + revision 1.11 + date: 2012/11/12 14:07:20; author: halex; state: Exp; lines: +4 -2; + make scan_scaled set errno to EINVAL rather than ERANGE if it encounters + an invalid multiplier, like the man page says it should - Upstream-ID: a3221cee6b1725dd4ae1dd2c13841b4784cb75dc + "looks sensible" deraadt@, ok ian@ + ---------------------------- + revision 1.10 + date: 2009/06/20 15:00:04; author: martynas; state: Exp; lines: +4 -4; + use llabs instead of the home-grown version; and some comment changes + ok ian@, millert@ + ---------------------------- -commit ec165c392ca54317dbe3064a8c200de6531e89ad -Author: markus@openbsd.org -Date: Mon Oct 10 19:28:48 2016 +0000 +commit 894221a63fa061e52e414ca58d47edc5fe645968 +Author: djm@openbsd.org +Date: Fri Mar 10 05:01:13 2017 +0000 upstream commit - Unregister the KEXINIT handler after message has been - received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause - allocation of up to 128MB -- until the connection is closed. Reported by - shilei-c at 360.cn + When updating hostkeys, accept RSA keys if + HostkeyAlgorithms contains any RSA keytype. Previously, ssh could ignore RSA + keys when any of the ssh-rsa-sha2-* methods was enabled in HostkeyAlgorithms + nit ssh-rsa (SHA1 signatures) was not. bz#2650 reported by Luis Ressel; ok + dtucker@ - Upstream-ID: 43649ae12a27ef94290db16d1a98294588b75c05 + Upstream-ID: c5e8cfee15c42f4a05d126158a0766ea06da79d2 -commit 29d40319392e6e19deeca9d45468aa1119846e50 -Author: Darren Tucker -Date: Thu Oct 13 04:07:20 2016 +1100 +commit dd3e2298663f4cc1a06bc69582d00dcfee27d73c +Author: djm@openbsd.org +Date: Fri Mar 10 04:24:55 2017 +0000 - Import rev 1.24 from OpenBSD. + upstream commit - revision 1.24 - date: 2013/11/24 23:51:29; author: deraadt; state: Exp; lines: +4 -4; - most obvious unsigned char casts for ctype - ok jca krw ingo - -commit 12069e56221de207ed666c2449dedb431a2a7ca2 -Author: Darren Tucker -Date: Thu Oct 13 04:04:44 2016 +1100 - - Import rev 1.23 from OpenBSD. Fixes bz#2619. + make hostname matching really insensitive to case; + bz#2685, reported by Petr Cerny; ok dtucker@ - revision 1.23 - date: 2010/05/14 13:30:34; author: millert; state: Exp; lines: +41 -39; - Defer installing signal handlers until echo is disabled so that we - get suspended normally when not the foreground process. Fix potential - infinite loop when restoring terminal settings if process is in the - background when restore occurs. OK miod@ + Upstream-ID: e467622ff154269e36ba8b6c9e3d105e1c4a9253 -commit 7508d83eff89af069760b4cc587305588a64e415 -Author: Darren Tucker -Date: Thu Oct 13 03:53:51 2016 +1100 +commit 77a9be9446697fe8b5499fe651f4a82a71a4b51f +Author: djm@openbsd.org +Date: Fri Mar 10 03:52:48 2017 +0000 - If we don't have TCSASOFT, define it to zero. + upstream commit - This makes it a no-op when we use it below, which allows us to re-sync - those lines with the upstream and make future updates easier. + reword a comment to make it fit 80 columns + + Upstream-ID: 4ef509a66b96c7314bbcc87027c2af71fa9d0ba4 -commit aae4dbd4c058d3b1fe1eb5c4e6ddf35827271377 -Author: jmc@openbsd.org -Date: Fri Oct 7 14:41:52 2016 +0000 +commit 61b8ef6a66efaec07e023342cb94a10bdc2254dc +Author: djm@openbsd.org +Date: Fri Mar 10 04:27:32 2017 +0000 upstream commit - tidy up the formatting in this file. more specifically, - replace .Dq, which looks appalling, with .Cm, where appropriate; + better match sshd config parser behaviour: fatal() if + line is overlong, increase line buffer to match sshd's; bz#2651 reported by + Don Fong; ok dtucker@ - Upstream-ID: ff8e90aa0343d9bb56f40a535e148607973cc738 + Upstream-ID: b175ae7e0ba403833f1ee566edf10f67443ccd18 -commit a571dbcc7b7b25371174569b13df5159bc4c6c7a +commit db2597207e69912f2592cd86a1de8e948a9d7ffb Author: djm@openbsd.org -Date: Tue Oct 4 21:34:40 2016 +0000 +Date: Fri Mar 10 04:26:06 2017 +0000 upstream commit - add a comment about implicitly-expected checks to - sshkey_ec_validate_public() + ensure hostname is lower-case before hashing it; + bz#2591 reported by Griff Miller II; ok dtucker@ - Upstream-ID: 74a7f71c28f7c13a50f89fc78e7863b9cd61713f + Upstream-ID: c3b8b93804f376bd00d859b8bcd9fc0d86b4db17 -commit 2f78a2a698f4222f8e05cad57ac6e0c3d1faff00 +commit df9936936c695f85c1038bd706d62edf752aca4b Author: djm@openbsd.org -Date: Fri Sep 30 20:24:46 2016 +0000 +Date: Fri Mar 10 04:24:55 2017 +0000 upstream commit - fix some -Wpointer-sign warnings in the new mux proxy; ok - markus@ + make hostname matching really insensitive to case; + bz#2685, reported by Petr Cerny; ok dtucker@ - Upstream-ID: b1ba7b3769fbc6b7f526792a215b0197f5e55dfd + Upstream-ID: e632b7a9bf0d0558d5ff56dab98b7cca6c3db549 -commit ca71c36645fc26fcd739a8cfdc702cec85607761 -Author: bluhm@openbsd.org -Date: Wed Sep 28 20:09:52 2016 +0000 +commit 67eed24bfa7645d88fa0b883745fccb22a0e527e +Author: dtucker@openbsd.org +Date: Fri Mar 10 04:11:00 2017 +0000 upstream commit - Add a makefile rule to create the ssh library when - regress needs it. This allows to run the ssh regression tests without doing - a "make build" before. Discussed with dtucker@ and djm@; OK djm@ + Remove old null check from config dumper. Patch from + jjelen at redhat.com vi bz#2687, ok djm@ - Upstream-Regress-ID: ce489bd53afcd471225a125b4b94565d4717c025 + Upstream-ID: 824ab71467b78c4bab0dd1b3a38e8bc5f63dd528 -commit ce44c970f913d2a047903dba8670554ac42fc479 -Author: bluhm@openbsd.org -Date: Mon Sep 26 21:34:38 2016 +0000 +commit 183ba55aaaecca0206184b854ad6155df237adbe +Author: djm@openbsd.org +Date: Fri Mar 10 04:07:20 2017 +0000 upstream commit - Allow to run ssh regression tests as root. If the user - is already root, the test should not expect that SUDO is set. If ssh needs - another user, use sudo or doas to switch from root if necessary. OK dtucker@ + fix regression in 7.4 server-sig-algs, where we were + accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno + Goncalves; ok dtucker@ - Upstream-Regress-ID: b464e55185ac4303529e3e6927db41683aaeace2 + Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8 -commit 8d0578478586e283e751ca51e7b0690631da139a -Author: markus@openbsd.org -Date: Fri Sep 30 09:19:13 2016 +0000 +commit 66be4fe8c4435af5bbc82998501a142a831f1181 +Author: dtucker@openbsd.org +Date: Fri Mar 10 03:53:11 2017 +0000 upstream commit - ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux - client speaks the ssh-packet protocol directly over unix-domain socket. - mux - server acts as a proxy, translates channel IDs and relays to the server. - no - filedescriptor passing necessary. - combined with unix-domain forwarding it's - even possible to run mux client and server on different machines. feedback - & ok djm@ + Check for NULL return value from key_new. Patch from + jjelen at redhat.com via bz#2687, ok djm@ - Upstream-ID: 666a2fb79f58e5c50e246265fb2b9251e505c25b + Upstream-ID: 059e33cd43cba88dc8caf0b1936fd4dd88fd5b8e -commit b7689155f3f5c4999846c07a852b1c7a43b09cec +commit ec2892b5c7fea199914cb3a6afb3af38f84990bf Author: djm@openbsd.org -Date: Wed Sep 28 21:44:52 2016 +0000 +Date: Fri Mar 10 03:52:48 2017 +0000 upstream commit - put back some pre-auth zlib bits that I shouldn't have - removed - they are still used by the client. Spotted by naddy@ + reword a comment to make it fit 80 columns - Upstream-ID: 80919468056031037d56a1f5b261c164a6f90dc2 + Upstream-ID: b4b48b4487c0821d16e812c40c9b09f03b28e349 -commit 4577adead6a7d600c8e764619d99477a08192c8f -Author: djm@openbsd.org -Date: Wed Sep 28 20:32:42 2016 +0000 +commit 7fadbb6da3f4122de689165651eb39985e1cba85 +Author: dtucker@openbsd.org +Date: Fri Mar 10 03:48:57 2017 +0000 upstream commit - restore pre-auth compression support in the client -- the - previous commit was intended to remove it from the server only. - - remove a few server-side pre-auth compression bits that escaped + Check for NULL argument to sshkey_read. Patch from + jjelen at redhat.com via bz#2687, ok djm@ - adjust wording of Compression directive in sshd_config(5) + Upstream-ID: c2d00c2ea50c4861d271d0a586f925cc64a87e0e + +commit 5a06b9e019e2b0b0f65a223422935b66f3749de3 +Author: dtucker@openbsd.org +Date: Fri Mar 10 03:45:40 2017 +0000 + + upstream commit - pointed out by naddy@ ok markus@ + Plug some mem leaks mostly on error paths. From jjelen + at redhat.com via bz#2687, ok djm@ - Upstream-ID: d23696ed72a228dacd4839dd9f2dec424ba2016b + Upstream-ID: 3fb030149598957a51b7c8beb32bf92cf30c96f2 -commit 80d1c963b4dc84ffd11d09617b39c4bffda08956 -Author: jmc@openbsd.org -Date: Wed Sep 28 17:59:22 2016 +0000 +commit f6edbe9febff8121f26835996b1229b5064d31b7 +Author: dtucker@openbsd.org +Date: Fri Mar 10 03:24:48 2017 +0000 upstream commit - use a separate TOKENS section, as we've done for - sshd_config(5); help/ok djm + Plug mem leak on GLOB_NOMATCH case. From jjelen at + redhat.com via bz#2687, ok djm@ - Upstream-ID: 640e32b5e4838e4363738cdec955084b3579481d + Upstream-ID: 8016a7ae97719d3aa55fb723fc2ad3200058340d -commit 1cfd5c06efb121e58e8b6671548fda77ef4b4455 -Author: Damien Miller -Date: Thu Sep 29 03:19:23 2016 +1000 +commit 566b3a46e89a2fda2db46f04f2639e92da64a120 +Author: dtucker@openbsd.org +Date: Fri Mar 10 03:22:40 2017 +0000 - Remove portability support for mmap + upstream commit - We no longer need to wrap/replace mmap for portability now that - pre-auth compression has been removed from OpenSSH. + Plug descriptor leaks of auth_sock. From jjelen at + redhat.com via bz#2687, ok djm@ + + Upstream-ID: 248acb99a5ed2fdca37d1aa33c0fcee7be286d88 -commit 0082fba4efdd492f765ed4c53f0d0fbd3bdbdf7f +commit 8a2834454c73dfc1eb96453c0e97690595f3f4c2 Author: djm@openbsd.org -Date: Wed Sep 28 16:33:06 2016 +0000 +Date: Fri Mar 10 03:18:24 2017 +0000 upstream commit - Remove support for pre-authentication compression. Doing - compression early in the protocol probably seemed reasonable in the 1990s, - but today it's clearly a bad idea in terms of both cryptography (cf. multiple - compression oracle attacks in TLS) and attack surface. - - Moreover, to support it across privilege-separation zlib needed - the assistance of a complex shared-memory manager that made the - required attack surface considerably larger. + correctly hash hosts with a port number. Reported by Josh + Powers in bz#2692; ok dtucker@ - Prompted by Guido Vranken pointing out a compiler-elided security - check in the shared memory manager found by Stack - (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ + Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442 + +commit 9747b9c742de409633d4753bf1a752cbd211e2d3 +Author: djm@openbsd.org +Date: Fri Mar 10 03:15:58 2017 +0000 + + upstream commit - NB. pre-auth authentication has been disabled by default in sshd - for >10 years. + don't truncate off \r\n from long stderr lines; bz#2688, + reported by Brian Dyson; ok dtucker@ - Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf + Upstream-ID: cdfdc4ba90639af807397ce996153c88af046ca4 -commit 27c3a9c2aede2184856b5de1e6eca414bb751c38 -Author: djm@openbsd.org -Date: Mon Sep 26 21:16:11 2016 +0000 +commit 4a4b75adac862029a1064577eb5af299b1580cdd +Author: dtucker@openbsd.org +Date: Fri Mar 10 02:59:51 2017 +0000 upstream commit - Avoid a theoretical signed integer overflow should - BN_num_bytes() ever violate its manpage and return a negative value. Improve - order of tests to avoid confusing increasingly pedantic compilers. + Validate digest arg in ssh_digest_final; from jjelen at + redhat.com via bz#2687, ok djm@ - Reported by Guido Vranken from stack (css.csail.mit.edu/stack) - unstable optimisation analyser output. ok deraadt@ + Upstream-ID: dbe5494dfddfe523fab341a3dab5a79e7338f878 + +commit bee0167be2340d8de4bdc1ab1064ec957c85a447 +Author: Darren Tucker +Date: Fri Mar 10 13:40:18 2017 +1100 + + Check for NULL from malloc. - Upstream-ID: f8508c830c86d8f36c113985e52bf8eedae23505 + Part of bz#2687, from jjelen at redhat.com. -commit 8663e51c80c6aa3d750c6d3bcff6ee05091922be -Author: Damien Miller -Date: Wed Sep 28 07:40:33 2016 +1000 +commit da39b09d43b137a5a3d071b51589e3efb3701238 +Author: Darren Tucker +Date: Fri Mar 10 13:22:32 2017 +1100 - fix mdoc2man.awk formatting for top-level lists + If OSX is using launchd, remove screen no. - Reported by Glenn Golden - Diagnosis and fix from Ingo Schwarze + Check for socket with and without screen number. From Apple and Jakob + Schlyter via bz#2341, with contributions from Ron Frederick, ok djm@ -commit b97739dc21570209ed9d4e7beee0c669ed23b097 +commit 8fb15311a011517eb2394bb95a467c209b8b336c Author: djm@openbsd.org -Date: Thu Sep 22 21:15:41 2016 +0000 +Date: Wed Mar 8 12:07:47 2017 +0000 upstream commit - missing bit from previous commit + quote [host]:port in generated ProxyJump commandline; the + [ / ] characters can confuse some shells (e.g. zsh). Reported by Lauri + Tirkkonen via bugs@ - Upstream-ID: 438d5ed6338b28b46e822eb13eee448aca31df37 + Upstream-ID: 65cdd161460e1351c3d778e974c1c2a4fa4bc182 -commit de6a175a99d22444e10d19ad3fffef39bc3ee3bb -Author: jmc@openbsd.org -Date: Thu Sep 22 19:19:01 2016 +0000 +commit 18501151cf272a15b5f2c5e777f2e0933633c513 +Author: dtucker@openbsd.org +Date: Mon Mar 6 02:03:20 2017 +0000 upstream commit - organise the token stuff into a separate section; ok - markus for an earlier version of the diff ok/tweaks djm + Check l->hosts before dereferencing; fixes potential null + pointer deref. ok djm@ - Upstream-ID: 81a6daa506a4a5af985fce7cf9e59699156527c8 + Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301 -commit 16277fc45ffc95e4ffc3d45971ff8320b974de2b -Author: djm@openbsd.org -Date: Thu Sep 22 17:55:13 2016 +0000 +commit d072370793f1a20f01ad827ba8fcd3b8f2c46165 +Author: dtucker@openbsd.org +Date: Mon Mar 6 00:44:51 2017 +0000 upstream commit - mention curve25519-sha256 KEX + linenum is unsigned long so use %lu in log formats. ok + deraadt@ - Upstream-ID: 33ae1f433ce4795ffa6203761fbdf86e0d7ffbaf + Upstream-ID: 9dc582d9bb887ebe0164e030d619fc20b1a4ea08 -commit 0493766d5676c7ca358824ea8d3c90f6047953df +commit 12d3767ba4c84c32150cbe6ff6494498780f12c9 Author: djm@openbsd.org -Date: Thu Sep 22 17:52:53 2016 +0000 +Date: Fri Mar 3 06:13:11 2017 +0000 upstream commit - support plain curve25519-sha256 KEX algorithm now that it - is approaching standardisation (same algorithm is currently supported as - curve25519-sha256@libssh.org) + fix ssh-keygen -H accidentally corrupting known_hosts that + contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by + hostkeys_foreach() when hostname matching is in use, so we need to look for + the hash marker explicitly. - Upstream-ID: 5e2b6db2e72667048cf426da43c0ee3fc777baa2 + Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528 -commit f31c654b30a6f02ce0b8ea8ab81791b675489628 -Author: dtucker@openbsd.org -Date: Thu Sep 22 02:29:57 2016 +0000 +commit d7abb771bd5a941b26144ba400a34563a1afa589 +Author: djm@openbsd.org +Date: Tue Feb 28 06:10:08 2017 +0000 upstream commit - If ssh receives a PACKET_DISCONNECT during userauth it - will cause ssh_dispatch_run(DISPATCH_BLOCK, ...) to return without the - session being authenticated. Check for this and exit if necessary. ok djm@ + small memleak: free fd_set on connection timeout (though + we are heading to exit anyway). From Tom Rix in bz#2683 - Upstream-ID: b3afe126c0839d2eae6cddd41ff2ba317eda0903 + Upstream-ID: 10e3dadbb8199845b66581473711642d9e6741c4 -commit 1622649b7a829fc8dc313042a43a974f0f3e8a99 -Author: djm@openbsd.org -Date: Wed Sep 21 19:53:12 2016 +0000 +commit 78142e3ab3887e53a968d6e199bcb18daaf2436e +Author: jmc@openbsd.org +Date: Mon Feb 27 14:30:33 2017 +0000 upstream commit - correctly return errors from kex_send_ext_info(). Fix from - Sami Farin via https://github.com/openssh/openssh-portable/pull/50 + errant dot; from klemens nanni - Upstream-ID: c85999af28aaecbf92cfa2283381df81e839b42c + Upstream-ID: 83d93366a5acf47047298c5d3ebc5e7426f37921 -commit f83a0cfe16c7a73627b46a9a94e40087d60f32fb +commit 8071a6924c12bb51406a9a64a4b2892675112c87 Author: djm@openbsd.org -Date: Wed Sep 21 17:44:20 2016 +0000 +Date: Fri Feb 24 03:16:34 2017 +0000 upstream commit - cast uint64_t for printf + might as well set the listener socket CLOEXEC - Upstream-ID: 76d23e89419ccbd2320f92792a6d878211666ac1 + Upstream-ID: 9c538433d6a0ca79f5f21decc5620e46fb68ab57 -commit 5f63ab474f58834feca4f35c498be03b7dd38a16 +commit d5499190559ebe374bcdfa8805408646ceffad64 Author: djm@openbsd.org -Date: Wed Sep 21 17:03:54 2016 +0000 +Date: Sun Feb 19 00:11:29 2017 +0000 upstream commit - disable tests for affirmative negated match after backout of - match change + add test cases for C locale; ok schwarze@ - Upstream-Regress-ID: acebb8e5042f03d66d86a50405c46c4de0badcfd + Upstream-Regress-ID: 783d75de35fbc923d46e2a5e6cee30f8f381ba87 -commit a5ad3a9db5a48f350f257a67b62fafd719ecb7e0 +commit 011c8ffbb0275281a0cf330054cf21be10c43e37 Author: djm@openbsd.org -Date: Wed Sep 21 16:55:42 2016 +0000 +Date: Sun Feb 19 00:10:57 2017 +0000 upstream commit - Revert two recent changes to negated address matching. The - new behaviour offers unintuitive surprises. We'll find a better way to deal - with single negated matches. - - match.c 1.31: - > fix matching for pattern lists that contain a single negated match, - > e.g. "Host !example" - > - > report and patch from Robin Becker. bz#1918 ok dtucker@ - - addrmatch.c 1.11: - > fix negated address matching where the address list consists of a - > single negated match, e.g. "Match addr !192.20.0.1" - > - > Report and patch from Jakub Jelen. bz#2397 ok dtucker@ + Add a common nl_langinfo(CODESET) alias for US-ASCII + "ANSI_X3.4-1968" that is used by Linux. Fixes mprintf output truncation for + non-UTF-8 locales on Linux spotted by dtucker@; ok deraadt@ schwarze@ - Upstream-ID: ec96c770f0f5b9a54e5e72fda25387545e9c80c6 + Upstream-ID: c6808956ebffd64066f9075d839f74ff0dd60719 -commit 119b7a2ca0ef2bf3f81897ae10301b8ca8cba844 -Author: djm@openbsd.org -Date: Wed Sep 21 01:35:12 2016 +0000 +commit 0c4430a19b73058a569573492f55e4c9eeaae67b +Author: dtucker@openbsd.org +Date: Tue Feb 7 23:03:11 2017 +0000 upstream commit - test all the AuthorizedPrincipalsCommand % expansions + Remove deprecated SSH1 options RSAAuthentication and + RhostsRSAAuthentication from regression test sshd_config. - Upstream-Regress-ID: 0a79a84dfaa59f958e46b474c3db780b454d30e3 + Upstream-Regress-ID: 8066b753d9dce7cf02ff87af5c727ff680d99491 -commit bfa9d969ab6235d4938ce069d4db7e5825c56a19 -Author: djm@openbsd.org -Date: Wed Sep 21 01:34:45 2016 +0000 +commit 3baa4cdd197c95d972ec3d07f1c0d08f2d7d9199 +Author: dtucker@openbsd.org +Date: Fri Feb 17 02:32:05 2017 +0000 upstream commit - add a way for principals command to get see key ID and serial - too + Do not show rsa1 key type in usage when compiled without + SSH1 support. - Upstream-ID: 0d30978bdcf7e8eaeee4eea1b030eb2eb1823fcb + Upstream-ID: 068b5c41357a02f319957746fa4e84ea73960f57 -commit 920585b826af1c639e4ed78b2eba01fd2337b127 -Author: djm@openbsd.org -Date: Fri Sep 16 06:09:31 2016 +0000 +commit ecc35893715f969e98fee118481f404772de4132 +Author: dtucker@openbsd.org +Date: Fri Feb 17 02:31:14 2017 +0000 upstream commit - add a note on kexfuzz' limitations + ifdef out "rsa1" from the list of supported keytypes when + compiled without SSH1 support. Found by kdunlop at guralp.com, ok djm@ - Upstream-Regress-ID: 03804d4a0dbc5163e1a285a4c8cc0a76a4e864ec + Upstream-ID: cea93a26433d235bb1d64b1d990f19a9c160a70f -commit 0445ff184080b196e12321998b4ce80b0f33f8d1 +commit 10577c6d96a55b877a960b2d0b75edef1b9945af Author: djm@openbsd.org -Date: Fri Sep 16 01:01:41 2016 +0000 +Date: Fri Feb 17 02:04:15 2017 +0000 upstream commit - fix for newer modp DH groups - (diffie-hellman-group14-sha256 etc) + For ProxyJump/-J, surround host name with brackets to + allow literal IPv6 addresses. From Dick Visser; ok dtucker@ - Upstream-Regress-ID: fe942c669959462b507516ae1634fde0725f1c68 + Upstream-ID: 3a5d3b0171250daf6a5235e91bce09c1d5746bf1 -commit 28652bca29046f62c7045e933e6b931de1d16737 -Author: markus@openbsd.org -Date: Mon Sep 19 19:02:19 2016 +0000 +commit b2afdaf1b52231aa23d2153f4a8c5a60a694dda4 +Author: jsg@openbsd.org +Date: Wed Feb 15 23:38:31 2017 +0000 upstream commit - move inbound NEWKEYS handling to kex layer; otherwise - early NEWKEYS causes NULL deref; found by Robert Swiecki/honggfuzz; fixed - with & ok djm@ + Fix memory leaks in match_filter_list() error paths. - Upstream-ID: 9a68b882892e9f51dc7bfa9f5a423858af358b2f + ok dtucker@ markus@ + + Upstream-ID: c7f96ac0877f6dc9188bbc908100a8d246cc7f0e -commit 492710894acfcc2f173d14d1d45bd2e688df605d -Author: natano@openbsd.org -Date: Mon Sep 19 07:52:42 2016 +0000 +commit 6d5a41b38b55258213ecfaae9df7a758caa752a1 +Author: djm@openbsd.org +Date: Wed Feb 15 01:46:47 2017 +0000 upstream commit - Replace two more arc4random() loops with - arc4random_buf(). - - tweaks and ok dtucker - ok deraadt + fix division by zero crash in "df" output when server + returns zero total filesystem blocks/inodes. Spotted by Guido Vranken; ok + dtucker@ - Upstream-ID: 738d3229130ccc7eac975c190276ca6fcf0208e4 + Upstream-ID: 6fb6c2ae6b289aa07b6232dbc0be54682ef5419f -commit 1036356324fecc13099ac6e986b549f6219327d7 -Author: tedu@openbsd.org -Date: Sat Sep 17 18:00:27 2016 +0000 +commit bd5d7d239525d595ecea92765334af33a45d9d63 +Author: Darren Tucker +Date: Sun Feb 12 15:45:15 2017 +1100 - upstream commit - - replace two arc4random loops with arc4random_buf ok - deraadt natano + ifdef out EVP_R_PRIVATE_KEY_DECODE_ERROR - Upstream-ID: e18ede972d1737df54b49f011fa4f3917a403f48 + EVP_R_PRIVATE_KEY_DECODE_ERROR was added in OpenSSL 1.0.0 so ifdef out + for the benefit of OpenSSL versions prior to that. -commit 00df97ff68a49a756d4b977cd02283690f5dfa34 +commit 155d540d00ff55f063421ec182ec8ff2b7ab6cbe Author: djm@openbsd.org -Date: Wed Sep 14 20:11:26 2016 +0000 +Date: Fri Feb 10 04:34:50 2017 +0000 upstream commit - take fingerprint of correct key for - AuthorizedPrincipalsCommand + bring back r1.34 that was backed out for problems loading + public keys: - Upstream-ID: 553581a549cd6a3e73ce9f57559a325cc2cb1f38 + translate OpenSSL error codes to something more + meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@ + + with additional fix from Jakub Jelen to solve the backout. + bz#2525 bz#2523 re-ok dtucker@ + + Upstream-ID: a9d5bc0306f4473d9b4f4484f880e95f3c1cc031 -commit e7907c1cb938b96dd33d27c2fea72c4e08c6b2f6 +commit a287c5ad1e0bf9811c7b9221979b969255076019 Author: djm@openbsd.org -Date: Wed Sep 14 05:42:25 2016 +0000 +Date: Fri Feb 10 03:36:40 2017 +0000 upstream commit - add %-escapes to AuthorizedPrincipalsCommand to match those - supported for AuthorizedKeysCommand (key, key type, fingerprint, etc) and a - few more to provide access to the certificate's CA key; 'looks ok' dtucker@ + Sanitise escape sequences in key comments sent to printf + but preserve valid UTF-8 when the locale supports it; bz#2520 ok dtucker@ - Upstream-ID: 6b00fd446dbebe67f4e4e146d2e492d650ae04eb + Upstream-ID: e8eed28712ba7b22d49be534237eed019875bd1e -commit 2b939c272a81c4d0c47badeedbcb2ba7c128ccda -Author: dtucker@openbsd.org -Date: Wed Sep 14 00:45:31 2016 +0000 +commit e40269be388972848aafcca7060111c70aab5b87 +Author: millert@openbsd.org +Date: Wed Feb 8 20:32:43 2017 +0000 upstream commit - Improve test coverage of ssh-keygen -T a bit. + Avoid printf %s NULL. From semarie@, OK djm@ - Upstream-Regress-ID: 8851668c721bcc2b400600cfc5a87644cc024e72 + Upstream-ID: 06beef7344da0208efa9275d504d60d2a5b9266c -commit 44d82fc83be6c5ccd70881c2dac1a73e5050398b -Author: dtucker@openbsd.org -Date: Mon Sep 12 02:25:46 2016 +0000 +commit 5b90709ab8704dafdb31e5651073b259d98352bc +Author: djm@openbsd.org +Date: Mon Feb 6 09:22:51 2017 +0000 upstream commit - Add testcase for ssh-keygen -j, -J and -K options for - moduli screening. Does not currently test generation as that is extremely - slow. + Restore \r\n newline sequence for server ident string. The CR + got lost in the flensing of SSHv1. Pointed out by Stef Bon - Upstream-Regress-ID: 9de6ce801377ed3ce0a63a1413f1cd5fd3c2d062 + Upstream-ID: 5333fd43ce5396bf5999496096fac5536e678fac -commit 44e5f756d286bc3a1a5272ea484ee276ba3ac5c2 +commit 97c31c46ee2e6b46dfffdfc4f90bbbf188064cbc Author: djm@openbsd.org -Date: Tue Aug 23 08:17:04 2016 +0000 +Date: Fri Feb 3 23:01:42 2017 +0000 upstream commit - add tests for addr_match_list() + unit test for match_filter_list() function; still want a + better name for this... - Upstream-Regress-ID: fae2d1fef84687ece584738a924c7bf969616c8e + Upstream-Regress-ID: 840ad6118552c35111f0a897af9c8d93ab8de92a -commit 445e218878035b59c704c18406e8aeaff4c8aa25 +commit f1a193464a7b77646f0d0cedc929068e4a413ab4 Author: djm@openbsd.org -Date: Mon Sep 12 23:39:34 2016 +0000 +Date: Fri Feb 3 23:05:57 2017 +0000 upstream commit - handle certs in rsa_hash_alg_from_ident(), saving an - unnecessary special case elsewhere. + use ssh_packet_set_log_preamble() to include connection + username in packet log messages, e.g. - Upstream-ID: 901cb081c59d6d2698b57901c427f3f6dc7397d4 + Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth] + + ok markus@ bz#113 + + Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15 -commit 130f5df4fa37cace8c079dccb690e5cafbf00751 +commit 07edd7e9537ab32aa52abb5fb2a915c350fcf441 Author: djm@openbsd.org -Date: Mon Sep 12 23:31:27 2016 +0000 +Date: Fri Feb 3 23:03:33 2017 +0000 upstream commit - list all supported signature algorithms in the - server-sig-algs Reported by mb AT smartftp.com in bz#2547 and (independantly) - Ron Frederick; ok markus@ + add ssh_packet_set_log_preamble() to allow inclusion of a + preamble string in disconnect messages; ok markus@ - Upstream-ID: ddf702d721f54646b11ef2cee6d916666cb685cd - -commit 8f750ccfc07acb8aa98be5a5dd935033a6468cfd -Author: Darren Tucker -Date: Mon Sep 12 14:43:58 2016 +1000 - - Remove no-op brackets to resync with upstream. - -commit 7050896e7395866278c19c2ff080c26152619d1d -Author: Darren Tucker -Date: Mon Sep 12 13:57:28 2016 +1000 - - Resync ssh-keygen -W error message with upstream. - -commit 43cceff82cc20413cce58ba3375e19684e62cec4 -Author: Darren Tucker -Date: Mon Sep 12 13:55:37 2016 +1000 - - Move ssh-keygen -W handling code to match upstream - -commit af48d541360b1d7737b35740a4b1ca34e1652cd9 -Author: Darren Tucker -Date: Mon Sep 12 13:52:17 2016 +1000 - - Move ssh-keygen -T handling code to match upstream. + Upstream-ID: 34cb41182cd76d414c214ccb01c01707849afead -commit d8c3cfbb018825c6c86547165ddaf11924901c49 -Author: Darren Tucker -Date: Mon Sep 12 13:30:50 2016 +1000 +commit 68bc8cfa7642d3ccbf2cd64281c16b8b9205be59 +Author: djm@openbsd.org +Date: Fri Feb 3 23:01:19 2017 +0000 - Move -M handling code to match upstream. + upstream commit + + support =- for removing methods from algorithms lists, + e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like + it" markus@ + + Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d -commit 7b63cf6dbbfa841c003de57d1061acbf2ff22364 -Author: dtucker@openbsd.org -Date: Mon Sep 12 03:29:16 2016 +0000 +commit c924b2ef941028a1f31e6e94f54dfeeeef462a4e +Author: djm@openbsd.org +Date: Fri Feb 3 05:05:56 2017 +0000 upstream commit - Spaces->tabs. + allow form-feed characters at EOL; bz#2431 ok dtucker@ - Upstream-ID: f4829dfc3f36318273f6082b379ac562eead70b7 + Upstream-ID: 1f453afaba6da2ae69d6afdf1ae79a917552f1a2 -commit 11e5e644536821ceb3bb4dd8487fbf0588522887 +commit 523db8540b720c4d21ab0ff6f928476c70c38aab +Author: Damien Miller +Date: Fri Feb 3 16:01:22 2017 +1100 + + prefer to use ldns-config to find libldns + + Should fix bz#2603 - "Build with ldns and without kerberos support + fails if ldns compiled with kerberos support" by including correct + cflags/libs + + ok dtucker@ + +commit c998bf0afa1a01257a53793eba57941182e9e0b7 Author: dtucker@openbsd.org -Date: Mon Sep 12 03:25:20 2016 +0000 +Date: Fri Feb 3 02:56:00 2017 +0000 upstream commit - Style whitespace fix. Also happens to remove a no-op - diff with portable. + Make ssh_packet_set_rekey_limits take u32 for the number of + seconds until rekeying (negative values are rejected at config parse time). + This allows the removal of some casts and a signed vs unsigned comparison + warning. - Upstream-ID: 45d90f9a62ad56340913a433a9453eb30ceb8bf3 + rekey_time is cast to int64 for the comparison which is a no-op + on OpenBSD, but should also do the right thing in -portable on + anything still using 32bit time_t (until the system time actually + wraps, anyway). + + some early guidance deraadt@, ok djm@ + + Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c -commit 9136ec134c97a8aff2917760c03134f52945ff3c -Author: deraadt@openbsd.org -Date: Mon Sep 12 01:22:38 2016 +0000 +commit 3ec5fa4ba97d4c4853620daea26a33b9f1fe3422 +Author: jsg@openbsd.org +Date: Thu Feb 2 10:54:25 2017 +0000 upstream commit - Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then - use those definitions rather than pulling and unknown namespace - pollution. ok djm markus dtucker + In vasnmprintf() return an error if malloc fails and + don't set a function argument to the address of free'd memory. - Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8 + ok djm@ + + Upstream-ID: 1efffffff2f51d53c9141f245b90ac23d33b9779 -commit f219fc8f03caca7ac82a38ed74bbd6432a1195e7 -Author: jmc@openbsd.org -Date: Wed Sep 7 18:39:24 2016 +0000 +commit 858252fb1d451ebb0969cf9749116c8f0ee42753 +Author: dtucker@openbsd.org +Date: Wed Feb 1 02:59:09 2017 +0000 upstream commit - sort; from matthew martin + Return true reason for port forwarding failures where + feasible rather than always "administratively prohibited". bz#2674, ok djm@ - Upstream-ID: 73cec7f7ecc82d37a4adffad7745e4684de67ce7 + Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419 -commit 06ce56b05def9460aecc7cdb40e861a346214793 -Author: markus@openbsd.org -Date: Tue Sep 6 09:22:56 2016 +0000 +commit 6ba9f893838489add6ec4213c7a997b425e4a9e0 +Author: dtucker@openbsd.org +Date: Mon Jan 30 23:27:39 2017 +0000 upstream commit - ssh_set_newkeys: print correct block counters on - rekeying; ok djm@ + Small correction to the known_hosts section on when it is + updated. Patch from lkppo at free.fr some time ago, pointed out by smallm at + sdf.org - Upstream-ID: 32bb7a9cb9919ff5bab28d50ecef3a2b2045dd1e + Upstream-ID: 1834d7af179dea1a12ad2137f84566664af225d5 -commit e5e8d9114ac6837a038f4952994ca95a97fafe8d -Author: markus@openbsd.org -Date: Tue Sep 6 09:14:05 2016 +0000 +commit c61d5ec3c11e7ff9779b6127421d9f166cf10915 +Author: Darren Tucker +Date: Fri Feb 3 14:10:34 2017 +1100 - upstream commit + Remove _XOPEN_SOURCE from wide char detection. - update ext_info_c every time we receive a kexinit msg; - fixes sending of ext_info if privsep is disabled; report Aris Adamantiadis & - Mancha; ok djm@ + Having _XOPEN_SOURCE unconditionally causes problems on some platforms + and configurations, notably Solaris 64-bit binaries. It was there for + the benefit of Linux put the required bits in the *-*linux* section. - Upstream-ID: 2ceaa1076e19dbd3542254b4fb8e42d608f28856 + Patch from yvoinov at gmail.com. -commit da95318dbedbaa1335323dba370975c2f251afd8 +commit f25ee13b3e81fd80efeb871dc150fe49d7fc8afd Author: djm@openbsd.org -Date: Mon Sep 5 14:02:42 2016 +0000 +Date: Mon Jan 30 05:22:14 2017 +0000 upstream commit - remove 3des-cbc from the client's default proposal; - 64-bit block ciphers are not safe in 2016 and we don't want to wait until - attacks like sweet32 are extended to SSH. - - As 3des-cbc was the only mandatory cipher in the SSH RFCs, this may - cause problems connecting to older devices using the defaults, but - it's highly likely that such devices already need explicit - configuration for KEX and hostkeys anyway. - - ok deraadt, markus, dtucker + fully unbreak: some $SSH invocations did not have -F + specified and could pick up the ~/.ssh/config of the user running the tests - Upstream-ID: a505dfe65c6733af0f751b64cbc4bb7e0761bc2f + Upstream-Regress-ID: f362d1892c0d3e66212d5d3fc02d915c58ef6b89 -commit b33ad6d997d36edfea65e243cd12ccd01f413549 +commit 6956e21fb26652887475fe77ea40d2efcf25908b Author: djm@openbsd.org -Date: Mon Sep 5 13:57:31 2016 +0000 +Date: Mon Jan 30 04:54:07 2017 +0000 upstream commit - enforce expected request flow for GSSAPI calls; thanks to - Jakub Jelen for testing; ok markus@ + partially unbreak: was not specifying hostname on some + $SSH invocations - Upstream-ID: d4bc0e70e1be403735d3d9d7e176309b1fd626b9 + Upstream-Regress-ID: bc8a5e98e57bad0a92ef4f34ed91c1d18294e2cc -commit 0bb2980260fb24e5e0b51adac471395781b66261 -Author: Darren Tucker -Date: Mon Sep 12 11:07:00 2016 +1000 +commit 52763dd3fe0a4678dafdf7aeb32286e514130afc +Author: djm@openbsd.org +Date: Mon Jan 30 01:03:00 2017 +0000 - Restore ssh-keygen's -J and -j option handling. + upstream commit - These were incorrectly removed in the 1d9a2e28 sync commit. - -commit 775f8a23f2353f5869003c57a213d14b28e0736e -Author: Damien Miller -Date: Wed Aug 31 10:48:07 2016 +1000 - - tighten PAM monitor calls + revise keys/principals command hang fix (bz#2655) to + consume entire output, avoiding sending SIGPIPE to subprocesses early; ok + dtucker@ - only allow kbd-interactive ones when that authentication method is - enabled. Prompted by Solar Designer + Upstream-ID: 7cb04b31a61f8c78c4e48ceededcd2fd5c4ee1bc -commit 7fd0ea8a1db4bcfb3d8cd9df149e5d571ebea1f4 +commit 381a2615a154a82c4c53b787f4a564ef894fe9ac Author: djm@openbsd.org -Date: Tue Aug 30 07:50:21 2016 +0000 +Date: Mon Jan 30 00:38:50 2017 +0000 upstream commit - restrict monitor auth calls to be allowed only when their - respective authentication methods are enabled in the configuration. + small cleanup post SSHv1 removal: - prompted by Solar Designer; ok markus dtucker + remove SSHv1-isms in commented examples - Upstream-ID: 6eb3f89332b3546d41d6dbf5a8e6ff920142b553 - -commit b38b95f5bcc52278feb839afda2987933f68ff96 -Author: Damien Miller -Date: Mon Aug 29 11:47:07 2016 +1000 - - Tighten monitor state-machine flow for PAM calls + reorder token table to group deprecated and compile-time conditional tokens + better - (attack surface reduction) + fix config dumping code for some compile-time conditional options that + weren't being correctly skipped (SSHv1 and PKCS#11) + + Upstream-ID: f2e96b3cb3158d857c5a91ad2e15925df3060105 -commit dc664d1bd0fc91b24406a3e9575b81c285b8342b +commit 4833d01591b7eb049489d9558b65f5553387ed43 Author: djm@openbsd.org -Date: Sun Aug 28 22:28:12 2016 +0000 +Date: Mon Jan 30 00:34:01 2017 +0000 upstream commit - fix uninitialised optlen in getsockopt() call; harmless - on Unix/BSD but potentially crashy on Cygwin. Reported by James Slepicka ok - deraadt@ + some explicit NULL tests when dumping configured + forwardings; from Karsten Weiss - Upstream-ID: 1987ccee508ba5b18f016c85100d7ac3f70ff965 + Upstream-ID: 40957b8dea69672b0e50df6b4a91a94e3e37f72d -commit 5bcc1e2769f7d6927d41daf0719a9446ceab8dd7 -Author: guenther@openbsd.org -Date: Sat Aug 27 04:05:12 2016 +0000 +commit 326e2fae9f2e3e067b5651365eba86b35ee5a6b2 +Author: djm@openbsd.org +Date: Mon Jan 30 00:32:28 2017 +0000 upstream commit - Pull in for struct timeval - - ok deraadt@ + misplaced braces in test; from Karsten Weiss - Upstream-ID: ae34525485a173bccd61ac8eefeb91c57e3b7df6 + Upstream-ID: f7b794074d3aae8e35b69a91d211c599c94afaae -commit fa4a4c96b19127dc2fd4e92f20d99c0c7f34b538 -Author: guenther@openbsd.org -Date: Sat Aug 27 04:04:56 2016 +0000 +commit 3e032a95e46bfaea9f9e857678ac8fa5f63997fb +Author: djm@openbsd.org +Date: Mon Jan 30 00:32:03 2017 +0000 upstream commit - Pull in for NULL - - ok deraadt@ + don't dereference authctxt before testing != NULL, it + causes compilers to make assumptions; from Karsten Weiss - Upstream-ID: 7baa6a0f1e049bb3682522b4b95a26c866bfc043 + Upstream-ID: 794243aad1e976ebc717885b7a97a25e00c031b2 -commit ae363d74ccc1451185c0c8bd4631e28c67c7fd36 +commit 01cfaa2b1cfb84f3cdd32d1bf82b120a8d30e057 Author: djm@openbsd.org -Date: Thu Aug 25 23:57:54 2016 +0000 +Date: Fri Jan 6 02:51:16 2017 +0000 upstream commit - add a sIgnore opcode that silently ignores options and - use it to suppress noisy deprecation warnings for the Protocol directive. - - req henning, ok markus + use correct ssh-add program; bz#2654, from Colin Watson - Upstream-ID: 9fe040aca3d6ff393f6f7e60045cdd821dc4cbe0 + Upstream-Regress-ID: 7042a36e1bdaec6562f6e57e9d047efe9c7a6030 -commit a94c60306643ae904add6e8ed219e4be3494255c -Author: djm@openbsd.org -Date: Thu Aug 25 23:56:51 2016 +0000 +commit e5c7ec67cdc42ae2584085e0fc5cc5ee91133cf5 +Author: dtucker@openbsd.org +Date: Fri Jan 6 02:26:10 2017 +0000 upstream commit - remove superfluous NOTREACHED comment + Account for timeouts in the integrity tests as failures. - Upstream-ID: a7485c1f1be618e8c9e38fd9be46c13b2d03b90c + If the first test in a series for a given MAC happens to modify the low + bytes of a packet length, then ssh will time out and this will be + interpreted as a test failure. Patch from cjwatson at debian.org via + bz#2658. + + Upstream-Regress-ID: e7467613b0badedaa300bc6fc7495ec2f44e2fb9 -commit fc041c47144ce28cf71353124a8a5d183cd6a251 -Author: otto@openbsd.org -Date: Tue Aug 23 16:21:45 2016 +0000 +commit dbaf599b61bd6e0f8469363a8c8e7f633b334018 +Author: dtucker@openbsd.org +Date: Fri Jan 6 02:09:25 2017 +0000 upstream commit - fix previous, a condition was modified incorrectly; ok - markus@ deraadt@ + Make forwarding test less racy by using unix domain + sockets instead of TCP ports where possible. Patch from cjwatson at + debian.org via bz#2659. - Upstream-ID: c443e339768e7ed396dff3bb55f693e7d3641453 + Upstream-Regress-ID: 4756375aac5916ef9d25452a1c1d5fa9e90299a9 -commit 23555eb13a9b0550371a16dcf8beaab7a5806a64 -Author: djm@openbsd.org -Date: Tue Aug 23 08:17:42 2016 +0000 +commit 9390b0031ebd6eb5488d3bc4d4333c528dffc0a6 +Author: dtucker@openbsd.org +Date: Sun Jan 29 21:35:23 2017 +0000 upstream commit - downgrade an error() to a debug2() to match similar cases - in addr_match_list() + Fix typo in ~C error message for bad port forward + cancellation. bz#2672, from Brad Marshall via Colin Watson and Ubuntu's + bugtracker. - Upstream-ID: 07c3d53e357214153d9d08f234411e0d1a3d6f5c + Upstream-ID: 0d4a7e5ead6cc59c9a44b4c1e5435ab3aada09af -commit a39627134f6d90e7009eeb14e9582ecbc7a99192 -Author: djm@openbsd.org -Date: Tue Aug 23 06:36:23 2016 +0000 +commit 4ba15462ca38883b8a61a1eccc093c79462d5414 +Author: guenther@openbsd.org +Date: Sat Jan 21 11:32:04 2017 +0000 upstream commit - remove Protocol directive from client/server configs that - causes spammy deprecation warnings + The POSIX APIs that that sockaddrs all ignore the s*_len + field in the incoming socket, so userspace doesn't need to set it unless it + has its own reasons for tracking the size along with the sockaddr. - hardcode SSH_PROTOCOLS=2, since that's all we support on the server - now (the client still may support both, so it could get confused) + ok phessler@ deraadt@ florian@ - Upstream-Regress-ID: c16662c631af51633f9fd06aca552a70535de181 + Upstream-ID: ca6e49e2f22f2b9e81d6d924b90ecd7e422e7437 -commit 6ee4f1c01ee31e65245881d49d4bccf014956066 -Author: Damien Miller -Date: Tue Aug 23 16:33:48 2016 +1000 +commit a1187bd3ef3e4940af849ca953a1b849dae78445 +Author: jmc@openbsd.org +Date: Fri Jan 6 16:28:12 2017 +0000 - hook match and utf8 unittests up to Makefile + upstream commit + + keep the tokens list sorted; + + Upstream-ID: b96239dae4fb3aa94146bb381afabcc7740a1638 -commit 114efe2bc0dd2842d997940a833f115e6fc04854 +commit b64077f9767634715402014f509e58decf1e140d Author: djm@openbsd.org -Date: Fri Aug 19 06:44:13 2016 +0000 +Date: Fri Jan 6 09:27:52 2017 +0000 upstream commit - add tests for matching functions + fix previous - Upstream-Regress-ID: 0869d4f5c5d627c583c6a929d69c17d5dd65882c - -commit 857568d2ac81c14bcfd625b27536c1e28c992b3c -Author: Damien Miller -Date: Tue Aug 23 14:32:37 2016 +1000 - - removing UseLogin bits from configure.ac + Upstream-ID: c107d6a69bc22325d79fbf78a2a62e04bcac6895 -commit cc182d01cef8ca35a1d25ea9bf4e2ff72e588208 +commit 5e820e9ea2e949aeb93071fe31c80b0c42f2b2de Author: djm@openbsd.org -Date: Tue Aug 23 03:24:10 2016 +0000 +Date: Fri Jan 6 03:53:58 2017 +0000 upstream commit - fix negated address matching where the address list - consists of a single negated match, e.g. "Match addr !192.20.0.1" - - Report and patch from Jakub Jelen. bz#2397 ok dtucker@ + show a useful error message when included config files + can't be opened; bz#2653, ok dtucker@ - Upstream-ID: 01dcac3f3e6ca47518cf293e31c73597a4bb40d8 + Upstream-ID: f598b73b5dfe497344cec9efc9386b4e5a3cb95b -commit 4067ec8a4c64ccf16250c35ff577b4422767da64 +commit 13bd2e2d622d01dc85d22b94520a5b243d006049 Author: djm@openbsd.org -Date: Tue Aug 23 03:22:49 2016 +0000 +Date: Fri Jan 6 03:45:41 2017 +0000 upstream commit - fix matching for pattern lists that contain a single - negated match, e.g. "Host !example" - - report and patch from Robin Becker. bz#1918 ok dtucker@ + sshd_config is documented to set + GSSAPIStrictAcceptorCheck=yes by default, so actually make it do this. + bz#2637 ok dtucker - Upstream-ID: 05a0cb323ea4bc20e98db099b42c067bfb9ea1ea + Upstream-ID: 99ef8ac51f17f0f7aec166cb2e34228d4d72a665 -commit 83b581862a1dbb06fc859959f829dde2654aef3c +commit f89b928534c9e77f608806a217d39a2960cc7fd0 Author: djm@openbsd.org -Date: Fri Aug 19 03:18:06 2016 +0000 +Date: Fri Jan 6 03:41:58 2017 +0000 upstream commit - remove UseLogin option and support for having /bin/login - manage login sessions; ok deraadt markus dtucker + Avoid confusing error message when attempting to use + ssh-keyscan built without SSH protocol v.1 to scan for v.1 keys; bz#2583 - Upstream-ID: bea7213fbf158efab7e602d9d844fba4837d2712 + Upstream-ID: 5d214abd3a21337d67c6dcc5aa6f313298d0d165 -commit ffe6549c2f7a999cc5264b873a60322e91862581 -Author: naddy@openbsd.org -Date: Mon Aug 15 12:32:04 2016 +0000 +commit 0999533014784579aa6f01c2d3a06e3e8804b680 +Author: dtucker@openbsd.org +Date: Fri Jan 6 02:34:54 2017 +0000 upstream commit - Catch up with the SSH1 code removal and delete all - mention of protocol 1 particularities, key files and formats, command line - options, and configuration keywords from the server documentation and - examples. ok jmc@ + Re-add '%k' token for AuthorizedKeysCommand which was + lost during the re-org in rev 1.235. bz#2656, from jboning at gmail.com. - Upstream-ID: 850328854675b4b6a0d4a90f0b4a9dd9ca4e905f + Upstream-ID: 2884e203c02764d7b3fe7472710d9c24bdc73e38 -commit c38ea634893a1975dbbec798fb968c9488013f4a -Author: naddy@openbsd.org -Date: Mon Aug 15 12:27:56 2016 +0000 +commit 51045869fa084cdd016fdd721ea760417c0a3bf3 +Author: djm@openbsd.org +Date: Wed Jan 4 05:37:40 2017 +0000 upstream commit - Remove more SSH1 server code: * Drop sshd's -k option. * - Retire configuration keywords that only apply to protocol 1, as well as the - "protocol" keyword. * Remove some related vestiges of protocol 1 support. - - ok markus@ + unbreak Unix domain socket forwarding for root; ok + markus@ - Upstream-ID: 9402f82886de917779db12f8ee3f03d4decc244d - -commit 33ba55d9e358c07f069e579bfab80eccaaad52cb -Author: Darren Tucker -Date: Wed Aug 17 16:26:04 2016 +1000 - - Only check for prctl once. - -commit 976ba8a8fd66a969bf658280c1e5adf694cc2fc6 -Author: Darren Tucker -Date: Wed Aug 17 15:33:10 2016 +1000 - - Fix typo. + Upstream-ID: 6649c76eb7a3fa15409373295ca71badf56920a2 -commit 9abf84c25ff4448891edcde60533a6e7b2870de1 +commit 58fca12ba967ea5c768653535604e1522d177e44 Author: Darren Tucker -Date: Wed Aug 17 14:25:43 2016 +1000 +Date: Mon Jan 16 09:08:32 2017 +1100 - Correct LDFLAGS for clang example. + Remove LOGIN_PROGRAM. - --with-ldflags isn't used until after the -ftrapv test, so mention - LDFLAGS instead for now. + UseLogin is gone, remove leftover. bz#2665, from cjwatson at debian.org -commit 1e8013a17ff11e3c6bd0012fb1fc8d5f1330eb21 -Author: Darren Tucker -Date: Wed Aug 17 14:08:42 2016 +1000 +commit b108ce92aae0ca0376dce9513d953be60e449ae1 +Author: djm@openbsd.org +Date: Wed Jan 4 02:21:43 2017 +0000 - Remove obsolete CVS $Id from source files. + upstream commit + + relax PKCS#11 whitelist a bit to allow libexec as well as + lib directories. - Since -portable switched to git the CVS $Id tags are no longer being - updated and are becoming increasingly misleading. Remove them. + Upstream-ID: cf5617958e2e2d39f8285fd3bc63b557da484702 -commit adab758242121181700e48b4f6c60d6b660411fe -Author: Darren Tucker -Date: Wed Aug 17 13:40:58 2016 +1000 +commit c7995f296b9222df2846f56ecf61e5ae13d7a53d +Author: djm@openbsd.org +Date: Tue Jan 3 05:46:51 2017 +0000 - Remove now-obsolete CVS $Id tags from text files. + upstream commit + + check number of entries in SSH2_FXP_NAME response; avoids + unreachable overflow later. Reported by Jann Horn - Since -portable switched to git, the CVS $Id tags are no longer being - updated and are becoming increasingly misleading. Remove them. + Upstream-ID: b6b2b434a6d6035b1644ca44f24cd8104057420f -commit 560c0068541315002ec4c1c00a560bbd30f2d671 -Author: Darren Tucker -Date: Wed Aug 17 13:38:30 2016 +1000 +commit ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2 +Author: djm@openbsd.org +Date: Fri Dec 30 22:08:02 2016 +0000 - Add a section for compiler specifics. + upstream commit - Add a section for compiler specifics and document the runtime requirements - for clang's integer sanitization. + fix deadlock when keys/principals command produces a lot of + output and a key is matched early; bz#2655, patch from jboning AT gmail.com + + Upstream-ID: e19456429bf99087ea994432c16d00a642060afe -commit a8fc0f42e1eda2fa3393d1ea5e61322d5e07a9cd +commit 30eee7d1b2fec33c14870cc11910610be5d2aa6f Author: Darren Tucker -Date: Wed Aug 17 13:35:43 2016 +1000 +Date: Tue Dec 20 12:16:11 2016 +1100 - Test multiplying two long long ints. + Re-add missing "Prerequisites" header and fix typo - When using clang with -ftrapv or -sanitize=integer the tests would pass - but linking would fail with "undefined reference to __mulodi4". - Explicitly test for this before enabling -trapv. + Patch from HARUYAMA Seigo . -commit a1cc637e7e11778eb727559634a6ef1c19c619f6 -Author: Damien Miller -Date: Tue Aug 16 14:47:34 2016 +1000 +commit c8c60f3663165edd6a52632c6ddbfabfce1ca865 +Author: djm@openbsd.org +Date: Mon Dec 19 22:35:23 2016 +0000 - add a --with-login-program configure argument + upstream commit - Saves messing around with LOGIN_PROGRAM env var, which come - packaging environments make hard to do during configure phase. - -commit 8bd81e1596ab1bab355146cb65e82fb96ade3b23 -Author: Damien Miller -Date: Tue Aug 16 13:30:56 2016 +1000 - - add --with-pam-service to specify PAM service name + use standard /bin/sh equality test; from Mike Frysinger - Saves messing around with CFLAGS to do it. + Upstream-Regress-ID: 7b6f0b63525f399844c8ac211003acb8e4b0bec2 -commit 74433a19bb6f4cef607680fa4d1d7d81ca3826aa +commit 4a354fc231174901f2629437c2a6e924a2dd6772 Author: Damien Miller -Date: Tue Aug 16 13:28:23 2016 +1000 +Date: Mon Dec 19 15:59:26 2016 +1100 - fix false positives when compiled with msan - - Our explicit_bzero successfully confused clang -fsanitize-memory - in to thinking that memset is never called to initialise memory. - Ensure that it is called in a way that the compiler recognises. + crank version numbers for release -commit 6cb6dcffe1a2204ba9006de20f73255c268fcb6b -Author: markus@openbsd.org -Date: Sat Aug 13 17:47:40 2016 +0000 +commit 5f8d0bb8413d4d909cc7aa3c616fb0538224c3c9 +Author: djm@openbsd.org +Date: Mon Dec 19 04:55:51 2016 +0000 upstream commit - remove ssh1 server code; ok djm@ + openssh-7.4 - Upstream-ID: c24c0c32c49b91740d5a94ae914fb1898ea5f534 + Upstream-ID: 1ee404adba6bbe10ae9277cbae3a94abe2867b79 -commit 42d47adc5ad1187f22c726cbc52e71d6b1767ca2 -Author: jca@openbsd.org -Date: Fri Aug 12 19:19:04 2016 +0000 +commit 3a8213ea0ed843523e34e55ab9c852332bab4c7b +Author: djm@openbsd.org +Date: Mon Dec 19 04:55:18 2016 +0000 upstream commit - Use 2001:db8::/32, the official IPv6 subnet for - configuration examples. + remove testcase that depends on exact output and + behaviour of snprintf(..., "%s", NULL) - This makes the IPv6 example consistent with IPv4, and removes a dubious - mention of a 6bone subnet. + Upstream-Regress-ID: cab4288531766bd9593cb556613b91a2eeefb56f + +commit eae735a82d759054f6ec7b4e887fb7a5692c66d7 +Author: dtucker@openbsd.org +Date: Mon Dec 19 03:32:57 2016 +0000 + + upstream commit - ok sthen@ millert@ + Use LOGNAME to get current user and fall back to whoami if + not set. Mainly to benefit -portable since some platforms don't have whoami. - Upstream-ID: b027f3d0e0073419a132fd1bf002e8089b233634 + Upstream-Regress-ID: e3a16b7836a3ae24dc8f8a4e43fdf8127a60bdfa -commit b61f53c0c3b43c28e013d3b3696d64d1c0204821 +commit 0d2f88428487518eea60602bd593989013831dcf Author: dtucker@openbsd.org -Date: Thu Aug 11 01:42:11 2016 +0000 +Date: Fri Dec 16 03:51:19 2016 +0000 upstream commit - Update moduli file. + Add regression test for AllowUsers and DenyUsers. Patch from + Zev Weiss - Upstream-ID: 6da9a37f74aef9f9cc639004345ad893cad582d8 + Upstream-Regress-ID: 8f1aac24d52728398871dac14ad26ea38b533fb9 -commit f217d9bd42d306f69f56335231036b44502d8191 +commit 3bc8180a008929f6fe98af4a56fb37d04444b417 Author: Darren Tucker -Date: Thu Aug 11 11:42:48 2016 +1000 +Date: Fri Dec 16 15:02:24 2016 +1100 - Import updated moduli. + Add missing monitor.h include. + + Fixes warning pointed out by Zev Weiss + +commit 410681f9015d76cc7b137dd90dac897f673244a0 +Author: djm@openbsd.org +Date: Fri Dec 16 02:48:55 2016 +0000 + + upstream commit + + revert to rev1.2; the new bits in this test depend on changes + to ssh that aren't yet committed + + Upstream-Regress-ID: 828ffc2c7afcf65d50ff2cf3dfc47a073ad39123 -commit 67dca60fbb4923b7a11c1645b90a5ca57c03d8be +commit 2f2ffa4fbe4b671bbffa0611f15ba44cff64d58e Author: dtucker@openbsd.org -Date: Mon Aug 8 22:40:57 2016 +0000 +Date: Fri Dec 16 01:06:27 2016 +0000 upstream commit - Improve error message for overlong ControlPath. ok markus@ - djm@ + Move the "stop sshd" code into its own helper function. + Patch from Zev Weiss , ok djm@ - Upstream-ID: aed374e2e88dd3eb41390003e5303d0089861eb5 + Upstream-Regress-ID: a113dea77df5bd97fb4633ea31f3d72dbe356329 -commit 4706c1d8c15cd5565b59512853c2da9bd4ca26c9 +commit e15e7152331e3976b35475fd4e9c72897ad0f074 Author: djm@openbsd.org -Date: Wed Aug 3 05:41:57 2016 +0000 +Date: Fri Dec 16 01:01:07 2016 +0000 upstream commit - small refactor of cipher.c: make ciphercontext opaque to - callers feedback and ok markus@ + regression test for certificates along with private key + with no public half. bz#2617, mostly from Adam Eijdenberg - Upstream-ID: 094849f8be68c3bdad2c0f3dee551ecf7be87f6f + Upstream-Regress-ID: 2e74dc2c726f4dc839609b3ce045466b69f01115 -commit e600348a7afd6325cc5cd783cb424065cbc20434 +commit 9a70ec085faf6e55db311cd1a329f1a35ad2a500 Author: dtucker@openbsd.org -Date: Wed Aug 3 04:23:55 2016 +0000 +Date: Thu Dec 15 23:50:37 2016 +0000 upstream commit - Fix bug introduced in rev 1.467 which causes - "buffer_get_bignum_ret: incomplete message" errors when built with WITH_SSH1 - and run such that no Protocol 1 ephemeral host key is generated (eg "Protocol - 2", no SSH1 host key supplied). Reported by rainer.laatsch at t-online.de, - ok deraadt@ + Use $SUDO to read pidfile in case root's umask is + restricted. From portable. - Upstream-ID: aa6b132da5c325523aed7989cc5a320497c919dc + Upstream-Regress-ID: f6b1c7ffbc5a0dfb7d430adb2883344899174a98 -commit d7e7348e72f9b203189e3fffb75605afecba4fda -Author: djm@openbsd.org -Date: Wed Jul 27 23:18:12 2016 +0000 +commit fe06b68f824f8f55670442fb31f2c03526dd326c +Author: dtucker@openbsd.org +Date: Thu Dec 15 21:29:05 2016 +0000 upstream commit - better bounds check on iovcnt (we only ever use fixed, - positive values) + Add missing braces in DenyUsers code. Patch from zev at + bewilderbeest.net, ok deraadt@ - Upstream-ID: 9baa6eb5cd6e30c9dc7398e5fe853721a3a5bdee - -commit 5faa52d295f764562ed6dd75c4a4ce9134ae71e3 -Author: Darren Tucker -Date: Tue Aug 2 15:22:40 2016 +1000 - - Use tabs consistently inside "case $host". + Upstream-ID: d747ace338dcf943b077925f90f85f789714b54e -commit 20e5e8ba9c5d868d897896190542213a60fffbd2 -Author: Darren Tucker -Date: Tue Aug 2 12:16:34 2016 +1000 +commit dcc7d74242a574fd5c4afbb4224795b1644321e7 +Author: dtucker@openbsd.org +Date: Thu Dec 15 21:20:41 2016 +0000 - Explicitly test for broken strnvis. - - NetBSD added an strnvis and unfortunately made it incompatible with the - existing one in OpenBSD and Linux's libbsd (the former having existed - for over ten years). Despite this incompatibility being reported during - development (see http://gnats.netbsd.org/44977) they still shipped it. - Even more unfortunately FreeBSD and later MacOS picked up this incompatible - implementation. Try to detect this mess, and assume the only safe option - if we're cross compiling. + upstream commit - OpenBSD 2.9 (2001): strnvis(char *dst, const char *src, size_t dlen, int flag); - NetBSD 6.0 (2012): strnvis(char *dst, size_t dlen, const char *src, int flag); + Fix text in error message. Patch from zev at + bewilderbeest.net. - ok djm@ + Upstream-ID: deb0486e175e7282f98f9a15035d76c55c84f7f6 -commit b0b48beab1b74100b61ecbadb9140c9ab4c2ea8c -Author: Damien Miller -Date: Tue Aug 2 11:06:23 2016 +1000 +commit b737e4d7433577403a31cff6614f6a1b0b5e22f4 +Author: djm@openbsd.org +Date: Wed Dec 14 00:36:34 2016 +0000 - update recommended autoconf version + upstream commit + + disable Unix-domain socket forwarding when privsep is + disabled + + Upstream-ID: ab61516ae0faadad407857808517efa900a0d6d0 -commit 23902e31dfd18c6d7bb41ccd73de3b5358a377da -Author: Damien Miller -Date: Tue Aug 2 10:48:04 2016 +1000 +commit 08a1e7014d65c5b59416a0e138c1f73f417496eb +Author: djm@openbsd.org +Date: Fri Dec 9 03:04:29 2016 +0000 - update config.guess and config.sub to current + upstream commit + + log connections dropped in excess of MaxStartups at + verbose LogLevel; bz#2613 based on diff from Tomas Kuthan; ok dtucker@ - upstream commit 562f3512b3911ba0c77a7f68214881d1f241f46e + Upstream-ID: 703ae690dbf9b56620a6018f8a3b2389ce76d92b -commit dd1031b78b83083615b68d7163c44f4408635be2 +commit 10e290ec00964b2bf70faab15a10a5574bb80527 Author: Darren Tucker -Date: Tue Aug 2 10:01:52 2016 +1000 +Date: Tue Dec 13 13:51:32 2016 +1100 - Replace spaces with tabs. - - Mechanically replace spaces with tabs in compat files not synced with - OpenBSD. + Get default of TEST_SSH_UTF8 from environment. -commit c20dccb5614c5714f4155dda01bcdebf97cfae7e +commit b9b8ba3f9ed92c6220b58d70d1e6d8aa3eea1104 Author: Darren Tucker -Date: Tue Aug 2 09:44:25 2016 +1000 +Date: Tue Dec 13 12:56:40 2016 +1100 - Strip trailing whitespace. + Remove commented-out includes. - Mechanically strip trailing whitespace on files not synced with OpenBSD - (or in the case of bsd-snprint.c, rsync). + These commented-out includes have "Still needed?" comments. Since + they've been commented out for ~13 years I assert that they're not. -commit 30f9bd1c0963c23bfba8468dfd26aa17609ba42f +commit 25275f1c9d5f01a0877d39444e8f90521a598ea0 Author: Darren Tucker -Date: Tue Aug 2 09:06:27 2016 +1000 +Date: Tue Dec 13 12:54:23 2016 +1100 - Repair $OpenBSD markers. + Add prototype for strcasestr in compat library. -commit 9715d4ad4b53877ec23dc8681dd7a405de9419a6 +commit afec07732aa2985142f3e0b9a01eb6391f523dec Author: Darren Tucker -Date: Tue Aug 2 09:02:42 2016 +1000 - - Repair $OpenBSD marker. - -commit cf3e0be7f5828a5e5f6c296a607d20be2f07d60c -Author: Tim Rice -Date: Mon Aug 1 14:31:52 2016 -0700 +Date: Tue Dec 13 10:23:03 2016 +1100 - modified: configure.ac opensshd.init.in - Skip generating missing RSA1 key on startup unless ssh1 support is enabled. - Spotted by Jean-Pierre Radley + Add strcasestr to compat library. + + Fixes build on (at least) Solaris 10. -commit 99522ba7ec6963a05c04a156bf20e3ba3605987c +commit dda78a03af32e7994f132d923c2046e98b7c56c8 Author: Damien Miller -Date: Thu Jul 28 08:54:27 2016 +1000 +Date: Mon Dec 12 13:57:10 2016 +1100 - define _OPENBSD_SOURCE for reallocarray on NetBSD + Force Turkish locales back to C/POSIX; bz#2643 + + Turkish locales are unique in their handling of the letters 'i' and + 'I' (yes, they are different letters) and OpenSSH isn't remotely + prepared to deal with that. For now, the best we can do is to force + OpenSSH to use the C/POSIX locale and try to preserve the UTF-8 + encoding if possible. - Report by and debugged with Hisashi T Fujinaka, dtucker nailed - the problem (lack of prototype causing return type confusion). + ok dtucker@ -commit 3e1e076550c27c6bbdddf36d8f42bd79fbaaa187 -Author: Damien Miller -Date: Wed Jul 27 08:25:42 2016 +1000 +commit c35995048f41239fc8895aadc3374c5f75180554 +Author: Darren Tucker +Date: Fri Dec 9 12:52:02 2016 +1100 - KNF + exit is in stdlib.h not unistd.h (that's _exit). -commit d99ee9c4e5e217e7d05eeec84e9ce641f4675331 -Author: Damien Miller -Date: Wed Jul 27 08:25:23 2016 +1000 +commit d399a8b914aace62418c0cfa20341aa37a192f98 +Author: Darren Tucker +Date: Fri Dec 9 12:33:25 2016 +1100 - Linux auditing also needs packet.h + Include for exit in utf8 locale test. -commit 393bd381a45884b589baa9aed4394f1d250255ca -Author: Damien Miller -Date: Wed Jul 27 08:18:05 2016 +1000 +commit 47b8c99ab3221188ad3926108dd9d36da3b528ec +Author: Darren Tucker +Date: Thu Dec 8 15:48:34 2016 +1100 - fix auditing on Linux + Check for utf8 local support before testing it. - get_remote_ipaddr() was replaced with ssh_remote_ipaddr() + Check for utf8 local support and if not found, do not attempt to run the + utf8 tests. Suggested by djm@ -commit 80e766fb089de4f3c92b1600eb99e9495e37c992 -Author: Damien Miller -Date: Sun Jul 24 21:50:13 2016 +1000 +commit 4089fc1885b3a2822204effbb02b74e3da58240d +Author: Darren Tucker +Date: Thu Dec 8 12:57:24 2016 +1100 - crank version numbers + Use AC_PATH_TOOL for krb5-config. + + This will use the host-prefixed version when cross compiling; patch from + david.michael at coreos.com. -commit b1a478792d458f2e938a302e64bab2b520edc1b3 +commit b4867e0712c89b93be905220c82f0a15e6865d1e Author: djm@openbsd.org -Date: Sun Jul 24 11:45:36 2016 +0000 +Date: Tue Dec 6 07:48:01 2016 +0000 upstream commit - openssh-7.3 + make IdentityFile successfully load and use certificates that + have no corresponding bare public key. E.g. just a private id_rsa and + certificate id_rsa-cert.pub (and no id_rsa.pub). + + bz#2617 ok dtucker@ - Upstream-ID: af106a7eb665f642648cf1993e162c899f358718 + Upstream-ID: c1e9699b8c0e3b63cc4189e6972e3522b6292604 -commit 353766e0881f069aeca30275ab706cd60a1a8fdd -Author: Darren Tucker -Date: Sat Jul 23 16:14:42 2016 +1000 +commit c9792783a98881eb7ed295680013ca97a958f8ac +Author: Damien Miller +Date: Fri Nov 25 14:04:21 2016 +1100 - Move Cygwin IPPORT_RESERVED overrride to defines.h + Add a gnome-ssh-askpass3 target for GTK+3 version - Patch from vinschen at redhat.com. + Based on patch from Colin Watson via bz#2640 -commit 368dd977ae07afb93f4ecea23615128c95ab2b32 -Author: djm@openbsd.org -Date: Sat Jul 23 02:54:08 2016 +0000 +commit 7be85ae02b9de0993ce0a1d1e978e11329f6e763 +Author: Damien Miller +Date: Fri Nov 25 14:03:53 2016 +1100 - upstream commit - - fix pledge violation with ssh -f; reported by Valentin - Kozamernik ok dtucker@ + Make gnome-ssh-askpass2.c GTK+3-friendly - Upstream-ID: a61db7988db88d9dac3c4dd70e18876a8edf84aa + Patch from Colin Watson via bz#2640 -commit f00211e3c6d24d6ea2b64b4b1209f671f6c1d42e +commit b9844a45c7f0162fd1b5465683879793d4cc4aaa Author: djm@openbsd.org -Date: Fri Jul 22 07:00:46 2016 +0000 +Date: Sun Dec 4 23:54:02 2016 +0000 upstream commit - improve wording; suggested by jmc@ + Fix public key authentication when multiple + authentication is in use. Instead of deleting and re-preparing the entire + keys list, just reset the 'used' flags; the keys list is already in a good + order (with already- tried keys at the back) + + Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@ - Upstream-ID: 55cb0a24c8e0618b3ceec80998dc82c85db2d2f8 + Upstream-ID: 7123f12dc2f3bcaae715853035a97923d7300176 -commit 83cbca693c3b0719270e6a0f2efe3f9ee93a65b8 +commit f2398eb774075c687b13af5bc22009eb08889abe Author: dtucker@openbsd.org -Date: Fri Jul 22 05:46:11 2016 +0000 +Date: Sun Dec 4 22:27:25 2016 +0000 upstream commit - Lower loglevel for "Authenticated with partial success" - message similar to other similar level. bz#2599, patch from cgallek at - gmail.com, ok markus@ - - Upstream-ID: 3faab814e947dc7b2e292edede23e94c608cb4dd - -commit 10358abd087ab228b7ce2048efc4f3854a9ab9a6 -Author: Damien Miller -Date: Fri Jul 22 14:06:36 2016 +1000 - - retry waitpid on EINTR failure + Unlink PidFile on SIGHUP and always recreate it when the + new sshd starts. Regression tests (and possibly other things) depend on the + pidfile being recreated after SIGHUP, and unlinking it means it won't contain + a stale pid if sshd fails to restart. ok djm@ markus@ - patch from Jakub Jelen on bz#2581; ok dtucker@ + Upstream-ID: 132dd6dda0c77dd49d2f15b2573b5794f6160870 -commit da88a70a89c800e74ea8e5661ffa127a3cc79a92 +commit 85aa2efeba51a96bf6834f9accf2935d96150296 Author: djm@openbsd.org -Date: Fri Jul 22 03:47:36 2016 +0000 +Date: Wed Nov 30 03:01:33 2016 +0000 upstream commit - constify a few functions' arguments; patch from Jakub - Jelen bz#2581 + test new behaviour of cert force-command restriction vs. + authorized_key/ principals - Upstream-ID: f2043f51454ea37830ff6ad60c8b32b4220f448d + Upstream-Regress-ID: 399efa7469d40c404c0b0a295064ce75d495387c -commit c36d91bd4ebf767f310f7cea88d61d1c15f53ddf -Author: djm@openbsd.org -Date: Fri Jul 22 03:39:13 2016 +0000 +commit 5d333131cd8519d022389cfd3236280818dae1bc +Author: jmc@openbsd.org +Date: Wed Nov 30 06:54:26 2016 +0000 upstream commit - move debug("%p", key) to before key is free'd; probable - undefined behaviour on strict compilers; reported by Jakub Jelen bz#2581 + tweak previous; while here fix up FILES and AUTHORS; - Upstream-ID: 767f323e1f5819508a0e35e388ec241bac2f953a + Upstream-ID: 93f6e54086145a75df8d8ec7d8689bdadbbac8fa -commit 286f5a77c3bfec1e8892ca268087ac885ac871bf +commit 786d5994da79151180cb14a6cf157ebbba61c0cc Author: djm@openbsd.org -Date: Fri Jul 22 03:35:11 2016 +0000 +Date: Wed Nov 30 03:07:37 2016 +0000 upstream commit - reverse the order in which -J/JumpHost proxies are visited to - be more intuitive and document - - reported by and manpage bits naddy@ + add a whitelist of paths from which ssh-agent will load + (via ssh-pkcs11-helper) a PKCS#11 module; ok markus@ - Upstream-ID: 3a68fd6a841fd6cf8cedf6552a9607ba99df179a + Upstream-ID: fe79769469d9cd6d26fe0dc15751b83ef2a06e8f -commit fcd135c9df440bcd2d5870405ad3311743d78d97 -Author: dtucker@openbsd.org -Date: Thu Jul 21 01:39:35 2016 +0000 +commit 7844f357cdd90530eec81340847783f1f1da010b +Author: djm@openbsd.org +Date: Wed Nov 30 03:00:05 2016 +0000 upstream commit - Skip passwords longer than 1k in length so clients can't - easily DoS sshd by sending very long passwords, causing it to spend CPU - hashing them. feedback djm@, ok markus@. + Add a sshd_config DisableForwaring option that disables + X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as + anything else we might implement in the future. - Brought to our attention by tomas.kuthan at oracle.com, shilei-c at - 360.cn and coredump at autistici.org + This, like the 'restrict' authorized_keys flag, is intended to be a + simple and future-proof way of restricting an account. Suggested as + a complement to 'restrict' by Jann Horn; ok markus@ - Upstream-ID: d0af7d4a2190b63ba1d38eec502bc4be0be9e333 + Upstream-ID: 203803f66e533a474086b38a59ceb4cf2410fcf7 -commit 324583e8fb3935690be58790425793df619c6d4d -Author: naddy@openbsd.org -Date: Wed Jul 20 10:45:27 2016 +0000 +commit fd6dcef2030d23c43f986d26979f84619c10589d +Author: djm@openbsd.org +Date: Wed Nov 30 02:57:40 2016 +0000 upstream commit - Do not clobber the global jump_host variables when - parsing an inactive configuration. ok djm@ + When a forced-command appears in both a certificate and + an authorized keys/principals command= restriction, refuse to accept the + certificate unless they are identical. - Upstream-ID: 5362210944d91417d5976346d41ac0b244350d31 - -commit 32d921c323b989d28405e78d0a8923d12913d737 -Author: jmc@openbsd.org -Date: Tue Jul 19 12:59:16 2016 +0000 - - upstream commit + The previous (documented) behaviour of having the certificate forced- + command override the other could be a bit confused and more error-prone. - tweak previous; + Pointed out by Jann Horn of Project Zero; ok dtucker@ - Upstream-ID: f3c1a5b3f05dff366f60c028728a2b43f15ff534 + Upstream-ID: 79d811b6eb6bbe1221bf146dde6928f92d2cd05f -commit d7eabc86fa049a12ba2c3fb198bd1d51b37f7025 +commit 7fc4766ac78abae81ee75b22b7550720bfa28a33 Author: dtucker@openbsd.org -Date: Tue Jul 19 11:38:53 2016 +0000 - - upstream commit - - Allow wildcard for PermitOpen hosts as well as ports. - bz#2582, patch from openssh at mzpqnxow.com and jjelen at redhat.com. ok - markus@ - - Upstream-ID: af0294e9b9394c4e16e991424ca0a47a7cc605f2 - -commit b98a2a8348e907b3d71caafd80f0be8fdd075943 -Author: markus@openbsd.org -Date: Mon Jul 18 11:35:33 2016 +0000 +Date: Wed Nov 30 00:28:31 2016 +0000 upstream commit - Reduce timing attack against obsolete CBC modes by always - computing the MAC over a fixed size of data. Reported by Jean Paul - Degabriele, Kenny Paterson, Torben Hansen and Martin Albrecht. ok djm@ + On startup, check to see if sshd is already daemonized + and if so, skip the call to daemon() and do not rewrite the PidFile. This + means that when sshd re-execs itself on SIGHUP the process ID will no longer + change. Should address bz#2641. ok djm@ markus@. - Upstream-ID: f20a13279b00ba0afbacbcc1f04e62e9d41c2912 + Upstream-ID: 5ea0355580056fb3b25c1fd6364307d9638a37b9 -commit dbf788b4d9d9490a5fff08a7b09888272bb10fcc -Author: Darren Tucker -Date: Thu Jul 21 14:17:31 2016 +1000 +commit c9f880c195c65f1dddcbc4ce9d6bfea7747debcc +Author: Damien Miller +Date: Wed Nov 30 13:51:49 2016 +1100 - Search users for one with a valid salt. + factor out common PRNG reseed before privdrop - If the root account is locked (eg password "!!" or "*LK*") keep looking - until we find a user with a valid salt to use for crypting passwords of - invalid users. ok djm@ + Add a call to RAND_poll() to ensure than more than pid+time gets + stirred into child processes states. Prompted by analysis from Jann + Horn at Project Zero. ok dtucker@ -commit e8b58f48fbb1b524fb4f0d4865fa0005d6a4b782 -Author: Darren Tucker -Date: Mon Jul 18 17:22:49 2016 +1000 +commit 79e4829ec81dead1b30999e1626eca589319a47f +Author: dtucker@openbsd.org +Date: Fri Nov 25 03:02:01 2016 +0000 - Explicitly specify source files for regress tools. + upstream commit - Since adding $(REGRESSLIBS), $? is wrong because it includes only the - changed source files. $< seems like it'd be right however it doesn't - seem to work on some non-GNU makes, so do what works everywhere. - -commit eac1bbd06872c273f16ac0f9976b0aef026b701b -Author: Darren Tucker -Date: Mon Jul 18 17:12:22 2016 +1000 - - Conditionally include err.h. - -commit 0a454147568746c503f669e1ba861f76a2e7a585 -Author: Darren Tucker -Date: Mon Jul 18 16:26:26 2016 +1000 - - Remove local implementation of err, errx. + Allow PuTTY interop tests to run unattended. bz#2639, + patch from cjwatson at debian.org. - We now have a shared implementation in libopenbsd-compat. + Upstream-Regress-ID: 4345253558ac23b2082aebabccd48377433b6fe0 -commit eb999a4590846ba4d56ddc90bd07c23abfbab7b1 -Author: djm@openbsd.org -Date: Mon Jul 18 06:08:01 2016 +0000 +commit 504c3a9a1bf090f6b27260fc3e8ea7d984d163dc +Author: dtucker@openbsd.org +Date: Fri Nov 25 02:56:49 2016 +0000 upstream commit - Add some unsigned overflow checks for extra_pad. None of - these are reachable with the amount of padding that we use internally. - bz#2566, pointed out by Torben Hansen. ok markus@ - - Upstream-ID: 4d4be8450ab2fc1b852d5884339f8e8c31c3fd76 - -commit c71ba790c304545464bb494de974cdf0f4b5cf1e -Author: Darren Tucker -Date: Mon Jul 18 15:43:25 2016 +1000 - - Add dependency on libs for unit tests. + Reverse args to sshd-log-wrapper. Matches change in + portable, where it allows sshd do be optionally run under Valgrind. - Makes "./configure && make tests" work again. ok djm@ - -commit 8199d0311aea3e6fd0284c9025e7a83f4ece79e8 -Author: Darren Tucker -Date: Mon Jul 18 13:47:39 2016 +1000 - - Correct location for kexfuzz in clean target. + Upstream-Regress-ID: b438d1c6726dc5caa2a45153e6103a0393faa906 -commit 01558b7b07af43da774d3a11a5c51fa9c310849d -Author: Darren Tucker -Date: Mon Jul 18 09:33:25 2016 +1000 +commit bd13017736ec2f8f9ca498fe109fb0035f322733 +Author: dtucker@openbsd.org +Date: Fri Nov 25 02:49:18 2016 +0000 - Handle PAM_MAXTRIES from modules. + upstream commit - bz#2249: handle the case where PAM returns PAM_MAXTRIES by ceasing to offer - password and keyboard-interative authentication methods. Should prevent - "sshd ignoring max retries" warnings in the log. ok djm@ + Fix typo in trace message; from portable. - It probably won't trigger with keyboard-interactive in the default - configuration because the retry counter is stored in module-private - storage which goes away with the sshd PAM process (see bz#688). On the - other hand, those cases probably won't log a warning either. + Upstream-Regress-ID: 4c4a2ba0d37faf5fd230a91b4c7edb5699fbd73a -commit 65c6c6b567ab5ab12945a5ad8e0ab3a8c26119cc -Author: djm@openbsd.org -Date: Sun Jul 17 04:20:16 2016 +0000 +commit 7da751d8b007c7f3e814fd5737c2351440d78b4c +Author: tb@openbsd.org +Date: Tue Nov 1 13:43:27 2016 +0000 upstream commit - support UTF-8 characters in ssh(1) banners using - schwarze@'s safe fmprintf printer; bz#2058 + Clean up MALLOC_OPTIONS. For the unittests, move + MALLOC_OPTIONS and TEST_ENV to unittets/Makefile.inc. - feedback schwarze@ ok dtucker@ + ok otto - Upstream-ID: a72ce4e3644c957643c9524eea2959e41b91eea7 + Upstream-Regress-ID: 890d497e0a38eeddfebb11cc429098d76cf29f12 -commit e4eb7d910976fbfc7ce3e90c95c11b07b483d0d7 -Author: jmc@openbsd.org -Date: Sat Jul 16 06:57:55 2016 +0000 +commit 36f58e68221bced35e06d1cca8d97c48807a8b71 +Author: tb@openbsd.org +Date: Mon Oct 31 23:45:08 2016 +0000 upstream commit - - add proxyjump to the options list - formatting fixes - - update usage() + Remove the obsolete A and P flags from MALLOC_OPTIONS. - ok djm + ok dtucker - Upstream-ID: 43d318e14ce677a2eec8f21ef5ba2f9f68a59457 + Upstream-Regress-ID: 6cc25024c8174a87e5734a0dc830194be216dd59 -commit af1f084857621f14bd9391aba8033d35886c2455 +commit b0899ee26a6630883c0f2350098b6a35e647f512 Author: dtucker@openbsd.org -Date: Fri Jul 15 05:01:58 2016 +0000 +Date: Tue Nov 29 03:54:50 2016 +0000 upstream commit - Reduce the syslog level of some relatively common protocol - events from LOG_CRIT by replacing fatal() calls with logdie(). Part of - bz#2585, ok djm@ - - Upstream-ID: 9005805227c94edf6ac02a160f0e199638d288e5 - -commit bd5f2b78b69cf38d6049a0de445a79c8595e4a1f -Author: Damien Miller -Date: Fri Jul 15 19:14:48 2016 +1000 - - missing openssl/dh.h - -commit 4a984fd342effe5f0aad874a0d538c4322d973c0 -Author: Damien Miller -Date: Fri Jul 15 18:47:07 2016 +1000 - - cast to avoid type warning in error message - -commit 5abfb15ced985c340359ae7fb65a625ed3692b3e -Author: Darren Tucker -Date: Fri Jul 15 14:48:30 2016 +1000 - - Move VA_COPY macro into compat header. - - Some AIX compilers unconditionally undefine va_copy but don't set it back - to an internal function, causing link errors. In some compat code we - already use VA_COPY instead so move the two existing instances into the - shared header and use for sshbuf-getput-basic.c too. Should fix building - with at lease some versions of AIX's compiler. bz#2589, ok djm@ - -commit 832b7443b7a8e181c95898bc5d73497b7190decd -Author: Damien Miller -Date: Fri Jul 15 14:45:34 2016 +1000 - - disable ciphers not supported by OpenSSL - - bz#2466 ok dtucker@ - -commit 5fbe93fc6fbb2fe211e035703dec759d095e3dd8 -Author: Damien Miller -Date: Fri Jul 15 13:54:31 2016 +1000 - - add a --disable-pkcs11 knob - -commit 679ce88ec2a8e2fe6515261c489e8c1449bb9da9 -Author: Damien Miller -Date: Fri Jul 15 13:44:38 2016 +1000 - - fix newline escaping for unsupported_algorithms + Factor out code to disconnect from controlling terminal + into its own function. ok djm@ - The hmac-ripemd160 was incorrect and could lead to broken - Makefiles on systems that lacked support for it, but I made - all the others consistent too. + Upstream-ID: 39fd9e8ebd7222615a837312face5cc7ae962885 -commit ed877ef653847d056bb433975d731b7a1132a979 +commit 54d022026aae4f53fa74cc636e4a032d9689b64d Author: djm@openbsd.org -Date: Fri Jul 15 00:24:30 2016 +0000 +Date: Fri Nov 25 23:24:45 2016 +0000 upstream commit - Add a ProxyJump ssh_config(5) option and corresponding -J - ssh(1) command-line flag to allow simplified indirection through a SSH - bastion or "jump host". - - These options construct a proxy command that connects to the - specified jump host(s) (more than one may be specified) and uses - port-forwarding to establish a connection to the next destination. - - This codifies the safest way of indirecting connections through SSH - servers and makes it easy to use. - - ok markus@ + use sshbuf_allocate() to pre-allocate the buffer used for + loading keys. This avoids implicit realloc inside the buffer code, which + might theoretically leave fragments of the key on the heap. This doesn't + appear to happen in practice for normal sized keys, but was observed for + novelty oversize ones. - Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397 - -commit 5c02dd126206a26785379e80f2d3848e4470b711 -Author: Darren Tucker -Date: Fri Jul 15 12:56:39 2016 +1000 - - Map umac_ctx struct name too. + Pointed out by Jann Horn of Project Zero; ok markus@ - Prevents size mismatch linker warnings on Solaris 11. + Upstream-ID: d620e1d46a29fdea56aeadeda120879eddc60ab1 -commit 283b97ff33ea2c641161950849931bd578de6946 -Author: Darren Tucker -Date: Fri Jul 15 13:49:44 2016 +1000 +commit a9c746088787549bb5b1ae3add7d06a1b6d93d5e +Author: djm@openbsd.org +Date: Fri Nov 25 23:22:04 2016 +0000 - Mitigate timing of disallowed users PAM logins. + upstream commit - When sshd decides to not allow a login (eg PermitRootLogin=no) and - it's using PAM, it sends a fake password to PAM so that the timing for - the failure is not noticeably different whether or not the password - is correct. This behaviour can be detected by sending a very long - password string which is slower to hash than the fake password. + split allocation out of sshbuf_reserve() into a separate + sshbuf_allocate() function; ok markus@ - Mitigate by constructing an invalid password that is the same length - as the one from the client and thus takes the same time to hash. - Diff from djm@ + Upstream-ID: 11b8a2795afeeb1418d508a2c8095b3355577ec2 -commit 9286875a73b2de7736b5e50692739d314cd8d9dc -Author: Darren Tucker -Date: Fri Jul 15 13:32:45 2016 +1000 +commit f0ddedee460486fa0e32fefb2950548009e5026e +Author: markus@openbsd.org +Date: Wed Nov 23 23:14:15 2016 +0000 - Determine appropriate salt for invalid users. - - When sshd is processing a non-PAM login for a non-existent user it uses - the string from the fakepw structure as the salt for crypt(3)ing the - password supplied by the client. That string has a Blowfish prefix, so on - systems that don't understand that crypt will fail fast due to an invalid - salt, and even on those that do it may have significantly different timing - from the hash methods used for real accounts (eg sha512). This allows - user enumeration by, eg, sending large password strings. This was noted - by EddieEzra.Harari at verint.com (CVE-2016-6210). + upstream commit - To mitigate, use the same hash algorithm that root uses for hashing - passwords for users that do not exist on the system. ok djm@ - -commit a162dd5e58ca5b224d7500abe35e1ef32b5de071 -Author: Darren Tucker -Date: Thu Jul 14 21:19:59 2016 +1000 - - OpenSSL 1.1.x not currently supported. - -commit 7df91b01fc558a33941c5c5f31abbcdc53a729fb -Author: Darren Tucker -Date: Thu Jul 14 12:25:24 2016 +1000 - - Check for VIS_ALL. + allow ClientAlive{Interval,CountMax} in Match; ok dtucker, + djm - If we don't have it, set BROKEN_STRNVIS to activate the compat replacement. + Upstream-ID: 8beb4c1eadd588f1080b58932281983864979f55 -commit ee67716f61f1042d5e67f91c23707cca5dcdd7d0 -Author: dtucker@openbsd.org -Date: Thu Jul 14 01:24:21 2016 +0000 +commit 1a6f9d2e2493d445cd9ee496e6e3c2a2f283f66a +Author: djm@openbsd.org +Date: Tue Nov 8 22:04:34 2016 +0000 upstream commit - Correct equal in test. + unbreak DenyUsers; reported by henning@ - Upstream-Regress-ID: 4e32f7a5c57a619c4e8766cb193be2a1327ec37a + Upstream-ID: 1c67d4148f5e953c35acdb62e7c08ae8e33f7cb2 -commit 372807c2065c8572fdc6478b25cc5ac363743073 -Author: tb@openbsd.org -Date: Mon Jul 11 21:38:13 2016 +0000 +commit 010359b32659f455fddd2bd85fd7cc4d7a3b994a +Author: djm@openbsd.org +Date: Sun Nov 6 05:46:37 2016 +0000 upstream commit - Add missing "recvfd" pledge promise: Raf Czlonka reported - ssh coredumps when Control* keywords were set in ssh_config. This patch also - fixes similar problems with scp and sftp. + Validate address ranges for AllowUser/DenyUsers at + configuration load time and refuse to accept bad ones. It was previously + possible to specify invalid CIDR address ranges (e.g. djm@127.1.2.3/55) and + these would always match. - ok deraadt, looks good to millert + Thanks to Laurence Parry for a detailed bug report. ok markus (for + a previous diff version) - Upstream-ID: ca2099eade1ef3e87a79614fefa26a0297ad8a3b + Upstream-ID: 9dfcdd9672b06e65233ea4434c38226680d40bfb -commit e0453f3df64bf485c61c7eb6bd12893eee9fe2cd -Author: tedu@openbsd.org -Date: Mon Jul 11 03:19:44 2016 +0000 +commit efb494e81d1317209256b38b49f4280897c61e69 +Author: djm@openbsd.org +Date: Fri Oct 28 03:33:52 2016 +0000 upstream commit - obsolete note about fascistloggin is obsolete. ok djm - dtucker + Improve pkcs11_add_provider() logging: demote some + excessively verbose error()s to debug()s, include PKCS#11 provider name and + slot in log messages where possible. bz#2610, based on patch from Jakub Jelen - Upstream-ID: dae60df23b2bb0e89f42661ddd96a7b0d1b7215a + Upstream-ID: 3223ef693cfcbff9079edfc7e89f55bf63e1973d -commit a2333584170a565adf4f209586772ef8053b10b8 +commit 5ee3fb5affd7646f141749483205ade5fc54adaf Author: Darren Tucker -Date: Thu Jul 14 10:59:09 2016 +1000 +Date: Tue Nov 1 08:12:33 2016 +1100 - Add compat code for missing wcwidth. - - If we don't have wcwidth force fallback implementations of nl_langinfo - and mbtowc. Based on advice from Ingo Schwarze. + Use ptrace(PT_DENY_ATTACH, ..) on OS X. -commit 8aaec7050614494014c47510b7e94daf6e644c62 +commit 315d2a4e674d0b7115574645cb51f968420ebb34 Author: Damien Miller -Date: Thu Jul 14 09:48:48 2016 +1000 +Date: Fri Oct 28 14:34:07 2016 +1100 - fix missing include for systems with err.h + Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL + + ok dtucker@ -commit 6310ef27a2567cda66d6cf0c1ad290ee1167f243 +commit a9ff3950b8e80ff971b4d44bbce96df27aed28af Author: Darren Tucker -Date: Wed Jul 13 14:42:35 2016 +1000 +Date: Fri Oct 28 14:26:58 2016 +1100 - Move err.h replacements into compat lib. + Move OPENSSL_NO_RIPEMD160 to compat. - Move implementations of err.h replacement functions into their own file - in the libopenbsd-compat so we can use them in kexfuzz.c too. ok djm@ + Move OPENSSL_NO_RIPEMD160 to compat and add ifdefs to mac.c around the + ripemd160 MACs. -commit f3f2cc8386868f51440c45210098f65f9787449a +commit bce58885160e5db2adda3054c3b81fe770f7285a Author: Darren Tucker -Date: Mon Jul 11 17:23:38 2016 +1000 +Date: Fri Oct 28 13:52:31 2016 +1100 - Check for wchar.h and langinfo.h - - Wrap includes in the appropriate #ifdefs. + Check if RIPEMD160 is disabled in OpenSSL. -commit b9c50614eba9d90939b2b119b6e1b7e03b462278 -Author: Damien Miller -Date: Fri Jul 8 13:59:13 2016 +1000 +commit d924640d4c355d1b5eca1f4cc60146a9975dbbff +Author: Darren Tucker +Date: Fri Oct 28 13:38:19 2016 +1100 - whitelist more architectures for seccomp-bpf + Skip ssh1 specfic ciphers. - bz#2590 - testing and patch from Jakub Jelen + cipher-3des1.c and cipher-bf1.c are specific to sshv1 so don't even try + to compile them when Protocol 1 is not enabled. -commit 18813a32b6fd964037e0f5e1893cb4468ac6a758 -Author: guenther@openbsd.org -Date: Mon Jul 4 18:01:44 2016 +0000 +commit 79d078e7a49caef746516d9710ec369ba45feab6 +Author: jsg@openbsd.org +Date: Tue Oct 25 04:08:13 2016 +0000 upstream commit - DEBUGLIBS has been broken since the gcc4 switch, so delete - it. CFLAGS contains -g by default anyway + Fix logic in add_local_forward() that inverted a test + when code was refactored out into bind_permitted(). This broke ssh port + forwarding for non-priv ports as a non root user. - problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) - ok millert@ kettenis@ deraadt@ + ok dtucker@ 'looks good' deraadt@ - Upstream-Regress-ID: 4a0bb72f95c63f2ae9daa8a040ac23914bddb542 + Upstream-ID: ddb8156ca03cc99997de284ce7777536ff9570c9 -commit 6d31193d0baa3da339c196ac49625b7ba1c2ecc7 -Author: djm@openbsd.org -Date: Fri Jul 8 03:44:42 2016 +0000 +commit a903e315dee483e555c8a3a02c2946937f9b4e5d +Author: dtucker@openbsd.org +Date: Mon Oct 24 01:09:17 2016 +0000 upstream commit - Improve crypto ordering for Encrypt-then-MAC (EtM) mode - MAC algorithms. - - Previously we were computing the MAC, decrypting the packet and then - checking the MAC. This gave rise to the possibility of creating a - side-channel oracle in the decryption step, though no such oracle has - been identified. - - This adds a mac_check() function that computes and checks the MAC in - one pass, and uses it to advance MAC checking for EtM algorithms to - before payload decryption. - - Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and - Martin Albrecht. feedback and ok markus@ + Remove dead breaks, found via opencoverage.net. ok + deraadt@ - Upstream-ID: 1999bb67cab47dda5b10b80d8155fe83d4a1867b + Upstream-ID: ad9cc655829d67fad219762810770787ba913069 -commit 71f5598f06941f645a451948c4a5125c83828e1c -Author: guenther@openbsd.org -Date: Mon Jul 4 18:01:44 2016 +0000 +commit b4e96b4c9bea4182846e4942ba2048e6d708ee54 +Author: Darren Tucker +Date: Wed Oct 26 08:43:25 2016 +1100 - upstream commit - - DEBUGLIBS has been broken since the gcc4 switch, so - delete it. CFLAGS contains -g by default anyway - - problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) - ok millert@ kettenis@ deraadt@ + Use !=NULL instead of >0 for getdefaultproj. - Upstream-ID: 96c5054e3e1f170c6276902d5bc65bb3b87a2603 + getdefaultproj() returns a pointer so test it for NULL inequality + instead of >0. Fixes compiler warning and is more correct. Patch from + David Binderman. -commit e683fc6f1c8c7295648dbda679df8307786ec1ce +commit 1c4ef0b808d3d38232aeeb1cebb7e9a43def42c5 Author: dtucker@openbsd.org -Date: Thu Jun 30 05:17:05 2016 +0000 +Date: Sun Oct 23 22:04:05 2016 +0000 upstream commit - Explicitly check for 100% completion to avoid potential - floating point rounding error, which could cause progressmeter to report 99% - on completion. While there invert the test so the 100% case is clearer. with - & ok djm@ + Factor out "can bind to low ports" check into its own function. This will + make it easier for Portable to support platforms with permissions models + other than uid==0 (eg bz#2625). ok djm@, "doesn't offend me too much" + deraadt@. - Upstream-ID: a166870c5878e422f3c71ff802e2ccd7032f715d + Upstream-ID: 86213df4183e92b8f189a6d2dac858c994bfface -commit 772e6cec0ed740fc7db618dc30b4134f5a358b43 -Author: jmc@openbsd.org -Date: Wed Jun 29 17:14:28 2016 +0000 +commit 0b9ee623d57e5de7e83e66fd61a7ba9a5be98894 +Author: dtucker@openbsd.org +Date: Wed Oct 19 23:21:56 2016 +0000 upstream commit - sort the -o list; + When tearing down ControlMaster connecctions, don't + pollute stderr when LogLevel=quiet. Patch from Tim Kuijsten via tech@. - Upstream-ID: 1a97465ede8790b4d47cb618269978e07f41f8ac + Upstream-ID: d9b3a68b2a7c2f2fc7f74678e29a4618d55ceced -commit 46ecd19e554ccca15a7309cd1b6b44bc8e6b84af -Author: djm@openbsd.org -Date: Thu Jun 23 05:17:51 2016 +0000 +commit 09e6a7d8354224933febc08ddcbc2010f542284e +Author: Darren Tucker +Date: Mon Oct 24 09:06:18 2016 +1100 - upstream commit - - fix AuthenticationMethods during configuration re-parse; - reported by Juan Francisco Cantero Hurtado - - Upstream-ID: 8ffa1dac25c7577eca8238e825317ab20848f9b4 + Wrap stdint.h include in ifdef. -commit 3147e7595d0f2f842a666c844ac53e6c7a253d7e -Author: djm@openbsd.org -Date: Sun Jun 19 07:48:02 2016 +0000 +commit 08d9e9516e587b25127545c029e5464b2e7f2919 +Author: Darren Tucker +Date: Fri Oct 21 09:46:46 2016 +1100 - upstream commit - - revert 1.34; causes problems loading public keys - - reported by semarie@ - - Upstream-ID: b393794f8935c8b15d98a407fe7721c62d2ed179 + Fix formatting. -commit ad23a75509f4320d43f628c50f0817e3ad12bfa7 -Author: jmc@openbsd.org -Date: Fri Jun 17 06:33:30 2016 +0000 +commit 461f50e7ab8751d3a55e9158c44c13031db7ba1d +Author: Darren Tucker +Date: Fri Oct 21 06:55:58 2016 +1100 - upstream commit + Update links to https. - grammar fix; + www.openssh.com now supports https and ftp.openbsd.org no longer + supports ftp. Make all links to these https. + +commit dd4e7212a6141f37742de97795e79db51e4427ad +Author: Darren Tucker +Date: Fri Oct 21 06:48:46 2016 +1100 + + Update host key generation examples. - Upstream-ID: 5d5b21c80f1e81db367333ce0bb3e5874fb3e463 + Remove ssh1 host key generation, add ssh-keygen -A -commit 5e28b1a2a3757548b40018cc2493540a17c82e27 -Author: djm@openbsd.org -Date: Fri Jun 17 05:06:23 2016 +0000 +commit 6d49ae82634c67e9a4d4af882bee20b40bb8c639 +Author: Darren Tucker +Date: Fri Oct 21 05:22:55 2016 +1100 - upstream commit + Update links. - translate OpenSSL error codes to something more - meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@ + Make links to openssh.com HTTPS now that it's supported, point release + notes link to the HTML release notes page, and update a couple of other + links and bits of text. + +commit fe0d1ca6ace06376625084b004ee533f2c2ea9d6 +Author: Darren Tucker +Date: Thu Oct 20 03:42:09 2016 +1100 + + Remote channels .orig and .rej files. - Upstream-ID: 4cb0795a366381724314e6515d57790c5930ffe5 + These files were incorrectly added during an OpenBSD sync. -commit b64faeb5eda7eff8210c754d00464f9fe9d23de5 -Author: djm@openbsd.org -Date: Fri Jun 17 05:03:40 2016 +0000 +commit 246aa842a4ad368d8ce030495e657ef3a0e1f95c +Author: dtucker@openbsd.org +Date: Tue Oct 18 17:32:54 2016 +0000 upstream commit - ban AuthenticationMethods="" and accept - AuthenticationMethods=any for the default behaviour of not requiring multiple - authentication - - bz#2398 from Jakub Jelen; ok dtucker@ + Remove channel_input_port_forward_request(); the only caller + was the recently-removed SSH1 server code so it's now dead code. ok markus@ - Upstream-ID: fabd7f44d59e4518d241d0d01e226435cc23cf27 + Upstream-ID: 05453983230a1f439562535fec2818f63f297af9 -commit 9816fc5daee5ca924dd5c4781825afbaab728877 -Author: dtucker@openbsd.org -Date: Thu Jun 16 11:00:17 2016 +0000 +commit 2c6697c443d2c9c908260eed73eb9143223e3ec9 +Author: millert@openbsd.org +Date: Tue Oct 18 12:41:22 2016 +0000 upstream commit - Include stdarg.h for va_copy as per man page. + Install a signal handler for tty-generated signals and + wait for the ssh child to suspend before suspending sftp. This lets ssh + restore the terminal mode as needed when it is suspended at the password + prompt. OK dtucker@ - Upstream-ID: 105d6b2f1af2fbd9d91c893c436ab121434470bd + Upstream-ID: a31c1f42aa3e2985dcc91e46e6a17bd22e372d69 -commit b6cf84b51bc0f5889db48bf29a0c771954ade283 +commit fd2a8f1033fa2316fff719fd5176968277560158 Author: jmc@openbsd.org -Date: Thu Jun 16 06:10:45 2016 +0000 +Date: Sat Oct 15 19:56:25 2016 +0000 upstream commit - keys stored in openssh format can have comments too; diff - from yonas yanfa, tweaked a bit; - - ok djm + various formatting fixes, specifically removing Dq; - Upstream-ID: 03d48536da6e51510d73ade6fcd44ace731ceb27 + Upstream-ID: 81e85df2b8e474f5f93d66e61d9a4419ce87347c -commit aa37768f17d01974b6bfa481e5e83841b6c76f86 +commit 8f866d8a57b9a2dc5dd04504e27f593b551618e3 Author: Darren Tucker -Date: Mon Jun 20 15:55:34 2016 +1000 +Date: Wed Oct 19 03:26:09 2016 +1100 - get_remote_name_or_ip inside LOGIN_NEEDS_UTMPX + Import readpassphrase.c rev 1.26. - Apply the same get_remote_name_or_ip -> session_get_remote_name_or_ip - change as commit 95767262 to the code inside #ifdef LOGIN_NEEDS_UTMPX. - Fixes build on AIX. + Author: miller@openbsd.org: + Avoid generate SIGTTOU when restoring the terminal mode. If we get + SIGTTOU it means the process is not in the foreground process group + which, in most cases, means that the shell has taken control of the tty. + Requiring the user the fg the process in this case doesn't make sense + and can result in both SIGTSTP and SIGTTOU being sent which can lead to + the process being suspended again immediately after being brought into + the foreground. -commit 009891afc8df37bc2101e15d1e0b6433cfb90549 +commit f901440cc844062c9bab0183d133f7ccc58ac3a5 Author: Darren Tucker -Date: Fri Jun 17 14:34:09 2016 +1000 - - Remove duplicate code from PAM. ok djm@ - -commit e690fe85750e93fca1fb7c7c8587d4130a4f7aba -Author: dtucker@openbsd.org -Date: Wed Jun 15 00:40:40 2016 +0000 +Date: Wed Oct 19 03:23:16 2016 +1100 - upstream commit + Import readpassphrase.c rev 1.25. - Remove "POSSIBLE BREAK-IN ATTEMPT!" from log message - about forward and reverse DNS not matching. We haven't supported IP-based - auth methods for a very long time so it's now misleading. part of bz#2585, - ok markus@ + Wrap so internal calls go direct and + readpassphrase is weak. - Upstream-ID: 5565ef0ee0599b27f0bd1d3bb1f8a323d8274e29 + (DEF_WEAK is a no-op in portable.) -commit 57b4ee04cad0d3e0fec1194753b0c4d31e39a1cd +commit 032147b69527e5448a511049b2d43dbcae582624 Author: Darren Tucker -Date: Wed Jun 15 11:22:38 2016 +1000 +Date: Sat Oct 15 05:51:12 2016 +1100 - Move platform_disable_tracing into its own file. + Move DEF_WEAK into defines.h. - Prevents link errors resolving the extern "options" when platform.o - gets linked into ssh-agent when building --with-pam. + As well pull in more recent changes from OpenBSD these will start to + arrive so put it where the definition is shared. -commit 78dc8e3724e30ee3e1983ce013e80277dc6ca070 +commit e0259a82ddd950cfb109ddee86fcebbc09c6bd04 Author: Darren Tucker -Date: Tue Jun 14 13:55:12 2016 +1000 +Date: Sat Oct 15 04:34:46 2016 +1100 - Track skipped upstream commit IDs. - - There are a small number of "upstream" commits that do not correspond to - a file in -portable. This file tracks those so that we can reconcile - OpenBSD and Portable to ensure that no commits are accidentally missed. - - If you add something to .skipped-commit-ids please also add an upstream - ID line in the following format when you commit it. + Remove do_pam_set_tty which is dead code. - Upstream-ID: 321065a95a7ccebdd5fd08482a1e19afbf524e35 - Upstream-ID: d4f699a421504df35254cf1c6f1a7c304fb907ca - Upstream-ID: aafe246655b53b52bc32c8a24002bc262f4230f7 - Upstream-ID: 8fa9cd1dee3c3339ae329cf20fb591db6d605120 - Upstream-ID: f31327a48dd4103333cc53315ec53fe65ed8a17a - Upstream-ID: edbfde98c40007b7752a4ac106095e060c25c1ef - Upstream-ID: 052fd565e3ff2d8cec3bc957d1788f50c827f8e2 - Upstream-ID: 7cf73737f357492776223da1c09179fa6ba74660 - Upstream-ID: 180d84674be1344e45a63990d60349988187c1ae - Upstream-ID: f6ae971186ba68d066cd102e57d5b0b2c211a5ee + The callers of do_pam_set_tty were removed in 2008, so this is now dead + code. bz#2604, pointed out by jjelen at redhat.com. -commit 9f919d1a3219d476d6a662d18df058e1c4f36a6f -Author: Darren Tucker -Date: Tue Jun 14 13:51:01 2016 +1000 +commit ca04de83f210959ad2ed870a30ba1732c3ae00e3 +Author: Damien Miller +Date: Thu Oct 13 18:53:43 2016 +1100 - Remove now-defunct .cvsignore files. ok djm + unbreak principals-command test + + Undo inconsistetly updated variable name. -commit 68777faf271efb2713960605c748f6c8a4b26d55 -Author: dtucker@openbsd.org -Date: Wed Jun 8 02:13:01 2016 +0000 +commit 1723ec92eb485ce06b4cbf49712d21975d873909 +Author: djm@openbsd.org +Date: Tue Oct 11 21:49:54 2016 +0000 upstream commit - Back out rev 1.28 "Check min and max sizes sent by the - client" change. It caused "key_verify failed for server_host_key" in clients - that send a DH-GEX min value less that DH_GRP_MIN, eg old OpenSSH and PuTTY. - ok djm@ + fix the KEX fuzzer - the previous method of obtaining the + packet contents was broken. This now uses the new per-packet input hook, so + it sees exact post-decrypt packets and doesn't have to pass packet integrity + checks. ok markus@ - Upstream-ID: 452979d3ca5c1e9dff063287ea0a5314dd091f65 + Upstream-Regress-ID: 402fb6ffabd97de590e8e57b25788949dce8d2fd -commit a86ec4d0737ac5879223e7cd9d68c448df46e169 -Author: Darren Tucker -Date: Tue Jun 14 10:48:27 2016 +1000 +commit 09f997893f109799cddbfce6d7e67f787045cbb2 +Author: natano@openbsd.org +Date: Thu Oct 6 09:31:38 2016 +0000 - Use Solaris setpflags(__PROC_PROTECT, ...). + upstream commit - Where possible, use Solaris setpflags to disable process tracing on - ssh-agent and sftp-server. bz#2584, based on a patch from huieying.lee - at oracle.com, ok djm. - -commit 0f916d39b039fdc0b5baf9b5ab0754c0f11ec573 -Author: Darren Tucker -Date: Tue Jun 14 10:43:53 2016 +1000 - - Shorten prctl code a tiny bit. - -commit 0fb7f5985351fbbcd2613d8485482c538e5123be -Author: Darren Tucker -Date: Thu Jun 9 16:23:07 2016 +1000 - - Move prctl PR_SET_DUMPABLE into platform.c. + Move USER out of the way to unbreak the BUILDUSER + mechanism. ok tb - This should make it easier to add additional platform support such as - Solaris (bz#2584). + Upstream-Regress-ID: 74ab9687417dd071d62316eaadd20ddad1d5af3c -commit e6508898c3cd838324ecfe1abd0eb8cf802e7106 -Author: dtucker@openbsd.org -Date: Fri Jun 3 04:10:41 2016 +0000 +commit 3049a012c482a7016f674db168f23fd524edce27 +Author: bluhm@openbsd.org +Date: Fri Sep 30 11:55:20 2016 +0000 upstream commit - Add a test for ssh(1)'s config file parsing. + In ssh tests set REGRESS_FAIL_EARLY with ?= so that the + environment can change it. OK djm@ - Upstream-Regress-ID: 558b7f4dc45cc3761cc3d3e889b9f3c5bc91e601 + Upstream-Regress-ID: 77bcb50e47b68c7209c7f0a5a020d73761e5143b -commit ab0a536066dfa32def0bd7272c096ebb5eb25b11 -Author: dtucker@openbsd.org -Date: Fri Jun 3 03:47:59 2016 +0000 +commit 39af7b444db28c1cb01b7ea468a4f574a44f375b +Author: djm@openbsd.org +Date: Tue Oct 11 21:47:45 2016 +0000 upstream commit - Add 'sshd' to the test ID as I'm about to add a similar - set for ssh. + Add a per-packet input hook that is called with the + decrypted packet contents. This will be used for fuzzing; ok markus@ - Upstream-Regress-ID: aea7a9c3bac638530165c801ce836875b228ae7a + Upstream-ID: a3221cee6b1725dd4ae1dd2c13841b4784cb75dc -commit a5577c1ed3ecdfe4b7b1107c526cae886fc91afb -Author: schwarze@openbsd.org -Date: Mon May 30 12:14:08 2016 +0000 +commit ec165c392ca54317dbe3064a8c200de6531e89ad +Author: markus@openbsd.org +Date: Mon Oct 10 19:28:48 2016 +0000 upstream commit - stricter malloc.conf(5) options for utf8 tests + Unregister the KEXINIT handler after message has been + received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause + allocation of up to 128MB -- until the connection is closed. Reported by + shilei-c at 360.cn - Upstream-Regress-ID: 111efe20a0fb692fa1a987f6e823310f9b25abf6 + Upstream-ID: 43649ae12a27ef94290db16d1a98294588b75c05 -commit 75f0844b4f29d62ec3a5e166d2ee94b02df819fc -Author: schwarze@openbsd.org -Date: Mon May 30 12:05:56 2016 +0000 +commit 29d40319392e6e19deeca9d45468aa1119846e50 +Author: Darren Tucker +Date: Thu Oct 13 04:07:20 2016 +1100 - upstream commit - - Fix two rare edge cases: 1. If vasprintf() returns < 0, - do not access a NULL pointer in snmprintf(), and do not free() the pointer - returned from vasprintf() because on some systems other than OpenBSD, it - might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and "" - rather than -1 and NULL. - - Besides, free(dst) is pointless after failure (not a bug). + Import rev 1.24 from OpenBSD. - One half OK martijn@, the other half OK deraadt@; - committing quickly before people get hurt. + revision 1.24 + date: 2013/11/24 23:51:29; author: deraadt; state: Exp; lines: +4 -4; + most obvious unsigned char casts for ctype + ok jca krw ingo + +commit 12069e56221de207ed666c2449dedb431a2a7ca2 +Author: Darren Tucker +Date: Thu Oct 13 04:04:44 2016 +1100 + + Import rev 1.23 from OpenBSD. Fixes bz#2619. - Upstream-Regress-ID: b164f20923812c9bac69856dbc1385eb1522cba4 + revision 1.23 + date: 2010/05/14 13:30:34; author: millert; state: Exp; lines: +41 -39; + Defer installing signal handlers until echo is disabled so that we + get suspended normally when not the foreground process. Fix potential + infinite loop when restoring terminal settings if process is in the + background when restore occurs. OK miod@ -commit 016881eb33a7948028848c90f4c7ac42e3af0e87 -Author: schwarze@openbsd.org -Date: Thu May 26 19:14:25 2016 +0000 +commit 7508d83eff89af069760b4cc587305588a64e415 +Author: Darren Tucker +Date: Thu Oct 13 03:53:51 2016 +1100 - upstream commit - - test the new utf8 module + If we don't have TCSASOFT, define it to zero. - Upstream-Regress-ID: c923d05a20e84e4ef152cbec947fdc4ce6eabbe3 + This makes it a no-op when we use it below, which allows us to re-sync + those lines with the upstream and make future updates easier. -commit d4219028bdef448e089376f3afe81ef6079da264 -Author: dtucker@openbsd.org -Date: Tue May 3 15:30:46 2016 +0000 +commit aae4dbd4c058d3b1fe1eb5c4e6ddf35827271377 +Author: jmc@openbsd.org +Date: Fri Oct 7 14:41:52 2016 +0000 upstream commit - Set umask to prevent "Bad owner or permissions" errors. + tidy up the formatting in this file. more specifically, + replace .Dq, which looks appalling, with .Cm, where appropriate; - Upstream-Regress-ID: 8fdf2fc4eb595ccd80c443f474d639f851145417 + Upstream-ID: ff8e90aa0343d9bb56f40a535e148607973cc738 -commit 07d5608bb237e9b3fe86a2aeaa429392230faebf +commit a571dbcc7b7b25371174569b13df5159bc4c6c7a Author: djm@openbsd.org -Date: Tue May 3 14:41:04 2016 +0000 +Date: Tue Oct 4 21:34:40 2016 +0000 upstream commit - support doas + add a comment about implicitly-expected checks to + sshkey_ec_validate_public() - Upstream-Regress-ID: 8d5572b27ea810394eeda432d8b4e9e1064a7c38 + Upstream-ID: 74a7f71c28f7c13a50f89fc78e7863b9cd61713f -commit 01cabf10adc7676cba5f40536a34d3b246edb73f +commit 2f78a2a698f4222f8e05cad57ac6e0c3d1faff00 Author: djm@openbsd.org -Date: Tue May 3 13:48:33 2016 +0000 +Date: Fri Sep 30 20:24:46 2016 +0000 upstream commit - unit tests for sshbuf_dup_string() + fix some -Wpointer-sign warnings in the new mux proxy; ok + markus@ - Upstream-Regress-ID: 7521ff150dc7f20511d1c2c48fd3318e5850a96d + Upstream-ID: b1ba7b3769fbc6b7f526792a215b0197f5e55dfd -commit 6915f1698e3d1dd4e22eac20f435e1dfc1d46372 -Author: jmc@openbsd.org -Date: Fri Jun 3 06:44:12 2016 +0000 +commit ca71c36645fc26fcd739a8cfdc702cec85607761 +Author: bluhm@openbsd.org +Date: Wed Sep 28 20:09:52 2016 +0000 upstream commit - tweak previous; + Add a makefile rule to create the ssh library when + regress needs it. This allows to run the ssh regression tests without doing + a "make build" before. Discussed with dtucker@ and djm@; OK djm@ - Upstream-ID: 92979f1a0b63e041a0e5b08c9ed0ba9b683a3698 + Upstream-Regress-ID: ce489bd53afcd471225a125b4b94565d4717c025 -commit 0cb2f4c2494b115d0f346ed2d8b603ab3ba643f4 -Author: dtucker@openbsd.org -Date: Fri Jun 3 04:09:38 2016 +0000 +commit ce44c970f913d2a047903dba8670554ac42fc479 +Author: bluhm@openbsd.org +Date: Mon Sep 26 21:34:38 2016 +0000 upstream commit - Allow ExitOnForwardFailure and ClearAllForwardings to be - overridden when using ssh -W (but still default to yes in that case). - bz#2577, ok djm@. + Allow to run ssh regression tests as root. If the user + is already root, the test should not expect that SUDO is set. If ssh needs + another user, use sudo or doas to switch from root if necessary. OK dtucker@ - Upstream-ID: 4b20c419e93ca11a861c81c284090cfabc8c54d4 + Upstream-Regress-ID: b464e55185ac4303529e3e6927db41683aaeace2 -commit 8543ff3f5020fe659839b15f05b8c522bde6cee5 -Author: dtucker@openbsd.org -Date: Fri Jun 3 03:14:41 2016 +0000 +commit 8d0578478586e283e751ca51e7b0690631da139a +Author: markus@openbsd.org +Date: Fri Sep 30 09:19:13 2016 +0000 upstream commit - Move the host and port used by ssh -W into the Options - struct. This will make future changes a bit easier. ok djm@ + ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux + client speaks the ssh-packet protocol directly over unix-domain socket. - mux + server acts as a proxy, translates channel IDs and relays to the server. - no + filedescriptor passing necessary. - combined with unix-domain forwarding it's + even possible to run mux client and server on different machines. feedback + & ok djm@ - Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382 + Upstream-ID: 666a2fb79f58e5c50e246265fb2b9251e505c25b -commit 6b87311d3acdc460f926b2c40f4c4f3fd345f368 -Author: dtucker@openbsd.org -Date: Wed Jun 1 04:19:49 2016 +0000 +commit b7689155f3f5c4999846c07a852b1c7a43b09cec +Author: djm@openbsd.org +Date: Wed Sep 28 21:44:52 2016 +0000 upstream commit - Check min and max sizes sent by the client against what - we support before passing them to the monitor. ok djm@ + put back some pre-auth zlib bits that I shouldn't have + removed - they are still used by the client. Spotted by naddy@ - Upstream-ID: 750627e8117084215412bff00a25b1586ab17ece + Upstream-ID: 80919468056031037d56a1f5b261c164a6f90dc2 -commit 564cd2a8926ccb1dca43a535073540935b5e0373 -Author: dtucker@openbsd.org -Date: Tue May 31 23:46:14 2016 +0000 +commit 4577adead6a7d600c8e764619d99477a08192c8f +Author: djm@openbsd.org +Date: Wed Sep 28 20:32:42 2016 +0000 upstream commit - Ensure that the client's proposed DH-GEX max value is at - least as big as the minimum the server will accept. ok djm@ - - Upstream-ID: b4b84fa04aab2de7e79a6fee4a6e1c189c0fe775 - -commit df820722e40309c9b3f360ea4ed47a584ed74333 -Author: Darren Tucker -Date: Mon Jun 6 11:36:13 2016 +1000 - - Add compat bits to utf8.c. - -commit 05c6574652571becfe9d924226c967a3f4b3f879 -Author: Darren Tucker -Date: Mon Jun 6 11:33:43 2016 +1000 - - Fix utf->utf8 typo. - -commit 6c1717190b4d5ddd729cd9e24e8ed71ed4f087ce -Author: schwarze@openbsd.org -Date: Mon May 30 18:34:41 2016 +0000 - - upstream commit + restore pre-auth compression support in the client -- the + previous commit was intended to remove it from the server only. - Backout rev. 1.43 for now. + remove a few server-side pre-auth compression bits that escaped - The function update_progress_meter() calls refresh_progress_meter() - which calls snmprintf() which calls malloc(); but update_progress_meter() - acts as the SIGALRM signal handler. + adjust wording of Compression directive in sshd_config(5) - "malloc(): error: recursive call" reported by sobrado@. + pointed out by naddy@ ok markus@ - Upstream-ID: aaae57989431e5239c101f8310f74ccc83aeb93e + Upstream-ID: d23696ed72a228dacd4839dd9f2dec424ba2016b -commit cd9e1eabeb4137182200035ab6fa4522f8d24044 -Author: schwarze@openbsd.org -Date: Mon May 30 12:57:21 2016 +0000 +commit 80d1c963b4dc84ffd11d09617b39c4bffda08956 +Author: jmc@openbsd.org +Date: Wed Sep 28 17:59:22 2016 +0000 upstream commit - Even when only writing an unescaped character, the dst - buffer may need to grow, or it would be overrun; issue found by tb@ with - malloc.conf(5) 'C'. - - While here, reserve an additional byte for the terminating NUL - up front such that we don't have to realloc() later just for that. - - OK tb@ + use a separate TOKENS section, as we've done for + sshd_config(5); help/ok djm - Upstream-ID: 30ebcc0c097c4571b16f0a78b44969f170db0cff + Upstream-ID: 640e32b5e4838e4363738cdec955084b3579481d -commit ac284a355f8065eaef2a16f446f3c44cdd17371d -Author: schwarze@openbsd.org -Date: Mon May 30 12:05:56 2016 +0000 +commit 1cfd5c06efb121e58e8b6671548fda77ef4b4455 +Author: Damien Miller +Date: Thu Sep 29 03:19:23 2016 +1000 - upstream commit - - Fix two rare edge cases: 1. If vasprintf() returns < 0, - do not access a NULL pointer in snmprintf(), and do not free() the pointer - returned from vasprintf() because on some systems other than OpenBSD, it - might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and "" - rather than -1 and NULL. - - Besides, free(dst) is pointless after failure (not a bug). - - One half OK martijn@, the other half OK deraadt@; - committing quickly before people get hurt. + Remove portability support for mmap - Upstream-ID: b7bcd2e82fc168a8eff94e41f5db336ed986fed0 + We no longer need to wrap/replace mmap for portability now that + pre-auth compression has been removed from OpenSSH. -commit 0e059cdf5fd86297546c63fa8607c24059118832 -Author: schwarze@openbsd.org -Date: Wed May 25 23:48:45 2016 +0000 +commit 0082fba4efdd492f765ed4c53f0d0fbd3bdbdf7f +Author: djm@openbsd.org +Date: Wed Sep 28 16:33:06 2016 +0000 upstream commit - To prevent screwing up terminal settings when printing to - the terminal, for ASCII and UTF-8, escape bytes not forming characters and - bytes forming non-printable characters with vis(3) VIS_OCTAL. For other - character sets, abort printing of the current string in these cases. In - particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * - sanitize data received from the remote host; * sanitize filenames, usernames, - and similar data even locally; * take character display widths into account - for the progressmeter. + Remove support for pre-authentication compression. Doing + compression early in the protocol probably seemed reasonable in the 1990s, + but today it's clearly a bad idea in terms of both cryptography (cf. multiple + compression oracle attacks in TLS) and attack surface. - This is believed to be sufficient to keep the local terminal safe - on OpenBSD, but bad things can still happen on other systems with - state-dependent locales because many places in the code print - unencoded ASCII characters into the output stream. + Moreover, to support it across privilege-separation zlib needed + the assistance of a complex shared-memory manager that made the + required attack surface considerably larger. - Using feedback from djm@ and martijn@, - various aspects discussed with many others. + Prompted by Guido Vranken pointing out a compiler-elided security + check in the shared memory manager found by Stack + (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ - deraadt@ says it should go in now, i probably already hesitated too long + NB. pre-auth authentication has been disabled by default in sshd + for >10 years. - Upstream-ID: e66afbc94ee396ddcaffd433b9a3b80f387647e0 + Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf -commit 8c02e3639acefe1e447e293dbe23a0917abd3734 -Author: dtucker@openbsd.org -Date: Tue May 24 04:43:45 2016 +0000 +commit 27c3a9c2aede2184856b5de1e6eca414bb751c38 +Author: djm@openbsd.org +Date: Mon Sep 26 21:16:11 2016 +0000 upstream commit - KNF compression proposal and simplify the client side a - little. ok djm@ + Avoid a theoretical signed integer overflow should + BN_num_bytes() ever violate its manpage and return a negative value. Improve + order of tests to avoid confusing increasingly pedantic compilers. + + Reported by Guido Vranken from stack (css.csail.mit.edu/stack) + unstable optimisation analyser output. ok deraadt@ - Upstream-ID: aa814b694efe9e5af8a26e4c80a05526ae6d6605 + Upstream-ID: f8508c830c86d8f36c113985e52bf8eedae23505 -commit 7ec4946fb686813eb5f8c57397e465f5485159f4 -Author: dtucker@openbsd.org -Date: Tue May 24 02:31:57 2016 +0000 +commit 8663e51c80c6aa3d750c6d3bcff6ee05091922be +Author: Damien Miller +Date: Wed Sep 28 07:40:33 2016 +1000 - upstream commit - - Back out 'plug memleak'. + fix mdoc2man.awk formatting for top-level lists - Upstream-ID: 4faacdde136c24a961e24538de373660f869dbc0 + Reported by Glenn Golden + Diagnosis and fix from Ingo Schwarze -commit 82f24c3ddc52053aeb7beb3332fa94c92014b0c5 +commit b97739dc21570209ed9d4e7beee0c669ed23b097 Author: djm@openbsd.org -Date: Mon May 23 23:30:50 2016 +0000 +Date: Thu Sep 22 21:15:41 2016 +0000 upstream commit - prefer agent-hosted keys to keys from PKCS#11; ok markus + missing bit from previous commit - Upstream-ID: 7417f7653d58d6306d9f8c08d0263d050e2fd8f4 + Upstream-ID: 438d5ed6338b28b46e822eb13eee448aca31df37 -commit a0cb7778fbc9b43458f7072eb68dd858766384d1 -Author: dtucker@openbsd.org -Date: Mon May 23 00:17:27 2016 +0000 +commit de6a175a99d22444e10d19ad3fffef39bc3ee3bb +Author: jmc@openbsd.org +Date: Thu Sep 22 19:19:01 2016 +0000 upstream commit - Plug mem leak in filter_proposal. ok djm@ - - Upstream-ID: bf968da7cfcea2a41902832e7d548356a4e2af34 - -commit ae9c0d4d5c581b3040d1f16b5c5f4b1cd1616743 -Author: Darren Tucker -Date: Fri Jun 3 16:03:44 2016 +1000 - - Update vis.h and vis.c from OpenBSD. - - This will be needed for the upcoming utf8 changes. - -commit e1d93705f8f48f519433d6ca9fc3d0abe92a1b77 -Author: Tim Rice -Date: Tue May 31 11:13:22 2016 -0700 - - modified: configure.ac - whitspace clean up. No code changes. - -commit 604a037d84e41e31f0aec9075df0b8740c130200 -Author: Damien Miller -Date: Tue May 31 16:45:28 2016 +1000 - - whitespace at EOL - -commit 18424200160ff5c923113e0a37ebe21ab7bcd17c -Author: Darren Tucker -Date: Mon May 30 19:35:28 2016 +1000 - - Add missing ssh-host-config --name option - - Patch from vinschen@redhat.com. - -commit 39c0cecaa188a37a2e134795caa68e03f3ced592 -Author: Darren Tucker -Date: Fri May 20 10:01:58 2016 +1000 - - Fix comment about sshpam_const and AIX. - - From mschwager via github. - -commit f64062b1f74ad5ee20a8a49aab2732efd0f7ce30 -Author: Damien Miller -Date: Fri May 20 09:56:53 2016 +1000 - - Deny lstat syscalls in seccomp sandbox + organise the token stuff into a separate section; ok + markus for an earlier version of the diff ok/tweaks djm - Avoids sandbox violations for some krb/gssapi libraries. + Upstream-ID: 81a6daa506a4a5af985fce7cf9e59699156527c8 -commit 531c135409b8d8810795b1f3692a4ebfd5c9cae0 +commit 16277fc45ffc95e4ffc3d45971ff8320b974de2b Author: djm@openbsd.org -Date: Thu May 19 07:45:32 2016 +0000 +Date: Thu Sep 22 17:55:13 2016 +0000 upstream commit - fix type of ed25519 values + mention curve25519-sha256 KEX - Upstream-ID: b32d0cb372bbe918ca2de56906901eae225a59b0 + Upstream-ID: 33ae1f433ce4795ffa6203761fbdf86e0d7ffbaf -commit 75e21688f523799c9e0cc6601d76a9c5ca79f787 -Author: markus@openbsd.org -Date: Wed May 4 14:32:26 2016 +0000 +commit 0493766d5676c7ca358824ea8d3c90f6047953df +Author: djm@openbsd.org +Date: Thu Sep 22 17:52:53 2016 +0000 upstream commit - add IdentityAgent; noticed & ok jmc@ + support plain curve25519-sha256 KEX algorithm now that it + is approaching standardisation (same algorithm is currently supported as + curve25519-sha256@libssh.org) - Upstream-ID: 4ba9034b00a4cf1beae627f0728da897802df88a + Upstream-ID: 5e2b6db2e72667048cf426da43c0ee3fc777baa2 -commit 1a75d14daf4b60db903e6103cf50e74e0cd0a76b -Author: markus@openbsd.org -Date: Wed May 4 14:29:58 2016 +0000 +commit f31c654b30a6f02ce0b8ea8ab81791b675489628 +Author: dtucker@openbsd.org +Date: Thu Sep 22 02:29:57 2016 +0000 upstream commit - allow setting IdentityAgent to SSH_AUTH_SOCK; ok djm@ + If ssh receives a PACKET_DISCONNECT during userauth it + will cause ssh_dispatch_run(DISPATCH_BLOCK, ...) to return without the + session being authenticated. Check for this and exit if necessary. ok djm@ - Upstream-ID: 20c508480d8db3eef18942c0fc39b1fcf25652ac + Upstream-ID: b3afe126c0839d2eae6cddd41ff2ba317eda0903 -commit 0516454151ae722fc8256c3c56115c6baf24c5b0 -Author: markus@openbsd.org -Date: Wed May 4 14:22:33 2016 +0000 +commit 1622649b7a829fc8dc313042a43a974f0f3e8a99 +Author: djm@openbsd.org +Date: Wed Sep 21 19:53:12 2016 +0000 upstream commit - move SSH_MSG_NONE, so we don't have to include ssh1.h; - ok deraadt@ + correctly return errors from kex_send_ext_info(). Fix from + Sami Farin via https://github.com/openssh/openssh-portable/pull/50 - Upstream-ID: c2f97502efc761a41b18c17ddf460e138ca7994e + Upstream-ID: c85999af28aaecbf92cfa2283381df81e839b42c -commit 332ff3d770631e7513fea38cf0d3689f673f0e3f -Author: Damien Miller -Date: Tue May 10 09:51:06 2016 +1000 +commit f83a0cfe16c7a73627b46a9a94e40087d60f32fb +Author: djm@openbsd.org +Date: Wed Sep 21 17:44:20 2016 +0000 - initialise salen in binresvport_sa + upstream commit - avoids failures with UsePrivilegedPort=yes + cast uint64_t for printf - patch from Juan Gallego + Upstream-ID: 76d23e89419ccbd2320f92792a6d878211666ac1 -commit c5c1d5d2f04ce00d2ddd6647e61b32f28be39804 -Author: markus@openbsd.org -Date: Wed May 4 14:04:40 2016 +0000 +commit 5f63ab474f58834feca4f35c498be03b7dd38a16 +Author: djm@openbsd.org +Date: Wed Sep 21 17:03:54 2016 +0000 upstream commit - missing const in prototypes (ssh1) + disable tests for affirmative negated match after backout of + match change - Upstream-ID: 789c6ad4928b5fa557369b88c3a6a34926082c05 + Upstream-Regress-ID: acebb8e5042f03d66d86a50405c46c4de0badcfd -commit 9faae50e2e82ba42eb0cb2726bf6830fe7948f28 -Author: dtucker@openbsd.org -Date: Wed May 4 14:00:09 2016 +0000 +commit a5ad3a9db5a48f350f257a67b62fafd719ecb7e0 +Author: djm@openbsd.org +Date: Wed Sep 21 16:55:42 2016 +0000 upstream commit - Fix inverted logic for updating StreamLocalBindMask which - would cause the server to set an invalid mask. ok djm@ + Revert two recent changes to negated address matching. The + new behaviour offers unintuitive surprises. We'll find a better way to deal + with single negated matches. - Upstream-ID: 8a4404c8307a5ef9e07ee2169fc6d8106b527587 - -commit b02ad1ce9105bfa7394ac7590c0729dd52e26a81 -Author: markus@openbsd.org -Date: Wed May 4 12:21:53 2016 +0000 - - upstream commit + match.c 1.31: + > fix matching for pattern lists that contain a single negated match, + > e.g. "Host !example" + > + > report and patch from Robin Becker. bz#1918 ok dtucker@ - IdentityAgent for specifying specific agent sockets; ok - djm@ + addrmatch.c 1.11: + > fix negated address matching where the address list consists of a + > single negated match, e.g. "Match addr !192.20.0.1" + > + > Report and patch from Jakub Jelen. bz#2397 ok dtucker@ - Upstream-ID: 3e6a15eb89ea0fd406f108826b7dc7dec4fbfac1 + Upstream-ID: ec96c770f0f5b9a54e5e72fda25387545e9c80c6 -commit 910e59bba09ac309d78ce61e356da35292212935 +commit 119b7a2ca0ef2bf3f81897ae10301b8ca8cba844 Author: djm@openbsd.org -Date: Wed May 4 12:16:39 2016 +0000 +Date: Wed Sep 21 01:35:12 2016 +0000 upstream commit - fix junk characters after quotes + test all the AuthorizedPrincipalsCommand % expansions - Upstream-ID: cc4d0cd32cb6b55a2ef98975d2f7ae857d0dc578 + Upstream-Regress-ID: 0a79a84dfaa59f958e46b474c3db780b454d30e3 -commit 9283884e647b8be50ccd2997537af0065672107d -Author: jmc@openbsd.org -Date: Tue May 3 18:38:12 2016 +0000 +commit bfa9d969ab6235d4938ce069d4db7e5825c56a19 +Author: djm@openbsd.org +Date: Wed Sep 21 01:34:45 2016 +0000 upstream commit - correct article; + add a way for principals command to get see key ID and serial + too - Upstream-ID: 1fbd5b7ab16d2d9834ec79c3cedd4738fa42a168 + Upstream-ID: 0d30978bdcf7e8eaeee4eea1b030eb2eb1823fcb -commit cfefbcea1057c2623e76c579174a4107a0b6e6cd +commit 920585b826af1c639e4ed78b2eba01fd2337b127 Author: djm@openbsd.org -Date: Tue May 3 15:57:39 2016 +0000 +Date: Fri Sep 16 06:09:31 2016 +0000 upstream commit - fix overriding of StreamLocalBindMask and - StreamLocalBindUnlink in Match blocks; found the hard way Rogan Dawes + add a note on kexfuzz' limitations - Upstream-ID: 940bc69ec0249ab428d24ccd0722ce35cb932ee2 + Upstream-Regress-ID: 03804d4a0dbc5163e1a285a4c8cc0a76a4e864ec -commit 771c2f51ffc0c9a2877b7892fada0c77bd1f6549 +commit 0445ff184080b196e12321998b4ce80b0f33f8d1 Author: djm@openbsd.org -Date: Tue May 3 15:25:06 2016 +0000 +Date: Fri Sep 16 01:01:41 2016 +0000 upstream commit - don't forget to include StreamLocalBindUnlink in the - config dump output + fix for newer modp DH groups + (diffie-hellman-group14-sha256 etc) - Upstream-ID: 14a6d970b3b45c8e94272e3c661e9a0b2a0ee7cb + Upstream-Regress-ID: fe942c669959462b507516ae1634fde0725f1c68 -commit cdcd941994dc430f50d0a4e6a712d32b66e6199e -Author: djm@openbsd.org -Date: Tue May 3 14:54:08 2016 +0000 +commit 28652bca29046f62c7045e933e6b931de1d16737 +Author: markus@openbsd.org +Date: Mon Sep 19 19:02:19 2016 +0000 upstream commit - make nethack^wrandomart fingerprint flag more readily - searchable pointed out by Matt Johnston + move inbound NEWKEYS handling to kex layer; otherwise + early NEWKEYS causes NULL deref; found by Robert Swiecki/honggfuzz; fixed + with & ok djm@ - Upstream-ID: cb40d0235dc153c478c1aad3bc60b195422a54fb + Upstream-ID: 9a68b882892e9f51dc7bfa9f5a423858af358b2f -commit 05855bf2ce7d5cd0a6db18bc0b4214ed5ef7516d -Author: djm@openbsd.org -Date: Tue May 3 13:10:24 2016 +0000 +commit 492710894acfcc2f173d14d1d45bd2e688df605d +Author: natano@openbsd.org +Date: Mon Sep 19 07:52:42 2016 +0000 upstream commit - clarify ordering of subkeys; pointed out by ietf-ssh AT - stbuehler.de + Replace two more arc4random() loops with + arc4random_buf(). + + tweaks and ok dtucker + ok deraadt - Upstream-ID: 05ebe9f949449a555ebce8e0aad7c8c9acaf8463 + Upstream-ID: 738d3229130ccc7eac975c190276ca6fcf0208e4 -commit cca3b4395807bfb7aaeb83d2838f5c062ce30566 -Author: dtucker@openbsd.org -Date: Tue May 3 12:15:49 2016 +0000 +commit 1036356324fecc13099ac6e986b549f6219327d7 +Author: tedu@openbsd.org +Date: Sat Sep 17 18:00:27 2016 +0000 upstream commit - Use a subshell for constructing key types to work around - different sed behaviours for -portable. + replace two arc4random loops with arc4random_buf ok + deraadt natano - Upstream-Regress-ID: 0f6eb673162df229eda9a134a0f10da16151552d + Upstream-ID: e18ede972d1737df54b49f011fa4f3917a403f48 -commit fa58208c6502dcce3e0daac0ca991ee657daf1f5 +commit 00df97ff68a49a756d4b977cd02283690f5dfa34 Author: djm@openbsd.org -Date: Tue May 3 10:27:59 2016 +0000 +Date: Wed Sep 14 20:11:26 2016 +0000 upstream commit - correct some typos and remove a long-stale XXX note. - - add specification for ed25519 certificates - - mention no host certificate options/extensions are currently defined - - pointed out by Simon Tatham + take fingerprint of correct key for + AuthorizedPrincipalsCommand - Upstream-ID: 7b535ab7dba3340b7d8210ede6791fdaefdf839a + Upstream-ID: 553581a549cd6a3e73ce9f57559a325cc2cb1f38 -commit b466f956c32cbaff4200bfcd5db6739fe4bc7d04 +commit e7907c1cb938b96dd33d27c2fea72c4e08c6b2f6 Author: djm@openbsd.org -Date: Tue May 3 10:24:27 2016 +0000 +Date: Wed Sep 14 05:42:25 2016 +0000 upstream commit - add ed25519 keys that are supported but missing from this - documents; from Peter Moody + add %-escapes to AuthorizedPrincipalsCommand to match those + supported for AuthorizedKeysCommand (key, key type, fingerprint, etc) and a + few more to provide access to the certificate's CA key; 'looks ok' dtucker@ - Upstream-ID: 8caac2d8e8cfd2fca6dc304877346e0a064b014b + Upstream-ID: 6b00fd446dbebe67f4e4e146d2e492d650ae04eb -commit 7f3d76319a69dab2efe3a520a8fef5b97e923636 +commit 2b939c272a81c4d0c47badeedbcb2ba7c128ccda Author: dtucker@openbsd.org -Date: Tue May 3 09:03:49 2016 +0000 +Date: Wed Sep 14 00:45:31 2016 +0000 upstream commit - Implement IUTF8 as per draft-sgtatham-secsh-iutf8-00. Patch - from Simon Tatham, ok markus@ + Improve test coverage of ssh-keygen -T a bit. - Upstream-ID: 58268ebdf37d9d467f78216c681705a5e10c58e8 + Upstream-Regress-ID: 8851668c721bcc2b400600cfc5a87644cc024e72 -commit 31bc01c05d9f51bee3ebe33dc57c4fafb059fb62 -Author: djm@openbsd.org -Date: Mon May 2 14:10:58 2016 +0000 +commit 44d82fc83be6c5ccd70881c2dac1a73e5050398b +Author: dtucker@openbsd.org +Date: Mon Sep 12 02:25:46 2016 +0000 upstream commit - unbreak config parsing on reexec from previous commit + Add testcase for ssh-keygen -j, -J and -K options for + moduli screening. Does not currently test generation as that is extremely + slow. - Upstream-ID: bc69932638a291770955bd05ca55a32660a613ab + Upstream-Regress-ID: 9de6ce801377ed3ce0a63a1413f1cd5fd3c2d062 -commit 67f1459efd2e85bf03d032539283fa8107218936 +commit 44e5f756d286bc3a1a5272ea484ee276ba3ac5c2 Author: djm@openbsd.org -Date: Mon May 2 09:52:00 2016 +0000 +Date: Tue Aug 23 08:17:04 2016 +0000 upstream commit - unit and regress tests for SHA256/512; ok markus + add tests for addr_match_list() - Upstream-Regress-ID: a0cd1a92dc824067076a5fcef83c18df9b0bf2c6 + Upstream-Regress-ID: fae2d1fef84687ece584738a924c7bf969616c8e -commit 0e8eeec8e75f6d0eaf33317376f773160018a9c7 +commit 445e218878035b59c704c18406e8aeaff4c8aa25 Author: djm@openbsd.org -Date: Mon May 2 10:26:04 2016 +0000 +Date: Mon Sep 12 23:39:34 2016 +0000 upstream commit - add support for additional fixed DH groups from - draft-ietf-curdle-ssh-kex-sha2-03 - - diffie-hellman-group14-sha256 (2K group) - diffie-hellman-group16-sha512 (4K group) - diffie-hellman-group18-sha512 (8K group) - - based on patch from Mark D. Baushke and Darren Tucker - ok markus@ + handle certs in rsa_hash_alg_from_ident(), saving an + unnecessary special case elsewhere. - Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f + Upstream-ID: 901cb081c59d6d2698b57901c427f3f6dc7397d4 -commit 57464e3934ba53ad8590ee3ccd840f693407fc1e +commit 130f5df4fa37cace8c079dccb690e5cafbf00751 Author: djm@openbsd.org -Date: Mon May 2 09:36:42 2016 +0000 +Date: Mon Sep 12 23:31:27 2016 +0000 upstream commit - support SHA256 and SHA512 RSA signatures in certificates; - ok markus@ + list all supported signature algorithms in the + server-sig-algs Reported by mb AT smartftp.com in bz#2547 and (independantly) + Ron Frederick; ok markus@ - Upstream-ID: b45be2f2ce8cacd794dc5730edaabc90e5eb434a + Upstream-ID: ddf702d721f54646b11ef2cee6d916666cb685cd -commit 1a31d02b2411c4718de58ce796dbb7b5e14db93e -Author: djm@openbsd.org -Date: Mon May 2 08:49:03 2016 +0000 +commit 8f750ccfc07acb8aa98be5a5dd935033a6468cfd +Author: Darren Tucker +Date: Mon Sep 12 14:43:58 2016 +1000 - upstream commit - - fix signed/unsigned errors reported by clang-3.7; add - sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with - better safety checking; feedback and ok markus@ - - Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820 + Remove no-op brackets to resync with upstream. -commit d2d6bf864e52af8491a60dd507f85b74361f5da3 -Author: djm@openbsd.org -Date: Fri Apr 29 08:07:53 2016 +0000 +commit 7050896e7395866278c19c2ff080c26152619d1d +Author: Darren Tucker +Date: Mon Sep 12 13:57:28 2016 +1000 - upstream commit - - close ControlPersist background process stderr when not - in debug mode or when logging to a file or syslog. bz#1988 ok dtucker - - Upstream-ID: 4fb726f0fdcb155ad419913cea10dc4afd409d24 + Resync ssh-keygen -W error message with upstream. -commit 9ee692fa1146e887e008a2b9a3d3ea81770c9fc8 -Author: djm@openbsd.org -Date: Thu Apr 28 14:30:21 2016 +0000 +commit 43cceff82cc20413cce58ba3375e19684e62cec4 +Author: Darren Tucker +Date: Mon Sep 12 13:55:37 2016 +1000 + + Move ssh-keygen -W handling code to match upstream + +commit af48d541360b1d7737b35740a4b1ca34e1652cd9 +Author: Darren Tucker +Date: Mon Sep 12 13:52:17 2016 +1000 + + Move ssh-keygen -T handling code to match upstream. + +commit d8c3cfbb018825c6c86547165ddaf11924901c49 +Author: Darren Tucker +Date: Mon Sep 12 13:30:50 2016 +1000 + + Move -M handling code to match upstream. + +commit 7b63cf6dbbfa841c003de57d1061acbf2ff22364 +Author: dtucker@openbsd.org +Date: Mon Sep 12 03:29:16 2016 +0000 upstream commit - fix comment + Spaces->tabs. - Upstream-ID: 313a385bd7b69a82f8e28ecbaf5789c774457b15 + Upstream-ID: f4829dfc3f36318273f6082b379ac562eead70b7 -commit ee1e0a16ff2ba41a4d203c7670b54644b6c57fa6 -Author: jmc@openbsd.org -Date: Wed Apr 27 13:53:48 2016 +0000 +commit 11e5e644536821ceb3bb4dd8487fbf0588522887 +Author: dtucker@openbsd.org +Date: Mon Sep 12 03:25:20 2016 +0000 upstream commit - cidr permitted for {allow,deny}users; from lars nooden ok djm + Style whitespace fix. Also happens to remove a no-op + diff with portable. - Upstream-ID: 13e7327fe85f6c63f3f7f069e0fdc8c351515d11 + Upstream-ID: 45d90f9a62ad56340913a433a9453eb30ceb8bf3 -commit b6e0140a5aa883c27b98415bd8aa9f65fc04ee22 -Author: djm@openbsd.org -Date: Thu Apr 21 06:08:02 2016 +0000 +commit 9136ec134c97a8aff2917760c03134f52945ff3c +Author: deraadt@openbsd.org +Date: Mon Sep 12 01:22:38 2016 +0000 upstream commit - make argument == NULL tests more consistent + Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then + use those definitions rather than pulling and unknown namespace + pollution. ok djm markus dtucker - Upstream-ID: dc4816678704aa5cbda3a702e0fa2033ff04581d + Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8 -commit 6aaabc2b610e44bae473457ad9556ffb43d90ee3 +commit f219fc8f03caca7ac82a38ed74bbd6432a1195e7 Author: jmc@openbsd.org -Date: Sun Apr 17 14:34:46 2016 +0000 +Date: Wed Sep 7 18:39:24 2016 +0000 upstream commit - tweak previous; + sort; from matthew martin - Upstream-ID: 46c1bab91c164078edbccd5f7d06b9058edd814f + Upstream-ID: 73cec7f7ecc82d37a4adffad7745e4684de67ce7 -commit 0f839e5969efa3bda615991be8a9d9311554c573 -Author: djm@openbsd.org -Date: Fri Apr 15 02:57:10 2016 +0000 +commit 06ce56b05def9460aecc7cdb40e861a346214793 +Author: markus@openbsd.org +Date: Tue Sep 6 09:22:56 2016 +0000 upstream commit - missing bit of Include regress + ssh_set_newkeys: print correct block counters on + rekeying; ok djm@ - Upstream-Regress-ID: 1063595f7f40f8489a1b7a27230b9e8acccea34f + Upstream-ID: 32bb7a9cb9919ff5bab28d50ecef3a2b2045dd1e -commit 12e4ac46aed681da55c2bba3cd11dfcab23591be -Author: djm@openbsd.org -Date: Fri Apr 15 02:55:53 2016 +0000 +commit e5e8d9114ac6837a038f4952994ca95a97fafe8d +Author: markus@openbsd.org +Date: Tue Sep 6 09:14:05 2016 +0000 upstream commit - remove redundant CLEANFILES section + update ext_info_c every time we receive a kexinit msg; + fixes sending of ext_info if privsep is disabled; report Aris Adamantiadis & + Mancha; ok djm@ - Upstream-Regress-ID: 29ef1b267fa56daa60a1463396635e7d53afb587 + Upstream-ID: 2ceaa1076e19dbd3542254b4fb8e42d608f28856 -commit b1d05aa653ae560c44baf8e8a9756e33f98ea75c +commit da95318dbedbaa1335323dba370975c2f251afd8 Author: djm@openbsd.org -Date: Fri Apr 15 00:48:01 2016 +0000 +Date: Mon Sep 5 14:02:42 2016 +0000 upstream commit - sync CLEANFILES with portable, sort + remove 3des-cbc from the client's default proposal; + 64-bit block ciphers are not safe in 2016 and we don't want to wait until + attacks like sweet32 are extended to SSH. - Upstream-Regress-ID: cb782f4f1ab3e079efbc335c6b64942f790766ed - -commit 35f22dad263cce5c61d933ae439998cb965b8748 -Author: djm@openbsd.org -Date: Fri Apr 15 00:31:10 2016 +0000 - - upstream commit + As 3des-cbc was the only mandatory cipher in the SSH RFCs, this may + cause problems connecting to older devices using the defaults, but + it's highly likely that such devices already need explicit + configuration for KEX and hostkeys anyway. - regression test for ssh_config Include directive + ok deraadt, markus, dtucker - Upstream-Regress-ID: 46a38c8101f635461c506d1aac2d96af80f97f1e + Upstream-ID: a505dfe65c6733af0f751b64cbc4bb7e0761bc2f -commit 6b8a1a87005818d4700ce8b42faef746e82c1f51 +commit b33ad6d997d36edfea65e243cd12ccd01f413549 Author: djm@openbsd.org -Date: Thu Apr 14 23:57:17 2016 +0000 +Date: Mon Sep 5 13:57:31 2016 +0000 upstream commit - unbreak test for recent ssh de-duplicated forwarding - change + enforce expected request flow for GSSAPI calls; thanks to + Jakub Jelen for testing; ok markus@ - Upstream-Regress-ID: 6b2b115d99acd7cff13986e6739ea214cf2a3da3 + Upstream-ID: d4bc0e70e1be403735d3d9d7e176309b1fd626b9 -commit 076787702418985a2cc6808212dc28ce7afc01f0 -Author: djm@openbsd.org -Date: Thu Apr 14 23:21:42 2016 +0000 +commit 0bb2980260fb24e5e0b51adac471395781b66261 +Author: Darren Tucker +Date: Mon Sep 12 11:07:00 2016 +1000 - upstream commit + Restore ssh-keygen's -J and -j option handling. - add test knob and warning for StrictModes + These were incorrectly removed in the 1d9a2e28 sync commit. + +commit 775f8a23f2353f5869003c57a213d14b28e0736e +Author: Damien Miller +Date: Wed Aug 31 10:48:07 2016 +1000 + + tighten PAM monitor calls - Upstream-Regress-ID: 8cd10952ce7898655ee58945904f2a0a3bdf7682 + only allow kbd-interactive ones when that authentication method is + enabled. Prompted by Solar Designer -commit dc7990be865450574c7940c9880567f5d2555b37 +commit 7fd0ea8a1db4bcfb3d8cd9df149e5d571ebea1f4 Author: djm@openbsd.org -Date: Fri Apr 15 00:30:19 2016 +0000 +Date: Tue Aug 30 07:50:21 2016 +0000 upstream commit - Include directive for ssh_config(5); feedback & ok markus@ + restrict monitor auth calls to be allowed only when their + respective authentication methods are enabled in the configuration. + + prompted by Solar Designer; ok markus dtucker - Upstream-ID: ae3b76e2e343322b9f74acde6f1e1c5f027d5fff + Upstream-ID: 6eb3f89332b3546d41d6dbf5a8e6ff920142b553 -commit 85bdcd7c92fe7ff133bbc4e10a65c91810f88755 +commit b38b95f5bcc52278feb839afda2987933f68ff96 Author: Damien Miller -Date: Wed Apr 13 10:39:57 2016 +1000 +Date: Mon Aug 29 11:47:07 2016 +1000 - ignore PAM environment vars when UseLogin=yes - - If PAM is configured to read user-specified environment variables - and UseLogin=yes in sshd_config, then a hostile local user may - attack /bin/login via LD_PRELOAD or similar environment variables - set via PAM. + Tighten monitor state-machine flow for PAM calls - CVE-2015-8325, found by Shayan Sadigh, via Colin Watson + (attack surface reduction) -commit dce19bf6e4a2a3d0b13a81224de63fc316461ab9 +commit dc664d1bd0fc91b24406a3e9575b81c285b8342b Author: djm@openbsd.org -Date: Sat Apr 9 12:39:30 2016 +0000 +Date: Sun Aug 28 22:28:12 2016 +0000 upstream commit - make private key loading functions consistently handle NULL - key pointer arguments; ok markus@ + fix uninitialised optlen in getsockopt() call; harmless + on Unix/BSD but potentially crashy on Cygwin. Reported by James Slepicka ok + deraadt@ - Upstream-ID: 92038726ef4a338169c35dacc9c5a07fcc7fa761 + Upstream-ID: 1987ccee508ba5b18f016c85100d7ac3f70ff965 -commit 5f41f030e2feb5295657285aa8c6602c7810bc4b -Author: Darren Tucker -Date: Fri Apr 8 21:14:13 2016 +1000 +commit 5bcc1e2769f7d6927d41daf0719a9446ceab8dd7 +Author: guenther@openbsd.org +Date: Sat Aug 27 04:05:12 2016 +0000 - Remove NO_IPPORT_RESERVED_CONCEPT + upstream commit + + Pull in for struct timeval - Replace by defining IPPORT_RESERVED to zero on Cygwin, which should have - the same effect without causing problems syncing patches with OpenBSD. - Resync the two affected functions with OpenBSD. ok djm, sanity checked - by Corinna. + ok deraadt@ + + Upstream-ID: ae34525485a173bccd61ac8eefeb91c57e3b7df6 -commit 34a01b2cf737d946ddb140618e28c3048ab7a229 -Author: djm@openbsd.org -Date: Fri Apr 8 08:19:17 2016 +0000 +commit fa4a4c96b19127dc2fd4e92f20d99c0c7f34b538 +Author: guenther@openbsd.org +Date: Sat Aug 27 04:04:56 2016 +0000 upstream commit - whitespace at EOL + Pull in for NULL + + ok deraadt@ - Upstream-ID: 5beffd4e001515da12851b974e2323ae4aa313b6 + Upstream-ID: 7baa6a0f1e049bb3682522b4b95a26c866bfc043 -commit 90ee563fa6b54c59896c6c332c5188f866c5e75f +commit ae363d74ccc1451185c0c8bd4631e28c67c7fd36 Author: djm@openbsd.org -Date: Fri Apr 8 06:35:54 2016 +0000 +Date: Thu Aug 25 23:57:54 2016 +0000 upstream commit - We accidentally send an empty string and a zero uint32 with - every direct-streamlocal@openssh.com channel open, in contravention of our - own spec. - - Fixing this is too hard wrt existing versions that expect these - fields to be present and fatal() if they aren't, so document them - as "reserved" fields in the PROTOCOL spec as though we always - intended this and let us never speak of it again. + add a sIgnore opcode that silently ignores options and + use it to suppress noisy deprecation warnings for the Protocol directive. - bz#2529, reported by Ron Frederick + req henning, ok markus - Upstream-ID: 34cd326a4d236ca6e39084c4ff796bd97ab833e7 + Upstream-ID: 9fe040aca3d6ff393f6f7e60045cdd821dc4cbe0 -commit 0ccbd5eca0f0dd78e71a4b69c66f03a66908d558 +commit a94c60306643ae904add6e8ed219e4be3494255c Author: djm@openbsd.org -Date: Wed Apr 6 06:42:17 2016 +0000 +Date: Thu Aug 25 23:56:51 2016 +0000 upstream commit - don't record duplicate LocalForward and RemoteForward - entries; fixes failure with ExitOnForwardFailure+hostname canonicalisation - where the same forwards are added on the second pass through the - configuration file. bz#2562; ok dtucker@ + remove superfluous NOTREACHED comment - Upstream-ID: 40a51d68b6300f1cc61deecdb7d4847b8b7b0de1 + Upstream-ID: a7485c1f1be618e8c9e38fd9be46c13b2d03b90c -commit 574def0eb493cd6efeffd4ff2e9257abcffee0c8 -Author: krw@openbsd.org -Date: Sat Apr 2 14:37:42 2016 +0000 +commit fc041c47144ce28cf71353124a8a5d183cd6a251 +Author: otto@openbsd.org +Date: Tue Aug 23 16:21:45 2016 +0000 upstream commit - Another use for fcntl() and thus of the superfluous 3rd - parameter is when sanitising standard fd's before calling daemon(). - - Use a tweaked version of the ssh(1) function in all three places - found using fcntl() this way. - - ok jca@ beck@ + fix previous, a condition was modified incorrectly; ok + markus@ deraadt@ - Upstream-ID: f16811ffa19a1c5f4ef383c5f0fecb843c84e218 - -commit b3413534aa9d71a941005df2760d1eec2c2b0854 -Author: Darren Tucker -Date: Mon Apr 4 11:09:21 2016 +1000 - - Tidy up openssl header test. + Upstream-ID: c443e339768e7ed396dff3bb55f693e7d3641453 -commit 815bcac0b94bb448de5acdd6ba925b8725240b4f -Author: Darren Tucker -Date: Mon Apr 4 11:07:59 2016 +1000 +commit 23555eb13a9b0550371a16dcf8beaab7a5806a64 +Author: djm@openbsd.org +Date: Tue Aug 23 08:17:42 2016 +0000 - Fix configure-time warnings for openssl test. + upstream commit + + downgrade an error() to a debug2() to match similar cases + in addr_match_list() + + Upstream-ID: 07c3d53e357214153d9d08f234411e0d1a3d6f5c diff --git a/INSTALL b/INSTALL index 7f552bf7683..3fd265dbfae 100644 --- a/INSTALL +++ b/INSTALL @@ -66,13 +66,6 @@ passphrase requester. This is maintained separately at: http://www.jmknoble.net/software/x11-ssh-askpass/ -S/Key Libraries: - -If you wish to use --with-skey then you will need the library below -installed. No other S/Key library is currently known to be supported. - -http://www.sparc.spb.su/solaris/skey/ - LibEdit: sftp supports command-line editing via NetBSD's libedit. If your platform @@ -184,9 +177,6 @@ it if lastlog is installed in a different place. --with-osfsia, --without-osfsia will enable or disable OSF1's Security Integration Architecture. The default for OSF1 machines is enable. ---with-skey=PATH will enable S/Key one time password support. You will -need the S/Key libraries and header files installed for this to work. - --with-md5-passwords will enable the use of MD5 passwords. Enable this if your operating system uses MD5 passwords and the system crypt() does not support them directly (see the crypt(3/3c) man page). If enabled, the @@ -220,7 +210,7 @@ If you need to pass special options to the compiler or linker, you can specify these as environment variables before running ./configure. For example: -CFLAGS="-O -m486" LDFLAGS="-s" LIBS="-lrubbish" LD="/usr/foo/ld" ./configure +CC="/usr/foo/cc" CFLAGS="-O" LDFLAGS="-s" LIBS="-lrubbish" ./configure 3. Configuration ---------------- diff --git a/Makefile.in b/Makefile.in index 04e1c8e5345..2385c62a88c 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# uncomment if you run a non bourne compatable shell. Ie. csh +# uncomment if you run a non bourne compatible shell. Ie. csh #SHELL = @SH@ AUTORECONF=autoreconf @@ -84,13 +84,13 @@ LIBOPENSSH_OBJS=\ ${XMSS_OBJS} LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ - authfd.o authfile.o bufaux.o bufbn.o bufec.o buffer.o \ + authfd.o authfile.o \ canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o \ cipher-ctr.o cleanup.o \ compat.o crc32.o fatal.o hostfile.o \ log.o match.o moduli.o nchan.o packet.o opacket.o \ readpass.o ttymodes.o xmalloc.o addrmatch.o \ - atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o utf8.o \ + atomicio.o dispatch.o mac.o uuencode.o misc.o utf8.o \ monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \ ssh-pkcs11.o smult_curve25519_ref.o \ @@ -110,7 +110,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \ sshpty.o sshlogin.o servconf.o serverloop.o \ auth.o auth2.o auth-options.o session.o \ auth2-chall.o groupaccess.o \ - auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ + auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ auth2-none.o auth2-passwd.o auth2-pubkey.o \ monitor.o monitor_wrap.o auth-krb5.o \ auth2-gss.o gss-serv.o gss-serv-krb5.o \ @@ -118,7 +118,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \ sftp-server.o sftp-common.o \ sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \ - sandbox-solaris.o + sandbox-solaris.o uidswap.o MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 @@ -175,7 +175,7 @@ sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o - $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) @@ -186,8 +186,8 @@ ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) -ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o - $(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) +ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o uidswap.o + $(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) @@ -230,6 +230,7 @@ clean: regressclean rm -f *.o *.a $(TARGETS) logintest config.cache config.log rm -f *.out core survey rm -f regress/check-perm$(EXEEXT) + rm -f regress/mkdtemp$(EXEEXT) rm -f regress/unittests/test_helper/*.a rm -f regress/unittests/test_helper/*.o rm -f regress/unittests/sshbuf/*.o @@ -258,6 +259,8 @@ distclean: regressclean rm -f Makefile buildpkg.sh config.h config.status rm -f survey.sh openbsd-compat/regress/Makefile *~ rm -rf autom4te.cache + rm -f regress/check-perm + rm -f regress/mkdtemp rm -f regress/unittests/test_helper/*.a rm -f regress/unittests/test_helper/*.o rm -f regress/unittests/sshbuf/*.o @@ -276,7 +279,8 @@ distclean: regressclean rm -f regress/unittests/match/test_match rm -f regress/unittests/utf8/*.o rm -f regress/unittests/utf8/test_utf8 - rm -f regress/unittests/misc/kexfuzz + rm -f regress/misc/kexfuzz/*.o + rm -f regress/misc/kexfuzz (cd openbsd-compat && $(MAKE) distclean) if test -d pkg ; then \ rm -fr pkg ; \ @@ -459,6 +463,10 @@ regress/check-perm$(EXEEXT): $(srcdir)/regress/check-perm.c $(REGRESSLIBS) $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/check-perm.c \ $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) +regress/mkdtemp$(EXEEXT): $(srcdir)/regress/mkdtemp.c $(REGRESSLIBS) + $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/mkdtemp.c \ + $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) + UNITTESTS_TEST_HELPER_OBJS=\ regress/unittests/test_helper/test_helper.o \ regress/unittests/test_helper/fuzz.o @@ -567,6 +575,7 @@ regress-binaries: regress/modpipe$(EXEEXT) \ regress/setuid-allowed$(EXEEXT) \ regress/netcat$(EXEEXT) \ regress/check-perm$(EXEEXT) \ + regress/mkdtemp$(EXEEXT) \ regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \ regress/unittests/sshkey/test_sshkey$(EXEEXT) \ regress/unittests/bitmap/test_bitmap$(EXEEXT) \ @@ -577,8 +586,6 @@ regress-binaries: regress/modpipe$(EXEEXT) \ regress/unittests/utf8/test_utf8$(EXEEXT) \ regress/misc/kexfuzz/kexfuzz$(EXEEXT) -REGRESSTMP = "$(PWD)/regress" - tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS) BUILDDIR=`pwd`; \ TEST_SSH_SCP="$${BUILDDIR}/scp"; \ @@ -602,7 +609,7 @@ tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS) .OBJDIR="$${BUILDDIR}/regress" \ .CURDIR="`pwd`" \ BUILDDIR="$${BUILDDIR}" \ - OBJ="$(REGRESSTMP)" \ + OBJ="$${BUILDDIR}/regress/" \ PATH="$${BUILDDIR}:$${PATH}" \ TEST_ENV=MALLOC_OPTIONS="@TEST_MALLOC_OPTIONS@" \ TEST_MALLOC_OPTIONS="@TEST_MALLOC_OPTIONS@" \ diff --git a/OVERVIEW b/OVERVIEW index fde72c8e090..515567f45b0 100644 --- a/OVERVIEW +++ b/OVERVIEW @@ -23,9 +23,8 @@ these programs. - These provide an arbitrary size buffer, where data can be appended. Data can be consumed from either end. The code is used heavily - throughout ssh. The basic buffer manipulation functions are in - buffer.c (header buffer.h), and additional code to manipulate specific - data types is in bufaux.c. + throughout ssh. The buffer manipulation functions are in + sshbuf*.c (header sshbuf.h). Compression Library @@ -62,7 +61,7 @@ these programs. code in packet.c does not concern itself with packet types or their execution; it contains code to build packets, to receive them and extract data from them, and the code to compress and/or encrypt - packets. CRC code comes from crc32.c. + packets. - The code in packet.c calls the buffer manipulation routines (buffer.c, bufaux.c), compression routines (zlib), and the @@ -106,12 +105,6 @@ these programs. calls client_loop in clientloop.c. This does the real work for the session. - - The client is suid root. It tries to temporarily give up this - rights while reading the configuration data. The root - privileges are only used to make the connection (from a - privileged socket). Any extra privileges are dropped before - calling ssh_login. - Pseudo-tty manipulation and tty modes - Code to allocate and use a pseudo tty is in pty.c. Code to @@ -165,4 +158,4 @@ these programs. uidswap.c uid-swapping xmalloc.c "safe" malloc routines -$OpenBSD: OVERVIEW,v 1.12 2015/07/08 19:01:15 markus Exp $ +$OpenBSD: OVERVIEW,v 1.14 2018/07/27 03:55:22 dtucker Exp $ diff --git a/PROTOCOL b/PROTOCOL index b1fc00691c0..010bec92fb6 100644 --- a/PROTOCOL +++ b/PROTOCOL @@ -428,7 +428,7 @@ The values of the f_flag bitmask are as follows: Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are advertised in the SSH_FXP_VERSION hello with version "2". -10. sftp: Extension request "hardlink@openssh.com" +3.5. sftp: Extension request "hardlink@openssh.com" This request is for creating a hard link to a regular file. This request is implemented as a SSH_FXP_EXTENDED request with the @@ -444,7 +444,7 @@ link(oldpath, newpath) and will respond with a SSH_FXP_STATUS message. This extension is advertised in the SSH_FXP_VERSION hello with version "1". -10. sftp: Extension request "fsync@openssh.com" +3.6. sftp: Extension request "fsync@openssh.com" This request asks the server to call fsync(2) on an open file handle. @@ -458,4 +458,35 @@ respond with a SSH_FXP_STATUS message. This extension is advertised in the SSH_FXP_VERSION hello with version "1". -$OpenBSD: PROTOCOL,v 1.32 2018/02/19 00:55:02 djm Exp $ +4. Miscellaneous changes + +4.1 Public key format + +OpenSSH public keys, as generated by ssh-keygen(1) and appearing in +authorized_keys files, are formatted as a single line of text consisting +of the public key algorithm name followed by a base64-encoded key blob. +The public key blob (before base64 encoding) is the same format used for +the encoding of public keys sent on the wire: as described in RFC4253 +section 6.6 for RSA and DSA keys, RFC5656 section 3.1 for ECDSA keys +and the "New public key formats" section of PROTOCOL.certkeys for the +OpenSSH certificate formats. + +4.2 Private key format + +OpenSSH private keys, as generated by ssh-keygen(1) use the format +described in PROTOCOL.key by default. As a legacy option, PEM format +(RFC7468) private keys are also supported for RSA, DSA and ECDSA keys +and were the default format before OpenSSH 7.8. + +4.3 KRL format + +OpenSSH supports a compact format for Key Revocation Lists (KRLs). This +format is described in the PROTOCOL.krl file. + +4.4 Connection multiplexing + +OpenSSH's connection multiplexing uses messages as described in +PROTOCOL.mux over a Unix domain socket for communications between a +master instance and later clients. + +$OpenBSD: PROTOCOL,v 1.35 2018/08/10 00:44:01 djm Exp $ diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys index 64cb18700ee..11363fdc370 100644 --- a/PROTOCOL.certkeys +++ b/PROTOCOL.certkeys @@ -25,6 +25,10 @@ raw user keys. The ssh client will support automatic verification of acceptance of certified host keys, by adding a similar ability to specify CA keys in ~/.ssh/known_hosts. +All certificate types include certification information along with the +public key that is used to sign challenges. In OpenSSH, ssh-keygen +performs the CA signing operation. + Certified keys are represented using new key types: ssh-rsa-cert-v01@openssh.com @@ -33,9 +37,17 @@ Certified keys are represented using new key types: ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com -These include certification information along with the public key -that is used to sign challenges. ssh-keygen performs the CA signing -operation. +Two additional types exist for RSA certificates to force use of +SHA-2 signatures (SHA-256 and SHA-512 respectively): + + rsa-sha2-256-cert-v01@openssh.com + rsa-sha2-512-cert-v01@openssh.com + +These RSA/SHA-2 types should not appear in keys at rest or transmitted +on their wire, but do appear in a SSH_MSG_KEXINIT's host-key algorithms +field or in the "public key algorithm name" field of a "publickey" +SSH_USERAUTH_REQUEST to indicate that the signature will use the +specified algorithm. Protocol extensions ------------------- @@ -174,7 +186,7 @@ certificate. Each represents a time in seconds since 1970-01-01 valid after <= current time < valid before -criticial options is a set of zero or more key options encoded as +critical options is a set of zero or more key options encoded as below. All such options are "critical" in the sense that an implementation must refuse to authorise a key that has an unrecognised option. @@ -291,4 +303,4 @@ permit-user-rc empty Flag indicating that execution of of this script will not be permitted if this option is not present. -$OpenBSD: PROTOCOL.certkeys,v 1.13 2017/11/03 02:32:19 djm Exp $ +$OpenBSD: PROTOCOL.certkeys,v 1.15 2018/07/03 11:39:54 djm Exp $ diff --git a/PROTOCOL.chacha20poly1305 b/PROTOCOL.chacha20poly1305 index 4857d38533d..9ce2a1e3a14 100644 --- a/PROTOCOL.chacha20poly1305 +++ b/PROTOCOL.chacha20poly1305 @@ -16,7 +16,7 @@ that computes a 128 bit integrity tag given a message and a single-use The chacha20-poly1305@openssh.com combines these two primitives into an authenticated encryption mode. The construction used is based on that proposed for TLS by Adam Langley in [3], but differs in the layout of -data passed to the MAC and in the addition of encyption of the packet +data passed to the MAC and in the addition of encryption of the packet lengths. Negotiation @@ -103,5 +103,5 @@ References [3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 -$OpenBSD: PROTOCOL.chacha20poly1305,v 1.3 2016/05/03 13:10:24 djm Exp $ +$OpenBSD: PROTOCOL.chacha20poly1305,v 1.4 2018/04/10 00:10:49 djm Exp $ diff --git a/PROTOCOL.krl b/PROTOCOL.krl index b9695107bac..f319bad21d3 100644 --- a/PROTOCOL.krl +++ b/PROTOCOL.krl @@ -145,7 +145,7 @@ This section may appear multiple times. 5. KRL signature sections The KRL_SECTION_SIGNATURE section serves a different purpose to the -preceeding ones: to provide cryptographic authentication of a KRL that +preceding ones: to provide cryptographic authentication of a KRL that is retrieved over a channel that does not provide integrity protection. Its format is slightly different to the previously-described sections: in order to simplify the signature generation, it includes as a "body" @@ -166,4 +166,4 @@ Implementations that retrieve KRLs over untrusted channels must verify signatures. Signature sections are optional for KRLs distributed by trusted means. -$OpenBSD: PROTOCOL.krl,v 1.3 2015/01/30 01:10:33 djm Exp $ +$OpenBSD: PROTOCOL.krl,v 1.4 2018/04/10 00:10:49 djm Exp $ diff --git a/README b/README index fb8e21743b0..97fc2ef9927 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -See https://www.openssh.com/releasenotes.html#7.7p1 for the release notes. +See https://www.openssh.com/releasenotes.html#7.8p1 for the release notes. Please read https://www.openssh.com/report.html for bug reporting instructions and note that we do not use Github for bug reporting or diff --git a/README.platform b/README.platform index c7be95fb6c5..9210e07c8c6 100644 --- a/README.platform +++ b/README.platform @@ -80,7 +80,7 @@ added to /etc/security/audit_event: 32800:AUE_openssh:OpenSSH login:lo The BSM audit event range available for third party TCB applications is -32768 - 65535. Event number 32800 has been choosen for AUE_openssh. +32768 - 65535. Event number 32800 has been chosen for AUE_openssh. There is no official registry of 3rd party event numbers, so if this number is already in use on your system, you may change it at build time by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding. diff --git a/TODO b/TODO index f22c7e224b8..b76529c960a 100644 --- a/TODO +++ b/TODO @@ -35,7 +35,7 @@ Programming: - Use different PAM service name for kbdint vs regular auth (suggest from Solar Designer) - Ability to select which ChallengeResponseAuthentications may be used - and order to try them in e.g. "ChallengeResponseAuthentication skey, pam" + and order to try them in e.g. "ChallengeResponseAuthentication pam" - Complete Tru64 SIA support - It looks like we could merge it into the password auth code to cut down @@ -57,10 +57,10 @@ Clean up configure/makefiles: - Replace the whole u_intXX_t evilness in acconfig.h with something better??? - Do it in configure.ac -- Consider splitting the u_intXX_t test for sys/bitype.h into seperate test +- Consider splitting the u_intXX_t test for sys/bitype.h into separate test to allow people to (right/wrongfully) link against Bind directly. -- Consider splitting configure.ac into seperate files which do logically +- Consider splitting configure.ac into separate files which do logically similar tests. E.g move all the type detection stuff into one file, entropy related stuff into another. diff --git a/aclocal.m4 b/aclocal.m4 index ac6b6684a51..25ecc49a220 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -25,7 +25,7 @@ int main(int argc, char **argv) { } ]])], [ -if `grep -i "unrecognized option" conftest.err >/dev/null` +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then AC_MSG_RESULT([no]) CFLAGS="$saved_CFLAGS" @@ -63,7 +63,7 @@ int main(int argc, char **argv) { } ]])], [ -if `grep -i "unrecognized option" conftest.err >/dev/null` +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then AC_MSG_RESULT([no]) CFLAGS="$saved_CFLAGS" @@ -100,8 +100,15 @@ int main(int argc, char **argv) { exit(0); } ]])], - [ AC_MSG_RESULT([yes]) - LDFLAGS="$saved_LDFLAGS $_define_flag"], + [ +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + AC_MSG_RESULT([no]) + LDFLAGS="$saved_LDFLAGS" +else + AC_MSG_RESULT([yes]) + LDFLAGS="$saved_LDFLAGS $_define_flag" +fi ], [ AC_MSG_RESULT([no]) LDFLAGS="$saved_LDFLAGS" ] ) diff --git a/addrmatch.c b/addrmatch.c index 8658e105abc..5a402d06561 100644 --- a/addrmatch.c +++ b/addrmatch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: addrmatch.c,v 1.13 2016/09/21 16:55:42 djm Exp $ */ +/* $OpenBSD: addrmatch.c,v 1.14 2018/07/31 03:07:24 djm Exp $ */ /* * Copyright (c) 2004-2008 Damien Miller @@ -205,25 +205,24 @@ addr_cmp(const struct xaddr *a, const struct xaddr *b) static int addr_pton(const char *p, struct xaddr *n) { - struct addrinfo hints, *ai; + struct addrinfo hints, *ai = NULL; + int ret = -1; memset(&hints, '\0', sizeof(hints)); hints.ai_flags = AI_NUMERICHOST; if (p == NULL || getaddrinfo(p, NULL, &hints, &ai) != 0) - return -1; - + goto out; if (ai == NULL || ai->ai_addr == NULL) - return -1; - - if (n != NULL && - addr_sa_to_xaddr(ai->ai_addr, ai->ai_addrlen, n) == -1) { + goto out; + if (n != NULL && addr_sa_to_xaddr(ai->ai_addr, ai->ai_addrlen, n) == -1) + goto out; + /* success */ + ret = 0; + out: + if (ai != NULL) freeaddrinfo(ai); - return -1; - } - - freeaddrinfo(ai); - return 0; + return ret; } /* diff --git a/audit-bsm.c b/audit-bsm.c index f8e0bea89ad..1409f69aeb9 100644 --- a/audit-bsm.c +++ b/audit-bsm.c @@ -49,7 +49,6 @@ #include "ssh.h" #include "log.h" -#include "key.h" #include "hostfile.h" #include "auth.h" #include "xmalloc.h" diff --git a/audit.c b/audit.c index 7645c143978..33a04376dd6 100644 --- a/audit.c +++ b/audit.c @@ -26,12 +26,12 @@ #include #include +#include #ifdef SSH_AUDIT_EVENTS #include "audit.h" #include "log.h" -#include "key.h" #include "hostfile.h" #include "auth.h" diff --git a/auth-bsdauth.c b/auth-bsdauth.c index e00718f2ed3..4dc5045c261 100644 --- a/auth-bsdauth.c +++ b/auth-bsdauth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-bsdauth.c,v 1.14 2015/10/20 23:24:25 mmcc Exp $ */ +/* $OpenBSD: auth-bsdauth.c,v 1.15 2018/07/09 21:35:50 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -33,11 +33,11 @@ #ifdef BSD_AUTH #include "xmalloc.h" -#include "key.h" +#include "sshkey.h" +#include "sshbuf.h" #include "hostfile.h" #include "auth.h" #include "log.h" -#include "buffer.h" #ifdef GSSAPI #include "ssh-gss.h" #endif diff --git a/auth-krb5.c b/auth-krb5.c index a5a81ed2ed8..3096f1c8ea4 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-krb5.c,v 1.22 2016/05/04 14:22:33 markus Exp $ */ +/* $OpenBSD: auth-krb5.c,v 1.23 2018/07/09 21:35:50 markus Exp $ */ /* * Kerberos v5 authentication and ticket-passing routines. * @@ -38,11 +38,11 @@ #include "ssh.h" #include "packet.h" #include "log.h" -#include "buffer.h" +#include "sshbuf.h" +#include "sshkey.h" #include "misc.h" #include "servconf.h" #include "uidswap.h" -#include "key.h" #include "hostfile.h" #include "auth.h" diff --git a/auth-options.c b/auth-options.c index b528c197ab2..27c0eb05e41 100644 --- a/auth-options.c +++ b/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.78 2018/03/14 05:35:40 djm Exp $ */ +/* $OpenBSD: auth-options.c,v 1.83 2018/06/19 02:59:41 djm Exp $ */ /* * Copyright (c) 2018 Damien Miller * @@ -283,6 +283,10 @@ sshauthopt_free(struct sshauthopt *opts) free(opts->permitopen[i]); free(opts->permitopen); + for (i = 0; i < opts->npermitlisten; i++) + free(opts->permitlisten[i]); + free(opts->permitlisten); + explicit_bzero(opts, sizeof(*opts)); free(opts); } @@ -304,10 +308,82 @@ sshauthopt_new_with_keys_defaults(void) return ret; } +/* + * Parse and record a permitopen/permitlisten directive. + * Return 0 on success. Return -1 on failure and sets *errstrp to error reason. + */ +static int +handle_permit(const char **optsp, int allow_bare_port, + char ***permitsp, size_t *npermitsp, const char **errstrp) +{ + char *opt, *tmp, *cp, *host, **permits = *permitsp; + size_t npermits = *npermitsp; + const char *errstr = "unknown error"; + + if (npermits > INT_MAX) { + *errstrp = "too many permission directives"; + return -1; + } + if ((opt = opt_dequote(optsp, &errstr)) == NULL) { + return -1; + } + if (allow_bare_port && strchr(opt, ':') == NULL) { + /* + * Allow a bare port number in permitlisten to indicate a + * listen_host wildcard. + */ + if (asprintf(&tmp, "*:%s", opt) < 0) { + *errstrp = "memory allocation failed"; + return -1; + } + free(opt); + opt = tmp; + } + if ((tmp = strdup(opt)) == NULL) { + free(opt); + *errstrp = "memory allocation failed"; + return -1; + } + cp = tmp; + /* validate syntax before recording it. */ + host = hpdelim(&cp); + if (host == NULL || strlen(host) >= NI_MAXHOST) { + free(tmp); + free(opt); + *errstrp = "invalid permission hostname"; + return -1; + } + /* + * don't want to use permitopen_port to avoid + * dependency on channels.[ch] here. + */ + if (cp == NULL || + (strcmp(cp, "*") != 0 && a2port(cp) <= 0)) { + free(tmp); + free(opt); + *errstrp = "invalid permission port"; + return -1; + } + /* XXX - add streamlocal support */ + free(tmp); + /* Record it */ + if ((permits = recallocarray(permits, npermits, npermits + 1, + sizeof(*permits))) == NULL) { + free(opt); + /* NB. don't update *permitsp if alloc fails */ + *errstrp = "memory allocation failed"; + return -1; + } + permits[npermits++] = opt; + *permitsp = permits; + *npermitsp = npermits; + return 0; +} + struct sshauthopt * sshauthopt_parse(const char *opts, const char **errstrp) { - char **oarray, *opt, *cp, *tmp, *host; + char **oarray, *opt, *cp, *tmp; int r; struct sshauthopt *ret = NULL; const char *errstr = "unknown error"; @@ -394,7 +470,7 @@ sshauthopt_parse(const char *opts, const char **errstrp) goto fail; } for (cp = opt; cp < tmp; cp++) { - if (!isalnum((u_char)*cp)) { + if (!isalnum((u_char)*cp) && *cp != '_') { free(opt); errstr = "invalid environment string"; goto fail; @@ -410,48 +486,13 @@ sshauthopt_parse(const char *opts, const char **errstrp) } ret->env[ret->nenv++] = opt; } else if (opt_match(&opts, "permitopen")) { - if (ret->npermitopen > INT_MAX) { - errstr = "too many permitopens"; - goto fail; - } - if ((opt = opt_dequote(&opts, &errstr)) == NULL) - goto fail; - if ((tmp = strdup(opt)) == NULL) { - free(opt); - goto alloc_fail; - } - cp = tmp; - /* validate syntax of permitopen before recording it. */ - host = hpdelim(&cp); - if (host == NULL || strlen(host) >= NI_MAXHOST) { - free(tmp); - free(opt); - errstr = "invalid permitopen hostname"; + if (handle_permit(&opts, 0, &ret->permitopen, + &ret->npermitopen, &errstr) != 0) goto fail; - } - /* - * don't want to use permitopen_port to avoid - * dependency on channels.[ch] here. - */ - if (cp == NULL || - (strcmp(cp, "*") != 0 && a2port(cp) <= 0)) { - free(tmp); - free(opt); - errstr = "invalid permitopen port"; + } else if (opt_match(&opts, "permitlisten")) { + if (handle_permit(&opts, 1, &ret->permitlisten, + &ret->npermitlisten, &errstr) != 0) goto fail; - } - /* XXX - add streamlocal support */ - free(tmp); - /* Record it */ - oarray = ret->permitopen; - if ((ret->permitopen = recallocarray(ret->permitopen, - ret->npermitopen, ret->npermitopen + 1, - sizeof(*ret->permitopen))) == NULL) { - free(opt); - ret->permitopen = oarray; - goto alloc_fail; - } - ret->permitopen[ret->npermitopen++] = opt; } else if (opt_match(&opts, "tunnel")) { if ((opt = opt_dequote(&opts, &errstr)) == NULL) goto fail; @@ -554,7 +595,10 @@ sshauthopt_merge(const struct sshauthopt *primary, if (tmp != NULL && (ret->required_from_host_keys = strdup(tmp)) == NULL) goto alloc_fail; - /* force_tun_device, permitopen and environment prefer the primary. */ + /* + * force_tun_device, permitopen/permitlisten and environment all + * prefer the primary. + */ ret->force_tun_device = primary->force_tun_device; if (ret->force_tun_device == -1) ret->force_tun_device = additional->force_tun_device; @@ -577,6 +621,16 @@ sshauthopt_merge(const struct sshauthopt *primary, goto alloc_fail; } + if (primary->npermitlisten > 0) { + if (dup_strings(&ret->permitlisten, &ret->npermitlisten, + primary->permitlisten, primary->npermitlisten) != 0) + goto alloc_fail; + } else if (additional->npermitlisten > 0) { + if (dup_strings(&ret->permitlisten, &ret->npermitlisten, + additional->permitlisten, additional->npermitlisten) != 0) + goto alloc_fail; + } + /* Flags are logical-AND (i.e. must be set in both for permission) */ #define OPTFLAG(x) ret->x = (primary->x == 1) && (additional->x == 1) OPTFLAG(permit_port_forwarding_flag); @@ -669,7 +723,9 @@ sshauthopt_copy(const struct sshauthopt *orig) if (dup_strings(&ret->env, &ret->nenv, orig->env, orig->nenv) != 0 || dup_strings(&ret->permitopen, &ret->npermitopen, - orig->permitopen, orig->npermitopen) != 0) { + orig->permitopen, orig->npermitopen) != 0 || + dup_strings(&ret->permitlisten, &ret->npermitlisten, + orig->permitlisten, orig->npermitlisten) != 0) { sshauthopt_free(ret); return NULL; } @@ -805,7 +861,9 @@ sshauthopt_serialise(const struct sshauthopt *opts, struct sshbuf *m, if ((r = serialise_array(m, opts->env, untrusted ? 0 : opts->nenv)) != 0 || (r = serialise_array(m, opts->permitopen, - untrusted ? 0 : opts->npermitopen)) != 0) + untrusted ? 0 : opts->npermitopen)) != 0 || + (r = serialise_array(m, opts->permitlisten, + untrusted ? 0 : opts->npermitlisten)) != 0) return r; /* success */ @@ -859,7 +917,9 @@ sshauthopt_deserialise(struct sshbuf *m, struct sshauthopt **optsp) /* Array options */ if ((r = deserialise_array(m, &opts->env, &opts->nenv)) != 0 || (r = deserialise_array(m, - &opts->permitopen, &opts->npermitopen)) != 0) + &opts->permitopen, &opts->npermitopen)) != 0 || + (r = deserialise_array(m, + &opts->permitlisten, &opts->npermitlisten)) != 0) goto out; /* success */ diff --git a/auth-options.h b/auth-options.h index bf59b30be13..0462983b5d8 100644 --- a/auth-options.h +++ b/auth-options.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.h,v 1.26 2018/03/12 00:52:01 djm Exp $ */ +/* $OpenBSD: auth-options.h,v 1.27 2018/06/06 18:23:32 djm Exp $ */ /* * Copyright (c) 2018 Damien Miller @@ -55,6 +55,10 @@ struct sshauthopt { size_t npermitopen; char **permitopen; + /* Permitted listens (remote forwarding) */ + size_t npermitlisten; + char **permitlisten; + /* * Permitted host/addresses (comma-separated) * Caller must check source address matches both lists (if present). diff --git a/auth-pam.c b/auth-pam.c index 00ba8777551..8c0138362a9 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -86,8 +86,8 @@ extern char *__progname; #endif #include "xmalloc.h" -#include "buffer.h" -#include "key.h" +#include "sshbuf.h" +#include "ssherr.h" #include "hostfile.h" #include "auth.h" #include "auth-pam.h" @@ -105,7 +105,7 @@ extern char *__progname; #include "monitor_wrap.h" extern ServerOptions options; -extern Buffer loginmsg; +extern struct sshbuf *loginmsg; extern u_int utmp_len; /* so we don't silently change behaviour */ @@ -313,44 +313,54 @@ sshpam_password_change_required(int reqd) /* Import regular and PAM environment from subprocess */ static void -import_environments(Buffer *b) +import_environments(struct sshbuf *b) { char *env; - u_int i, num_env; - int err; + u_int n, i, num_env; + int r; debug3("PAM: %s entering", __func__); #ifndef UNSUPPORTED_POSIX_THREADS_HACK /* Import variables set by do_pam_account */ - sshpam_account_status = buffer_get_int(b); - sshpam_password_change_required(buffer_get_int(b)); + if ((r = sshbuf_get_u32(b, &n)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (n > INT_MAX) + fatal("%s: invalid PAM account status %u", __func__, n); + sshpam_account_status = (int)n; + if ((r = sshbuf_get_u32(b, &n)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + sshpam_password_change_required(n != 0); /* Import environment from subprocess */ - num_env = buffer_get_int(b); + if ((r = sshbuf_get_u32(b, &num_env)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (num_env > 1024) fatal("%s: received %u environment variables, expected <= 1024", __func__, num_env); sshpam_env = xcalloc(num_env + 1, sizeof(*sshpam_env)); debug3("PAM: num env strings %d", num_env); - for(i = 0; i < num_env; i++) - sshpam_env[i] = buffer_get_string(b, NULL); - + for(i = 0; i < num_env; i++) { + if ((r = sshbuf_get_cstring(b, &(sshpam_env[i]), NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + } sshpam_env[num_env] = NULL; /* Import PAM environment from subprocess */ - num_env = buffer_get_int(b); + if ((r = sshbuf_get_u32(b, &num_env)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug("PAM: num PAM env strings %d", num_env); - for(i = 0; i < num_env; i++) { - env = buffer_get_string(b, NULL); - + for (i = 0; i < num_env; i++) { + if ((r = sshbuf_get_cstring(b, &env, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); #ifdef HAVE_PAM_PUTENV /* Errors are not fatal here */ - if ((err = pam_putenv(sshpam_handle, env)) != PAM_SUCCESS) { + if ((r = pam_putenv(sshpam_handle, env)) != PAM_SUCCESS) { error("PAM: pam_putenv: %s", - pam_strerror(sshpam_handle, sshpam_err)); + pam_strerror(sshpam_handle, r)); } #endif + /* XXX leak env? */ } #endif } @@ -362,10 +372,11 @@ static int sshpam_thread_conv(int n, sshpam_const struct pam_message **msg, struct pam_response **resp, void *data) { - Buffer buffer; + struct sshbuf *buffer; struct pam_ctxt *ctxt; struct pam_response *reply; - int i; + int r, i; + u_char status; debug3("PAM: %s entering, %d messages", __func__, n); *resp = NULL; @@ -379,38 +390,52 @@ sshpam_thread_conv(int n, sshpam_const struct pam_message **msg, return (PAM_CONV_ERR); if ((reply = calloc(n, sizeof(*reply))) == NULL) - return (PAM_CONV_ERR); + return PAM_CONV_ERR; + if ((buffer = sshbuf_new()) == NULL) { + free(reply); + return PAM_CONV_ERR; + } - buffer_init(&buffer); for (i = 0; i < n; ++i) { switch (PAM_MSG_MEMBER(msg, i, msg_style)) { case PAM_PROMPT_ECHO_OFF: case PAM_PROMPT_ECHO_ON: - buffer_put_cstring(&buffer, - PAM_MSG_MEMBER(msg, i, msg)); + if ((r = sshbuf_put_cstring(buffer, + PAM_MSG_MEMBER(msg, i, msg))) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); if (ssh_msg_send(ctxt->pam_csock, - PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1) + PAM_MSG_MEMBER(msg, i, msg_style), buffer) == -1) goto fail; - if (ssh_msg_recv(ctxt->pam_csock, &buffer) == -1) + + if (ssh_msg_recv(ctxt->pam_csock, buffer) == -1) goto fail; - if (buffer_get_char(&buffer) != PAM_AUTHTOK) + if ((r = sshbuf_get_u8(buffer, &status)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); + if (status != PAM_AUTHTOK) goto fail; - reply[i].resp = buffer_get_string(&buffer, NULL); + if ((r = sshbuf_get_cstring(buffer, + &reply[i].resp, NULL)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); break; case PAM_ERROR_MSG: case PAM_TEXT_INFO: - buffer_put_cstring(&buffer, - PAM_MSG_MEMBER(msg, i, msg)); + if ((r = sshbuf_put_cstring(buffer, + PAM_MSG_MEMBER(msg, i, msg))) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); if (ssh_msg_send(ctxt->pam_csock, - PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1) + PAM_MSG_MEMBER(msg, i, msg_style), buffer) == -1) goto fail; break; default: goto fail; } - buffer_clear(&buffer); + sshbuf_reset(buffer); } - buffer_free(&buffer); + sshbuf_free(buffer); *resp = reply; return (PAM_SUCCESS); @@ -419,7 +444,7 @@ sshpam_thread_conv(int n, sshpam_const struct pam_message **msg, free(reply[i].resp); } free(reply); - buffer_free(&buffer); + sshbuf_free(buffer); return (PAM_CONV_ERR); } @@ -430,9 +455,9 @@ static void * sshpam_thread(void *ctxtp) { struct pam_ctxt *ctxt = ctxtp; - Buffer buffer; + struct sshbuf *buffer = NULL; struct pam_conv sshpam_conv; - int flags = (options.permit_empty_passwd == 0 ? + int r, flags = (options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK : 0); #ifndef UNSUPPORTED_POSIX_THREADS_HACK extern char **environ; @@ -465,7 +490,9 @@ sshpam_thread(void *ctxtp) if (sshpam_authctxt == NULL) fatal("%s: PAM authctxt not initialized", __func__); - buffer_init(&buffer); + if ((buffer = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, (const void *)&sshpam_conv); if (sshpam_err != PAM_SUCCESS) @@ -488,45 +515,59 @@ sshpam_thread(void *ctxtp) sshpam_password_change_required(0); } - buffer_put_cstring(&buffer, "OK"); + if ((r = sshbuf_put_cstring(buffer, "OK")) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); #ifndef UNSUPPORTED_POSIX_THREADS_HACK /* Export variables set by do_pam_account */ - buffer_put_int(&buffer, sshpam_account_status); - buffer_put_int(&buffer, sshpam_authctxt->force_pwchange); + if ((r = sshbuf_put_u32(buffer, sshpam_account_status)) != 0 || + (r = sshbuf_put_u32(buffer, sshpam_authctxt->force_pwchange)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); /* Export any environment strings set in child */ - for(i = 0; environ[i] != NULL; i++) - ; /* Count */ - buffer_put_int(&buffer, i); - for(i = 0; environ[i] != NULL; i++) - buffer_put_cstring(&buffer, environ[i]); - + for (i = 0; environ[i] != NULL; i++) { + /* Count */ + if (i > INT_MAX) + fatal("%s: too many enviornment strings", __func__); + } + if ((r = sshbuf_put_u32(buffer, i)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + for (i = 0; environ[i] != NULL; i++) { + if ((r = sshbuf_put_cstring(buffer, environ[i])) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + } /* Export any environment strings set by PAM in child */ env_from_pam = pam_getenvlist(sshpam_handle); - for(i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) - ; /* Count */ - buffer_put_int(&buffer, i); - for(i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) - buffer_put_cstring(&buffer, env_from_pam[i]); + for (i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) { + /* Count */ + if (i > INT_MAX) + fatal("%s: too many PAM enviornment strings", __func__); + } + if ((r = sshbuf_put_u32(buffer, i)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + for (i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) { + if ((r = sshbuf_put_cstring(buffer, env_from_pam[i])) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + } #endif /* UNSUPPORTED_POSIX_THREADS_HACK */ /* XXX - can't do much about an error here */ - ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer); - buffer_free(&buffer); + ssh_msg_send(ctxt->pam_csock, sshpam_err, buffer); + sshbuf_free(buffer); pthread_exit(NULL); auth_fail: - buffer_put_cstring(&buffer, - pam_strerror(sshpam_handle, sshpam_err)); + if ((r = sshbuf_put_cstring(buffer, + pam_strerror(sshpam_handle, sshpam_err))) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); /* XXX - can't do much about an error here */ if (sshpam_err == PAM_ACCT_EXPIRED) - ssh_msg_send(ctxt->pam_csock, PAM_ACCT_EXPIRED, &buffer); + ssh_msg_send(ctxt->pam_csock, PAM_ACCT_EXPIRED, buffer); else if (sshpam_maxtries_reached) - ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, &buffer); + ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, buffer); else - ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer); - buffer_free(&buffer); + ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, buffer); + sshbuf_free(buffer); pthread_exit(NULL); return (NULL); /* Avoid warning for non-pthread case */ @@ -563,8 +604,7 @@ sshpam_store_conv(int n, sshpam_const struct pam_message **msg, struct pam_response **resp, void *data) { struct pam_response *reply; - int i; - size_t len; + int r, i; debug3("PAM: %s called with %d messages", __func__, n); *resp = NULL; @@ -579,9 +619,10 @@ sshpam_store_conv(int n, sshpam_const struct pam_message **msg, switch (PAM_MSG_MEMBER(msg, i, msg_style)) { case PAM_ERROR_MSG: case PAM_TEXT_INFO: - len = strlen(PAM_MSG_MEMBER(msg, i, msg)); - buffer_append(&loginmsg, PAM_MSG_MEMBER(msg, i, msg), len); - buffer_append(&loginmsg, "\n", 1 ); + if ((r = sshbuf_putf(loginmsg, "%s\n", + PAM_MSG_MEMBER(msg, i, msg))) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); reply[i].resp_retcode = PAM_SUCCESS; break; default: @@ -674,6 +715,27 @@ sshpam_init(Authctxt *authctxt) return (0); } +static void +expose_authinfo(const char *caller) +{ + char *auth_info; + + /* + * Expose authentication information to PAM. + * The environment variable is versioned. Please increment the + * version suffix if the format of session_info changes. + */ + if (sshpam_authctxt->session_info == NULL) + auth_info = xstrdup(""); + else if ((auth_info = sshbuf_dup_string( + sshpam_authctxt->session_info)) == NULL) + fatal("%s: sshbuf_dup_string failed", __func__); + + debug2("%s: auth information in SSH_AUTH_INFO_0", caller); + do_pam_putenv("SSH_AUTH_INFO_0", auth_info); + free(auth_info); +} + static void * sshpam_init_ctx(Authctxt *authctxt) { @@ -694,6 +756,7 @@ sshpam_init_ctx(Authctxt *authctxt) return (NULL); } + expose_authinfo(__func__); ctxt = xcalloc(1, sizeof *ctxt); /* Start the authentication thread */ @@ -721,25 +784,27 @@ sshpam_query(void *ctx, char **name, char **info, u_int *num, char ***prompts, u_int **echo_on) { struct ssh *ssh = active_state; /* XXX */ - Buffer buffer; + struct sshbuf *buffer; struct pam_ctxt *ctxt = ctx; size_t plen; u_char type; char *msg; size_t len, mlen; + int r; debug3("PAM: %s entering", __func__); - buffer_init(&buffer); + if ((buffer = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); *name = xstrdup(""); *info = xstrdup(""); *prompts = xmalloc(sizeof(char *)); **prompts = NULL; plen = 0; *echo_on = xmalloc(sizeof(u_int)); - while (ssh_msg_recv(ctxt->pam_psock, &buffer) == 0) { - type = buffer_get_char(&buffer); - msg = buffer_get_string(&buffer, NULL); - mlen = strlen(msg); + while (ssh_msg_recv(ctxt->pam_psock, buffer) == 0) { + if ((r = sshbuf_get_u8(buffer, &type)) != 0 || + (r = sshbuf_get_cstring(buffer, &msg, &mlen)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); switch (type) { case PAM_PROMPT_ECHO_ON: case PAM_PROMPT_ECHO_OFF: @@ -785,8 +850,10 @@ sshpam_query(void *ctx, char **name, char **info, if (**prompts != NULL) { /* drain any accumulated messages */ debug("PAM: %s", **prompts); - buffer_append(&loginmsg, **prompts, - strlen(**prompts)); + if ((r = sshbuf_put(loginmsg, **prompts, + strlen(**prompts))) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); free(**prompts); **prompts = NULL; } @@ -797,7 +864,7 @@ sshpam_query(void *ctx, char **name, char **info, fatal("Internal error: PAM auth " "succeeded when it should have " "failed"); - import_environments(&buffer); + import_environments(buffer); *num = 0; **echo_on = 0; ctxt->pam_done = 1; @@ -848,9 +915,10 @@ fake_password(const char *wire_password) static int sshpam_respond(void *ctx, u_int num, char **resp) { - Buffer buffer; + struct sshbuf *buffer; struct pam_ctxt *ctxt = ctx; char *fake; + int r; debug2("PAM: %s entering, %u responses", __func__, num); switch (ctxt->pam_done) { @@ -866,21 +934,24 @@ sshpam_respond(void *ctx, u_int num, char **resp) error("PAM: expected one response, got %u", num); return (-1); } - buffer_init(&buffer); + if ((buffer = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); if (sshpam_authctxt->valid && (sshpam_authctxt->pw->pw_uid != 0 || - options.permit_root_login == PERMIT_YES)) - buffer_put_cstring(&buffer, *resp); - else { + options.permit_root_login == PERMIT_YES)) { + if ((r = sshbuf_put_cstring(buffer, *resp)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + } else { fake = fake_password(*resp); - buffer_put_cstring(&buffer, fake); + if ((r = sshbuf_put_cstring(buffer, fake)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); free(fake); } - if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) { - buffer_free(&buffer); + if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, buffer) == -1) { + sshbuf_free(buffer); return (-1); } - buffer_free(&buffer); + sshbuf_free(buffer); return (1); } @@ -935,26 +1006,6 @@ finish_pam(void) sshpam_cleanup(); } -static void -expose_authinfo(const char *caller) -{ - char *auth_info; - - /* - * Expose authentication information to PAM. - * The enviornment variable is versioned. Please increment the - * version suffix if the format of session_info changes. - */ - if (sshpam_authctxt->session_info == NULL) - auth_info = xstrdup(""); - else if ((auth_info = sshbuf_dup_string( - sshpam_authctxt->session_info)) == NULL) - fatal("%s: sshbuf_dup_string failed", __func__); - - debug2("%s: auth information in SSH_AUTH_INFO_0", caller); - do_pam_putenv("SSH_AUTH_INFO_0", auth_info); - free(auth_info); -} u_int do_pam_account(void) @@ -1174,7 +1225,7 @@ sshpam_passwd_conv(int n, sshpam_const struct pam_message **msg, struct pam_response **resp, void *data) { struct pam_response *reply; - int i; + int r, i; size_t len; debug3("PAM: %s called with %d messages", __func__, n); @@ -1200,9 +1251,10 @@ sshpam_passwd_conv(int n, sshpam_const struct pam_message **msg, case PAM_TEXT_INFO: len = strlen(PAM_MSG_MEMBER(msg, i, msg)); if (len > 0) { - buffer_append(&loginmsg, - PAM_MSG_MEMBER(msg, i, msg), len); - buffer_append(&loginmsg, "\n", 1); + if ((r = sshbuf_putf(loginmsg, "%s\n", + PAM_MSG_MEMBER(msg, i, msg))) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); } if ((reply[i].resp = strdup("")) == NULL) goto fail; diff --git a/auth-passwd.c b/auth-passwd.c index 6097fdd243e..65f52518491 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-passwd.c,v 1.46 2018/03/03 03:15:51 djm Exp $ */ +/* $OpenBSD: auth-passwd.c,v 1.47 2018/07/09 21:26:02 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -46,16 +46,17 @@ #include #include "packet.h" -#include "buffer.h" +#include "sshbuf.h" +#include "ssherr.h" #include "log.h" #include "misc.h" #include "servconf.h" -#include "key.h" +#include "sshkey.h" #include "hostfile.h" #include "auth.h" #include "auth-options.h" -extern Buffer loginmsg; +extern struct sshbuf *loginmsg; extern ServerOptions options; #ifdef HAVE_LOGIN_CAP @@ -131,7 +132,7 @@ auth_password(struct ssh *ssh, const char *password) static void warn_expiry(Authctxt *authctxt, auth_session_t *as) { - char buf[256]; + int r; quad_t pwtimeleft, actimeleft, daysleft, pwwarntime, acwarntime; pwwarntime = acwarntime = TWO_WEEKS; @@ -148,17 +149,17 @@ warn_expiry(Authctxt *authctxt, auth_session_t *as) #endif if (pwtimeleft != 0 && pwtimeleft < pwwarntime) { daysleft = pwtimeleft / DAY + 1; - snprintf(buf, sizeof(buf), + if ((r = sshbuf_putf(loginmsg, "Your password will expire in %lld day%s.\n", - daysleft, daysleft == 1 ? "" : "s"); - buffer_append(&loginmsg, buf, strlen(buf)); + daysleft, daysleft == 1 ? "" : "s")) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } if (actimeleft != 0 && actimeleft < acwarntime) { daysleft = actimeleft / DAY + 1; - snprintf(buf, sizeof(buf), + if ((r = sshbuf_putf(loginmsg, "Your account will expire in %lld day%s.\n", - daysleft, daysleft == 1 ? "" : "s"); - buffer_append(&loginmsg, buf, strlen(buf)); + daysleft, daysleft == 1 ? "" : "s")) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } } diff --git a/auth-rhosts.c b/auth-rhosts.c index ecf956f0676..57296e1f6f0 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rhosts.c,v 1.48 2016/08/13 17:47:41 markus Exp $ */ +/* $OpenBSD: auth-rhosts.c,v 1.49 2018/07/09 21:35:50 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -34,8 +34,8 @@ #include "pathnames.h" #include "log.h" #include "misc.h" -#include "buffer.h" /* XXX */ -#include "key.h" /* XXX */ +#include "sshbuf.h" +#include "sshkey.h" #include "servconf.h" #include "canohost.h" #include "sshkey.h" diff --git a/auth-shadow.c b/auth-shadow.c index 21909167761..c77ee8da9b4 100644 --- a/auth-shadow.c +++ b/auth-shadow.c @@ -30,10 +30,10 @@ #include #include -#include "key.h" #include "hostfile.h" #include "auth.h" -#include "buffer.h" +#include "sshbuf.h" +#include "ssherr.h" #include "log.h" #ifdef DAY @@ -41,7 +41,7 @@ #endif #define DAY (24L * 60 * 60) /* 1 day in seconds */ -extern Buffer loginmsg; +extern struct sshbuf *loginmsg; /* * For the account and password expiration functions, we assume the expiry @@ -57,7 +57,7 @@ auth_shadow_acctexpired(struct spwd *spw) { time_t today; int daysleft; - char buf[256]; + int r; today = time(NULL) / DAY; daysleft = spw->sp_expire - today; @@ -71,10 +71,10 @@ auth_shadow_acctexpired(struct spwd *spw) return 1; } else if (daysleft <= spw->sp_warn) { debug3("account will expire in %d days", daysleft); - snprintf(buf, sizeof(buf), + if ((r = sshbuf_putf(loginmsg, "Your account will expire in %d day%s.\n", daysleft, - daysleft == 1 ? "" : "s"); - buffer_append(&loginmsg, buf, strlen(buf)); + daysleft == 1 ? "" : "s")) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } return 0; @@ -89,9 +89,8 @@ auth_shadow_pwexpired(Authctxt *ctxt) { struct spwd *spw = NULL; const char *user = ctxt->pw->pw_name; - char buf[256]; time_t today; - int daysleft, disabled = 0; + int r, daysleft, disabled = 0; if ((spw = getspnam((char *)user)) == NULL) { error("Could not get shadow information for %.100s", user); @@ -131,10 +130,10 @@ auth_shadow_pwexpired(Authctxt *ctxt) return 1; } else if (daysleft <= spw->sp_warn) { debug3("password will expire in %d days", daysleft); - snprintf(buf, sizeof(buf), + if ((r = sshbuf_putf(loginmsg, "Your password will expire in %d day%s.\n", daysleft, - daysleft == 1 ? "" : "s"); - buffer_append(&loginmsg, buf, strlen(buf)); + daysleft == 1 ? "" : "s")) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } return 0; diff --git a/auth-sia.c b/auth-sia.c index 7c97f03e51e..ebe9d8d124c 100644 --- a/auth-sia.c +++ b/auth-sia.c @@ -37,7 +37,6 @@ #include "ssh.h" #include "ssh_api.h" -#include "key.h" #include "hostfile.h" #include "auth.h" #include "auth-sia.h" diff --git a/auth-skey.c b/auth-skey.c index 3536ec8fad4..b347527f639 100644 --- a/auth-skey.c +++ b/auth-skey.c @@ -35,7 +35,6 @@ #include #include "xmalloc.h" -#include "key.h" #include "hostfile.h" #include "auth.h" #include "ssh-gss.h" diff --git a/auth.c b/auth.c index 63366768a01..9a3bc96f199 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.127 2018/03/12 00:52:01 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.132 2018/07/11 08:19:35 martijn Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -55,10 +55,10 @@ #include "match.h" #include "groupaccess.h" #include "log.h" -#include "buffer.h" +#include "sshbuf.h" #include "misc.h" #include "servconf.h" -#include "key.h" +#include "sshkey.h" #include "hostfile.h" #include "auth.h" #include "auth-options.h" @@ -79,13 +79,12 @@ /* import */ extern ServerOptions options; extern int use_privsep; -extern Buffer loginmsg; +extern struct sshbuf *loginmsg; extern struct passwd *privsep_pw; extern struct sshauthopt *auth_opts; /* Debugging messages */ -Buffer auth_debug; -int auth_debug_init; +static struct sshbuf *auth_debug; /* * Check if the user is allowed to log in via ssh. If user is listed @@ -281,7 +280,7 @@ format_method_key(Authctxt *authctxt) if (key == NULL) return NULL; - if (key_is_cert(key)) { + if (sshkey_is_cert(key)) { fp = sshkey_fingerprint(key->cert->signature_key, options.fingerprint_hash, SSH_FP_DEFAULT); xasprintf(&ret, "%s ID %s (serial %llu) CA %s %s%s%s", @@ -422,11 +421,13 @@ auth_root_allowed(struct ssh *ssh, const char *method) char * expand_authorized_keys(const char *filename, struct passwd *pw) { - char *file, ret[PATH_MAX]; + char *file, uidstr[32], ret[PATH_MAX]; int i; + snprintf(uidstr, sizeof(uidstr), "%llu", + (unsigned long long)pw->pw_uid); file = percent_expand(filename, "h", pw->pw_dir, - "u", pw->pw_name, (char *)NULL); + "u", pw->pw_name, "U", uidstr, (char *)NULL); /* * Ensure that filename starts anchored. If not, be backward @@ -670,26 +671,32 @@ auth_debug_add(const char *fmt,...) { char buf[1024]; va_list args; + int r; - if (!auth_debug_init) + if (auth_debug == NULL) return; va_start(args, fmt); vsnprintf(buf, sizeof(buf), fmt, args); va_end(args); - buffer_put_cstring(&auth_debug, buf); + if ((r = sshbuf_put_cstring(auth_debug, buf)) != 0) + fatal("%s: sshbuf_put_cstring: %s", __func__, ssh_err(r)); } void auth_debug_send(void) { + struct ssh *ssh = active_state; /* XXX */ char *msg; + int r; - if (!auth_debug_init) + if (auth_debug == NULL) return; - while (buffer_len(&auth_debug)) { - msg = buffer_get_string(&auth_debug, NULL); - packet_send_debug("%s", msg); + while (sshbuf_len(auth_debug) != 0) { + if ((r = sshbuf_get_cstring(auth_debug, &msg, NULL)) != 0) + fatal("%s: sshbuf_get_cstring: %s", + __func__, ssh_err(r)); + ssh_packet_send_debug(ssh, "%s", msg); free(msg); } } @@ -697,12 +704,10 @@ auth_debug_send(void) void auth_debug_reset(void) { - if (auth_debug_init) - buffer_clear(&auth_debug); - else { - buffer_init(&auth_debug); - auth_debug_init = 1; - } + if (auth_debug != NULL) + sshbuf_reset(auth_debug); + else if ((auth_debug = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); } struct passwd * @@ -843,7 +848,7 @@ auth_get_canonical_hostname(struct ssh *ssh, int use_dns) } /* - * Runs command in a subprocess wuth a minimal environment. + * Runs command in a subprocess with a minimal environment. * Returns pid on success, 0 on failure. * The child stdout and stderr maybe captured, left attached or sent to * /dev/null depending on the contents of flags. @@ -1003,17 +1008,20 @@ auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote) int do_env = options.permit_user_env && opts->nenv > 0; int do_permitopen = opts->npermitopen > 0 && (options.allow_tcp_forwarding & FORWARD_LOCAL) != 0; + int do_permitlisten = opts->npermitlisten > 0 && + (options.allow_tcp_forwarding & FORWARD_REMOTE) != 0; size_t i; char msg[1024], buf[64]; snprintf(buf, sizeof(buf), "%d", opts->force_tun_device); /* Try to keep this alphabetically sorted */ - snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s", + snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s%s", opts->permit_agent_forwarding_flag ? " agent-forwarding" : "", opts->force_command == NULL ? "" : " command", do_env ? " environment" : "", opts->valid_before == 0 ? "" : "expires", do_permitopen ? " permitopen" : "", + do_permitlisten ? " permitlisten" : "", opts->permit_port_forwarding_flag ? " port-forwarding" : "", opts->cert_principals == NULL ? "" : " principals", opts->permit_pty_flag ? " pty" : "", @@ -1047,12 +1055,18 @@ auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote) } if (opts->force_command != NULL) debug("%s: forced command: \"%s\"", loc, opts->force_command); - if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) { + if (do_permitopen) { for (i = 0; i < opts->npermitopen; i++) { debug("%s: permitted open: %s", loc, opts->permitopen[i]); } } + if (do_permitlisten) { + for (i = 0; i < opts->npermitlisten; i++) { + debug("%s: permitted listen: %s", + loc, opts->permitlisten[i]); + } + } } /* Activate a new set of key/cert options; merging with what is there. */ @@ -1080,6 +1094,7 @@ auth_restrict_session(struct ssh *ssh) /* A blank sshauthopt defaults to permitting nothing */ restricted = sshauthopt_new(); + restricted->permit_pty_flag = 1; restricted->restricted = 1; if (auth_activate_options(ssh, restricted) != 0) diff --git a/auth.h b/auth.h index 23ce67cafe4..977562f0a6f 100644 --- a/auth.h +++ b/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.95 2018/03/03 03:15:51 djm Exp $ */ +/* $OpenBSD: auth.h,v 1.96 2018/04/10 00:10:49 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -89,7 +89,7 @@ struct Authctxt { struct sshkey **prev_keys; u_int nprev_keys; - /* Last used key and ancilliary information from active auth method */ + /* Last used key and ancillary information from active auth method */ struct sshkey *auth_method_key; char *auth_method_info; @@ -187,8 +187,6 @@ int auth2_challenge(struct ssh *, char *); void auth2_challenge_stop(struct ssh *); int bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **); int bsdauth_respond(void *, u_int, char **); -int skey_query(void *, char **, char **, u_int *, char ***, u_int **); -int skey_respond(void *, u_int, char **); int allowed_user(struct passwd *); struct passwd * getpwnamallow(const char *user); @@ -239,8 +237,6 @@ pid_t subprocess(const char *, struct passwd *, int sys_auth_passwd(struct ssh *, const char *); -#define SKEY_PROMPT "\nS/Key Password: " - #if defined(KRB5) && !defined(HEIMDAL) #include krb5_error_code ssh_krb5_cc_gen(krb5_context, krb5_ccache *); diff --git a/auth2-chall.c b/auth2-chall.c index 11c8d31b356..2d5cff448ab 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-chall.c,v 1.48 2017/05/30 14:29:59 markus Exp $ */ +/* $OpenBSD: auth2-chall.c,v 1.50 2018/07/11 18:55:11 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Per Allansson. All rights reserved. @@ -34,12 +34,13 @@ #include "xmalloc.h" #include "ssh2.h" -#include "key.h" +#include "sshkey.h" #include "hostfile.h" #include "auth.h" -#include "buffer.h" +#include "sshbuf.h" #include "packet.h" #include "dispatch.h" +#include "ssherr.h" #include "log.h" #include "misc.h" #include "servconf.h" @@ -48,7 +49,7 @@ extern ServerOptions options; static int auth2_challenge_start(struct ssh *); -static int send_userauth_info_request(Authctxt *); +static int send_userauth_info_request(struct ssh *); static int input_userauth_info_response(int, u_int32_t, struct ssh *); #ifdef BSD_AUTH @@ -57,9 +58,6 @@ extern KbdintDevice bsdauth_device; #ifdef USE_PAM extern KbdintDevice sshpam_device; #endif -#ifdef SKEY -extern KbdintDevice skey_device; -#endif #endif KbdintDevice *devices[] = { @@ -69,9 +67,6 @@ KbdintDevice *devices[] = { #ifdef USE_PAM &sshpam_device, #endif -#ifdef SKEY - &skey_device, -#endif #endif NULL }; @@ -105,8 +100,8 @@ static KbdintAuthctxt * kbdint_alloc(const char *devs) { KbdintAuthctxt *kbdintctxt; - Buffer b; - int i; + struct sshbuf *b; + int i, r; #ifdef USE_PAM if (!options.use_pam) @@ -115,16 +110,17 @@ kbdint_alloc(const char *devs) kbdintctxt = xcalloc(1, sizeof(KbdintAuthctxt)); if (strcmp(devs, "") == 0) { - buffer_init(&b); + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); for (i = 0; devices[i]; i++) { - if (buffer_len(&b) > 0) - buffer_append(&b, ",", 1); - buffer_append(&b, devices[i]->name, - strlen(devices[i]->name)); + if ((r = sshbuf_putf(b, "%s%s", + sshbuf_len(b) ? "," : "", devices[i]->name)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); } - if ((kbdintctxt->devices = sshbuf_dup_string(&b)) == NULL) + if ((kbdintctxt->devices = sshbuf_dup_string(b)) == NULL) fatal("%s: sshbuf_dup_string failed", __func__); - buffer_free(&b); + sshbuf_free(b); } else { kbdintctxt->devices = xstrdup(devs); } @@ -243,7 +239,7 @@ auth2_challenge_start(struct ssh *ssh) auth2_challenge_stop(ssh); return 0; } - if (send_userauth_info_request(authctxt) == 0) { + if (send_userauth_info_request(ssh) == 0) { auth2_challenge_stop(ssh); return 0; } @@ -255,28 +251,32 @@ auth2_challenge_start(struct ssh *ssh) } static int -send_userauth_info_request(Authctxt *authctxt) +send_userauth_info_request(struct ssh *ssh) { + Authctxt *authctxt = ssh->authctxt; KbdintAuthctxt *kbdintctxt; char *name, *instr, **prompts; - u_int i, *echo_on; + u_int r, i, *echo_on; kbdintctxt = authctxt->kbdintctxt; if (kbdintctxt->device->query(kbdintctxt->ctxt, &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on)) return 0; - packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); - packet_put_cstring(name); - packet_put_cstring(instr); - packet_put_cstring(""); /* language not used */ - packet_put_int(kbdintctxt->nreq); + if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST)) != 0 || + (r = sshpkt_put_cstring(ssh, name)) != 0 || + (r = sshpkt_put_cstring(ssh, instr)) != 0 || + (r = sshpkt_put_cstring(ssh, "")) != 0 || /* language not used */ + (r = sshpkt_put_u32(ssh, kbdintctxt->nreq)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); for (i = 0; i < kbdintctxt->nreq; i++) { - packet_put_cstring(prompts[i]); - packet_put_char(echo_on[i]); + if ((r = sshpkt_put_cstring(ssh, prompts[i])) != 0 || + (r = sshpkt_put_u8(ssh, echo_on[i])) != 0) + fatal("%s: %s", __func__, ssh_err(r)); } - packet_send(); - packet_write_wait(); + if ((r = sshpkt_send(ssh)) != 0 || + (r = ssh_packet_write_wait(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); for (i = 0; i < kbdintctxt->nreq; i++) free(prompts[i]); @@ -293,6 +293,7 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh) Authctxt *authctxt = ssh->authctxt; KbdintAuthctxt *kbdintctxt; int authenticated = 0, res; + int r; u_int i, nresp; const char *devicename = NULL; char **response = NULL; @@ -306,7 +307,8 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh) fatal("input_userauth_info_response: no device"); authctxt->postponed = 0; /* reset */ - nresp = packet_get_int(); + if ((r = sshpkt_get_u32(ssh, &nresp)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); if (nresp != kbdintctxt->nreq) fatal("input_userauth_info_response: wrong number of replies"); if (nresp > 100) @@ -314,9 +316,12 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh) if (nresp > 0) { response = xcalloc(nresp, sizeof(char *)); for (i = 0; i < nresp; i++) - response[i] = packet_get_string(NULL); + if ((r = sshpkt_get_cstring(ssh, &response[i], + NULL)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); } - packet_check_eom(); + if ((r = sshpkt_get_end(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response); @@ -333,7 +338,7 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh) break; case 1: /* Authentication needs further interaction */ - if (send_userauth_info_request(authctxt) == 1) + if (send_userauth_info_request(ssh) == 1) authctxt->postponed = 1; break; default: @@ -358,7 +363,7 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh) void privsep_challenge_enable(void) { -#if defined(BSD_AUTH) || defined(USE_PAM) || defined(SKEY) +#if defined(BSD_AUTH) || defined(USE_PAM) int n = 0; #endif #ifdef BSD_AUTH @@ -367,9 +372,6 @@ privsep_challenge_enable(void) #ifdef USE_PAM extern KbdintDevice mm_sshpam_device; #endif -#ifdef SKEY - extern KbdintDevice mm_skey_device; -#endif #ifdef BSD_AUTH devices[n++] = &mm_bsdauth_device; @@ -377,8 +379,5 @@ privsep_challenge_enable(void) #ifdef USE_PAM devices[n++] = &mm_sshpam_device; #endif -#ifdef SKEY - devices[n++] = &mm_skey_device; -#endif #endif } diff --git a/auth2-gss.c b/auth2-gss.c index 589283b7204..9351e042819 100644 --- a/auth2-gss.c +++ b/auth2-gss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-gss.c,v 1.26 2017/06/24 06:34:38 djm Exp $ */ +/* $OpenBSD: auth2-gss.c,v 1.29 2018/07/31 03:10:27 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -33,13 +33,14 @@ #include #include "xmalloc.h" -#include "key.h" +#include "sshkey.h" #include "hostfile.h" #include "auth.h" #include "ssh2.h" #include "log.h" #include "dispatch.h" -#include "buffer.h" +#include "sshbuf.h" +#include "ssherr.h" #include "misc.h" #include "servconf.h" #include "packet.h" @@ -63,16 +64,15 @@ userauth_gssapi(struct ssh *ssh) Authctxt *authctxt = ssh->authctxt; gss_OID_desc goid = {0, NULL}; Gssctxt *ctxt = NULL; - int mechs; - int present; + int r, present; + u_int mechs; OM_uint32 ms; - u_int len; + size_t len; u_char *doid = NULL; - if (!authctxt->valid || authctxt->user == NULL) - return (0); + if ((r = sshpkt_get_u32(ssh, &mechs)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); - mechs = packet_get_int(); if (mechs == 0) { debug("Mechanism negotiation is not supported"); return (0); @@ -84,7 +84,8 @@ userauth_gssapi(struct ssh *ssh) free(doid); present = 0; - doid = packet_get_string(&len); + if ((r = sshpkt_get_string(ssh, &doid, &len)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); if (len > 2 && doid[0] == SSH_GSS_OIDTYPE && doid[1] == len - 2) { @@ -102,6 +103,12 @@ userauth_gssapi(struct ssh *ssh) return (0); } + if (!authctxt->valid || authctxt->user == NULL) { + debug2("%s: disabled because of invalid user", __func__); + free(doid); + return (0); + } + if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) { if (ctxt != NULL) ssh_gssapi_delete_ctx(&ctxt); @@ -112,12 +119,12 @@ userauth_gssapi(struct ssh *ssh) authctxt->methoddata = (void *)ctxt; - packet_start(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE); - /* Return the OID that we received */ - packet_put_string(doid, len); + if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_GSSAPI_RESPONSE)) != 0 || + (r = sshpkt_put_string(ssh, doid, len)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); - packet_send(); free(doid); ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token); @@ -135,36 +142,45 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh) gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; gss_buffer_desc recv_tok; OM_uint32 maj_status, min_status, flags; - u_int len; + u_char *p; + size_t len; + int r; if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) fatal("No authentication or GSSAPI context"); gssctxt = authctxt->methoddata; - recv_tok.value = packet_get_string(&len); - recv_tok.length = len; /* u_int vs. size_t */ - - packet_check_eom(); + if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + recv_tok.value = p; + recv_tok.length = len; maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, &send_tok, &flags)); - free(recv_tok.value); + free(p); if (GSS_ERROR(maj_status)) { if (send_tok.length != 0) { - packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK); - packet_put_string(send_tok.value, send_tok.length); - packet_send(); + if ((r = sshpkt_start(ssh, + SSH2_MSG_USERAUTH_GSSAPI_ERRTOK)) != 0 || + (r = sshpkt_put_string(ssh, send_tok.value, + send_tok.length)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); } authctxt->postponed = 0; ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); userauth_finish(ssh, 0, "gssapi-with-mic", NULL); } else { if (send_tok.length != 0) { - packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN); - packet_put_string(send_tok.value, send_tok.length); - packet_send(); + if ((r = sshpkt_start(ssh, + SSH2_MSG_USERAUTH_GSSAPI_TOKEN)) != 0 || + (r = sshpkt_put_string(ssh, send_tok.value, + send_tok.length)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); } if (maj_status == GSS_S_COMPLETE) { ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); @@ -190,17 +206,20 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh) gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; gss_buffer_desc recv_tok; OM_uint32 maj_status; - u_int len; + int r; + u_char *p; + size_t len; if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) fatal("No authentication or GSSAPI context"); gssctxt = authctxt->methoddata; - recv_tok.value = packet_get_string(&len); + if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + recv_tok.value = p; recv_tok.length = len; - packet_check_eom(); - /* Push the error token into GSSAPI to see what it says */ maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, &send_tok, NULL)); @@ -227,7 +246,7 @@ static int input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; - int authenticated; + int r, authenticated; const char *displayname; if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) @@ -238,7 +257,8 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh) * the dispatcher once the exchange is complete */ - packet_check_eom(); + if ((r = sshpkt_get_end(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); @@ -260,32 +280,37 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; Gssctxt *gssctxt; - int authenticated = 0; - Buffer b; + int r, authenticated = 0; + struct sshbuf *b; gss_buffer_desc mic, gssbuf; - u_int len; const char *displayname; + u_char *p; + size_t len; if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) fatal("No authentication or GSSAPI context"); gssctxt = authctxt->methoddata; - mic.value = packet_get_string(&len); + if ((r = sshpkt_get_string(ssh, &p, &len)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + mic.value = p; mic.length = len; - - ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service, + ssh_gssapi_buildmic(b, authctxt->user, authctxt->service, "gssapi-with-mic"); - gssbuf.value = buffer_ptr(&b); - gssbuf.length = buffer_len(&b); + if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL) + fatal("%s: sshbuf_mutable_ptr failed", __func__); + gssbuf.length = sshbuf_len(b); if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); else logit("GSSAPI MIC check failed"); - buffer_free(&b); + sshbuf_free(b); free(mic.value); if ((!use_privsep || mm_is_monitor()) && diff --git a/auth2-hostbased.c b/auth2-hostbased.c index 8996f7e0521..359393291de 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.33 2018/01/23 05:27:21 djm Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.36 2018/07/31 03:10:27 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -34,7 +34,7 @@ #include "xmalloc.h" #include "ssh2.h" #include "packet.h" -#include "buffer.h" +#include "sshbuf.h" #include "log.h" #include "misc.h" #include "servconf.h" @@ -67,10 +67,6 @@ userauth_hostbased(struct ssh *ssh) size_t alen, blen, slen; int r, pktype, authenticated = 0; - if (!authctxt->valid) { - debug2("%s: disabled because of invalid user", __func__); - return 0; - } /* XXX use sshkey_froms() */ if ((r = sshpkt_get_cstring(ssh, &pkalg, &alen)) != 0 || (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 || @@ -111,13 +107,17 @@ userauth_hostbased(struct ssh *ssh) "signature format"); goto done; } - if (match_pattern_list(sshkey_ssh_name(key), - options.hostbased_key_types, 0) != 1) { + if (match_pattern_list(pkalg, options.hostbased_key_types, 0) != 1) { logit("%s: key type %s not in HostbasedAcceptedKeyTypes", __func__, sshkey_type(key)); goto done; } + if (!authctxt->valid || authctxt->user == NULL) { + debug2("%s: disabled because of invalid user", __func__); + goto done; + } + if ((b = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); /* reconstruct packet */ diff --git a/auth2-kbdint.c b/auth2-kbdint.c index 86aad8ddce8..a813b8f5671 100644 --- a/auth2-kbdint.c +++ b/auth2-kbdint.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-kbdint.c,v 1.8 2017/05/30 14:29:59 markus Exp $ */ +/* $OpenBSD: auth2-kbdint.c,v 1.9 2018/07/09 21:35:50 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -31,13 +31,12 @@ #include "xmalloc.h" #include "packet.h" -#include "key.h" #include "hostfile.h" #include "auth.h" #include "log.h" -#include "buffer.h" #include "misc.h" #include "servconf.h" +#include "ssherr.h" /* import */ extern ServerOptions options; @@ -45,12 +44,13 @@ extern ServerOptions options; static int userauth_kbdint(struct ssh *ssh) { - int authenticated = 0; + int r, authenticated = 0; char *lang, *devs; - lang = packet_get_string(NULL); - devs = packet_get_string(NULL); - packet_check_eom(); + if ((r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0 || + (r = sshpkt_get_cstring(ssh, &devs, NULL)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); debug("keyboard-interactive devs %s", devs); diff --git a/auth2-none.c b/auth2-none.c index 8d4e9bb8c81..dacb5fb839e 100644 --- a/auth2-none.c +++ b/auth2-none.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-none.c,v 1.21 2018/03/03 03:15:51 djm Exp $ */ +/* $OpenBSD: auth2-none.c,v 1.22 2018/07/09 21:35:50 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -42,7 +42,6 @@ #include "auth.h" #include "packet.h" #include "log.h" -#include "buffer.h" #include "misc.h" #include "servconf.h" #include "compat.h" diff --git a/auth2-passwd.c b/auth2-passwd.c index 445016aec47..0395a69f409 100644 --- a/auth2-passwd.c +++ b/auth2-passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-passwd.c,v 1.15 2018/03/03 03:15:51 djm Exp $ */ +/* $OpenBSD: auth2-passwd.c,v 1.16 2018/07/09 21:35:50 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -36,7 +36,6 @@ #include "sshkey.h" #include "hostfile.h" #include "auth.h" -#include "buffer.h" #ifdef GSSAPI #include "ssh-gss.h" #endif diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 8024b1d6a97..3d9f9af1f28 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.77 2018/03/03 03:15:51 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.84 2018/08/23 03:01:08 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -46,7 +46,7 @@ #include "ssh.h" #include "ssh2.h" #include "packet.h" -#include "buffer.h" +#include "sshbuf.h" #include "log.h" #include "misc.h" #include "servconf.h" @@ -89,19 +89,15 @@ userauth_pubkey(struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; struct passwd *pw = authctxt->pw; - struct sshbuf *b; + struct sshbuf *b = NULL; struct sshkey *key = NULL; - char *pkalg, *userstyle = NULL, *key_s = NULL, *ca_s = NULL; - u_char *pkblob, *sig, have_sig; + char *pkalg = NULL, *userstyle = NULL, *key_s = NULL, *ca_s = NULL; + u_char *pkblob = NULL, *sig = NULL, have_sig; size_t blen, slen; int r, pktype; int authenticated = 0; struct sshauthopt *authopts = NULL; - if (!authctxt->valid) { - debug2("%s: disabled because of invalid user", __func__); - return 0; - } if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 || (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 || (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0) @@ -109,7 +105,7 @@ userauth_pubkey(struct ssh *ssh) pktype = sshkey_type_from_name(pkalg); if (pktype == KEY_UNSPEC) { /* this is perfectly legal */ - logit("%s: unsupported public key algorithm: %s", + verbose("%s: unsupported public key algorithm: %s", __func__, pkalg); goto done; } @@ -136,8 +132,7 @@ userauth_pubkey(struct ssh *ssh) logit("refusing previously-used %s key", sshkey_type(key)); goto done; } - if (match_pattern_list(sshkey_ssh_name(key), - options.pubkey_key_types, 0) != 1) { + if (match_pattern_list(pkalg, options.pubkey_key_types, 0) != 1) { logit("%s: key type %s not in PubkeyAcceptedKeyTypes", __func__, sshkey_ssh_name(key)); goto done; @@ -168,6 +163,11 @@ userauth_pubkey(struct ssh *ssh) fatal("%s: sshbuf_put_string session id: %s", __func__, ssh_err(r)); } + if (!authctxt->valid || authctxt->user == NULL) { + debug2("%s: disabled because of invalid user", + __func__); + goto done; + } /* reconstruct packet */ xasprintf(&userstyle, "%s%s%s", authctxt->user, authctxt->style ? ":" : "", @@ -184,16 +184,15 @@ userauth_pubkey(struct ssh *ssh) #ifdef DEBUG_PK sshbuf_dump(b, stderr); #endif - /* test for correct signature */ authenticated = 0; if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) && - PRIVSEP(sshkey_verify(key, sig, slen, sshbuf_ptr(b), - sshbuf_len(b), NULL, ssh->compat)) == 0) { + PRIVSEP(sshkey_verify(key, sig, slen, + sshbuf_ptr(b), sshbuf_len(b), + (ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL, + ssh->compat)) == 0) { authenticated = 1; } - sshbuf_free(b); - free(sig); auth2_record_key(authctxt, authenticated, key); } else { debug("%s: test pkalg %s pkblob %s%s%s", @@ -204,6 +203,11 @@ userauth_pubkey(struct ssh *ssh) if ((r = sshpkt_get_end(ssh)) != 0) fatal("%s: %s", __func__, ssh_err(r)); + if (!authctxt->valid || authctxt->user == NULL) { + debug2("%s: disabled because of invalid user", + __func__); + goto done; + } /* XXX fake reply and always send PK_OK ? */ /* * XXX this allows testing whether a user is allowed @@ -217,9 +221,9 @@ userauth_pubkey(struct ssh *ssh) != 0 || (r = sshpkt_put_cstring(ssh, pkalg)) != 0 || (r = sshpkt_put_string(ssh, pkblob, blen)) != 0 || - (r = sshpkt_send(ssh)) != 0) + (r = sshpkt_send(ssh)) != 0 || + (r = ssh_packet_write_wait(ssh)) != 0) fatal("%s: %s", __func__, ssh_err(r)); - ssh_packet_write_wait(ssh); authctxt->postponed = 1; } } @@ -230,6 +234,7 @@ userauth_pubkey(struct ssh *ssh) } debug2("%s: authenticated %d pkalg %s", __func__, authenticated, pkalg); + sshbuf_free(b); sshauthopt_free(authopts); sshkey_free(key); free(userstyle); @@ -237,6 +242,7 @@ userauth_pubkey(struct ssh *ssh) free(pkblob); free(key_s); free(ca_s); + free(sig); return authenticated; } @@ -319,14 +325,16 @@ static int process_principals(struct ssh *ssh, FILE *f, const char *file, const struct sshkey_cert *cert, struct sshauthopt **authoptsp) { - char loc[256], line[SSH_MAX_PUBKEY_BYTES], *cp, *ep; + char loc[256], *line = NULL, *cp, *ep; + size_t linesize = 0; u_long linenum = 0; u_int found_principal = 0; if (authoptsp != NULL) *authoptsp = NULL; - while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { + while (getline(&line, &linesize, f) != -1) { + linenum++; /* Always consume entire input */ if (found_principal) continue; @@ -344,6 +352,7 @@ process_principals(struct ssh *ssh, FILE *f, const char *file, if (check_principals_line(ssh, cp, cert, loc, authoptsp) == 0) found_principal = 1; } + free(line); return found_principal; } @@ -387,7 +396,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw, pid_t pid; char *tmp, *username = NULL, *command = NULL, **av = NULL; char *ca_fp = NULL, *key_fp = NULL, *catext = NULL, *keytext = NULL; - char serial_s[16]; + char serial_s[16], uidstr[32]; void (*osigchld)(int); if (authoptsp != NULL) @@ -447,8 +456,11 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw, } snprintf(serial_s, sizeof(serial_s), "%llu", (unsigned long long)cert->serial); + snprintf(uidstr, sizeof(uidstr), "%llu", + (unsigned long long)user_pw->pw_uid); for (i = 1; i < ac; i++) { tmp = percent_expand(av[i], + "U", uidstr, "u", user_pw->pw_name, "h", user_pw->pw_dir, "t", sshkey_ssh_name(key), @@ -684,14 +696,16 @@ static int check_authkeys_file(struct ssh *ssh, struct passwd *pw, FILE *f, char *file, struct sshkey *key, struct sshauthopt **authoptsp) { - char *cp, line[SSH_MAX_PUBKEY_BYTES], loc[256]; + char *cp, *line = NULL, loc[256]; + size_t linesize = 0; int found_key = 0; u_long linenum = 0; if (authoptsp != NULL) *authoptsp = NULL; - while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { + while (getline(&line, &linesize, f) != -1) { + linenum++; /* Always consume entire file */ if (found_key) continue; @@ -705,6 +719,7 @@ check_authkeys_file(struct ssh *ssh, struct passwd *pw, FILE *f, if (check_authkey_line(ssh, pw, key, cp, loc, authoptsp) == 0) found_key = 1; } + free(line); return found_key; } @@ -852,7 +867,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw, int i, uid_swapped = 0, ac = 0; pid_t pid; char *username = NULL, *key_fp = NULL, *keytext = NULL; - char *tmp, *command = NULL, **av = NULL; + char uidstr[32], *tmp, *command = NULL, **av = NULL; void (*osigchld)(int); if (authoptsp != NULL) @@ -902,8 +917,11 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw, command); goto out; } + snprintf(uidstr, sizeof(uidstr), "%llu", + (unsigned long long)user_pw->pw_uid); for (i = 1; i < ac; i++) { tmp = percent_expand(av[i], + "U", uidstr, "u", user_pw->pw_name, "h", user_pw->pw_dir, "t", sshkey_ssh_name(key), diff --git a/auth2.c b/auth2.c index e0034229a0c..ab8795895a2 100644 --- a/auth2.c +++ b/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.145 2018/03/03 03:15:51 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.149 2018/07/11 18:53:29 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -41,28 +41,30 @@ #include "ssh2.h" #include "packet.h" #include "log.h" -#include "buffer.h" +#include "sshbuf.h" #include "misc.h" #include "servconf.h" #include "compat.h" -#include "key.h" +#include "sshkey.h" #include "hostfile.h" #include "auth.h" #include "dispatch.h" #include "pathnames.h" -#include "buffer.h" +#include "sshbuf.h" +#include "ssherr.h" #ifdef GSSAPI #include "ssh-gss.h" #endif #include "monitor_wrap.h" #include "ssherr.h" +#include "digest.h" /* import */ extern ServerOptions options; extern u_char *session_id2; extern u_int session_id2_len; -extern Buffer loginmsg; +extern struct sshbuf *loginmsg; /* methods */ @@ -210,6 +212,43 @@ input_service_request(int type, u_int32_t seq, struct ssh *ssh) return 0; } +#define MIN_FAIL_DELAY_SECONDS 0.005 +static double +user_specific_delay(const char *user) +{ + char b[512]; + size_t len = ssh_digest_bytes(SSH_DIGEST_SHA512); + u_char *hash = xmalloc(len); + double delay; + + (void)snprintf(b, sizeof b, "%llu%s", + (unsigned long long)options.timing_secret, user); + if (ssh_digest_memory(SSH_DIGEST_SHA512, b, strlen(b), hash, len) != 0) + fatal("%s: ssh_digest_memory", __func__); + /* 0-4.2 ms of delay */ + delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000; + freezero(hash, len); + debug3("%s: user specific delay %0.3lfms", __func__, delay/1000); + return MIN_FAIL_DELAY_SECONDS + delay; +} + +static void +ensure_minimum_time_since(double start, double seconds) +{ + struct timespec ts; + double elapsed = monotime_double() - start, req = seconds, remain; + + /* if we've already passed the requested time, scale up */ + while ((remain = seconds - elapsed) < 0.0) + seconds *= 2; + + ts.tv_sec = remain; + ts.tv_nsec = (remain - ts.tv_sec) * 1000000000; + debug3("%s: elapsed %0.3lfms, delaying %0.3lfms (requested %0.3lfms)", + __func__, elapsed*1000, remain*1000, req*1000); + nanosleep(&ts, NULL); +} + /*ARGSUSED*/ static int input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) @@ -218,6 +257,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) Authmethod *m = NULL; char *user, *service, *method, *style = NULL; int authenticated = 0; + double tstart = monotime_double(); if (authctxt == NULL) fatal("input_userauth_request: no authctxt"); @@ -286,6 +326,9 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) debug2("input_userauth_request: try method %s", method); authenticated = m->userauth(ssh); } + if (!authctxt->authenticated) + ensure_minimum_time_since(tstart, + user_specific_delay(authctxt->user)); userauth_finish(ssh, authenticated, method, NULL); free(service); @@ -336,11 +379,15 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, #ifdef USE_PAM if (options.use_pam && authenticated) { + int r; + if (!PRIVSEP(do_pam_account())) { /* if PAM returned a message, send it to the user */ - if (buffer_len(&loginmsg) > 0) { - buffer_append(&loginmsg, "\0", 1); - userauth_send_banner(buffer_ptr(&loginmsg)); + if (sshbuf_len(loginmsg) > 0) { + if ((r = sshbuf_put(loginmsg, "\0", 1)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); + userauth_send_banner(sshbuf_ptr(loginmsg)); packet_write_wait(); } fatal("Access denied for user %s by PAM account " @@ -409,11 +456,12 @@ auth2_method_allowed(Authctxt *authctxt, const char *method, static char * authmethods_get(Authctxt *authctxt) { - Buffer b; + struct sshbuf *b; char *list; - u_int i; + int i, r; - buffer_init(&b); + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); for (i = 0; authmethods[i] != NULL; i++) { if (strcmp(authmethods[i]->name, "none") == 0) continue; @@ -423,14 +471,13 @@ authmethods_get(Authctxt *authctxt) if (!auth2_method_allowed(authctxt, authmethods[i]->name, NULL)) continue; - if (buffer_len(&b) > 0) - buffer_append(&b, ",", 1); - buffer_append(&b, authmethods[i]->name, - strlen(authmethods[i]->name)); + if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) ? "," : "", + authmethods[i]->name)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } - if ((list = sshbuf_dup_string(&b)) == NULL) + if ((list = sshbuf_dup_string(b)) == NULL) fatal("%s: sshbuf_dup_string failed", __func__); - buffer_free(&b); + sshbuf_free(b); return list; } diff --git a/authfd.c b/authfd.c index 1eff7ba94e0..ecdd869abf0 100644 --- a/authfd.c +++ b/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.108 2018/02/23 15:58:37 markus Exp $ */ +/* $OpenBSD: authfd.c,v 1.111 2018/07/09 21:59:10 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -133,7 +133,7 @@ ssh_request_reply(int sock, struct sshbuf *request, struct sshbuf *reply) /* Send the length and then the packet to the agent. */ if (atomicio(vwrite, sock, buf, 4) != 4 || - atomicio(vwrite, sock, (u_char *)sshbuf_ptr(request), + atomicio(vwrite, sock, sshbuf_mutable_ptr(request), sshbuf_len(request)) != sshbuf_len(request)) return SSH_ERR_AGENT_COMMUNICATION; /* @@ -323,7 +323,7 @@ ssh_free_identitylist(struct ssh_identitylist *idl) */ -/* encode signature algoritm in flag bits, so we can keep the msg format */ +/* encode signature algorithm in flag bits, so we can keep the msg format */ static u_int agent_encode_alg(const struct sshkey *key, const char *alg) { @@ -343,8 +343,8 @@ ssh_agent_sign(int sock, const struct sshkey *key, const u_char *data, size_t datalen, const char *alg, u_int compat) { struct sshbuf *msg; - u_char *blob = NULL, type; - size_t blen = 0, len = 0; + u_char *sig = NULL, type = 0; + size_t len = 0; u_int flags = 0; int r = SSH_ERR_INTERNAL_ERROR; @@ -355,11 +355,9 @@ ssh_agent_sign(int sock, const struct sshkey *key, return SSH_ERR_INVALID_ARGUMENT; if ((msg = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; - if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) - goto out; flags |= agent_encode_alg(key, alg); if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 || - (r = sshbuf_put_string(msg, blob, blen)) != 0 || + (r = sshkey_puts(key, msg)) != 0 || (r = sshbuf_put_string(msg, data, datalen)) != 0 || (r = sshbuf_put_u32(msg, flags)) != 0) goto out; @@ -374,15 +372,19 @@ ssh_agent_sign(int sock, const struct sshkey *key, r = SSH_ERR_INVALID_FORMAT; goto out; } - if ((r = sshbuf_get_string(msg, sigp, &len)) != 0) + if ((r = sshbuf_get_string(msg, &sig, &len)) != 0) + goto out; + /* Check what we actually got back from the agent. */ + if ((r = sshkey_check_sigtype(sig, len, alg)) != 0) goto out; + /* success */ + *sigp = sig; *lenp = len; + sig = NULL; + len = 0; r = 0; out: - if (blob != NULL) { - explicit_bzero(blob, blen); - free(blob); - } + freezero(sig, len); sshbuf_free(msg); return r; } diff --git a/authfd.h b/authfd.h index ab954ffc0a3..a032fd5428f 100644 --- a/authfd.h +++ b/authfd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.h,v 1.43 2018/02/23 15:58:37 markus Exp $ */ +/* $OpenBSD: authfd.h,v 1.44 2018/07/12 04:35:25 djm Exp $ */ /* * Author: Tatu Ylonen @@ -36,8 +36,6 @@ int ssh_update_card(int sock, int add, const char *reader_id, const char *pin, u_int life, u_int confirm); int ssh_remove_all_identities(int sock, int version); -int ssh_decrypt_challenge(int sock, struct sshkey* key, BIGNUM *challenge, - u_char session_id[16], u_char response[16]); int ssh_agent_sign(int sock, const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, const char *alg, u_int compat); diff --git a/authfile.c b/authfile.c index 57dcd808c6b..be4a57736ac 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.128 2018/02/23 15:58:37 markus Exp $ */ +/* $OpenBSD: authfile.c,v 1.130 2018/07/09 21:59:10 markus Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -59,7 +59,7 @@ sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename) if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0) return SSH_ERR_SYSTEM_ERROR; - if (atomicio(vwrite, fd, (u_char *)sshbuf_ptr(keybuf), + if (atomicio(vwrite, fd, sshbuf_mutable_ptr(keybuf), sshbuf_len(keybuf)) != sshbuf_len(keybuf)) { oerrno = errno; close(fd); @@ -265,17 +265,15 @@ static int sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp) { FILE *f; - char line[SSH_MAX_PUBKEY_BYTES]; - char *cp; - u_long linenum = 0; + char *line = NULL, *cp; + size_t linesize = 0; int r; if (commentp != NULL) *commentp = NULL; if ((f = fopen(filename, "r")) == NULL) return SSH_ERR_SYSTEM_ERROR; - while (read_keyfile_line(f, filename, line, sizeof(line), - &linenum) != -1) { + while (getline(&line, &linesize, f) != -1) { cp = line; switch (*cp) { case '#': @@ -299,11 +297,13 @@ sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp) if (*commentp == NULL) r = SSH_ERR_ALLOC_FAIL; } + free(line); fclose(f); return r; } } } + free(line); fclose(f); return SSH_ERR_INVALID_FORMAT; } @@ -447,19 +447,18 @@ sshkey_in_file(struct sshkey *key, const char *filename, int strict_type, int check_ca) { FILE *f; - char line[SSH_MAX_PUBKEY_BYTES]; - char *cp; - u_long linenum = 0; + char *line = NULL, *cp; + size_t linesize = 0; int r = 0; struct sshkey *pub = NULL; + int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) = strict_type ? sshkey_equal : sshkey_equal_public; if ((f = fopen(filename, "r")) == NULL) return SSH_ERR_SYSTEM_ERROR; - while (read_keyfile_line(f, filename, line, sizeof(line), - &linenum) != -1) { + while (getline(&line, &linesize, f) != -1) { cp = line; /* Skip leading whitespace. */ @@ -491,6 +490,7 @@ sshkey_in_file(struct sshkey *key, const char *filename, int strict_type, } r = SSH_ERR_KEY_NOT_FOUND; out: + free(line); sshkey_free(pub); fclose(f); return r; diff --git a/bufaux.c b/bufaux.c deleted file mode 100644 index 3976896a99e..00000000000 --- a/bufaux.c +++ /dev/null @@ -1,259 +0,0 @@ -/* $OpenBSD: bufaux.c,v 1.60 2014/04/30 05:29:56 djm Exp $ */ -/* - * Copyright (c) 2012 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ - -#include "includes.h" - -#include - -#include "buffer.h" -#include "log.h" -#include "ssherr.h" - -int -buffer_get_short_ret(u_short *v, Buffer *buffer) -{ - int ret; - - if ((ret = sshbuf_get_u16(buffer, v)) != 0) { - error("%s: %s", __func__, ssh_err(ret)); - return -1; - } - return 0; -} - -u_short -buffer_get_short(Buffer *buffer) -{ - u_short ret; - - if (buffer_get_short_ret(&ret, buffer) == -1) - fatal("%s: buffer error", __func__); - - return (ret); -} - -int -buffer_get_int_ret(u_int *v, Buffer *buffer) -{ - int ret; - - if ((ret = sshbuf_get_u32(buffer, v)) != 0) { - error("%s: %s", __func__, ssh_err(ret)); - return -1; - } - return 0; -} - -u_int -buffer_get_int(Buffer *buffer) -{ - u_int ret; - - if (buffer_get_int_ret(&ret, buffer) == -1) - fatal("%s: buffer error", __func__); - - return (ret); -} - -int -buffer_get_int64_ret(u_int64_t *v, Buffer *buffer) -{ - int ret; - - if ((ret = sshbuf_get_u64(buffer, v)) != 0) { - error("%s: %s", __func__, ssh_err(ret)); - return -1; - } - return 0; -} - -u_int64_t -buffer_get_int64(Buffer *buffer) -{ - u_int64_t ret; - - if (buffer_get_int64_ret(&ret, buffer) == -1) - fatal("%s: buffer error", __func__); - - return (ret); -} - -void -buffer_put_short(Buffer *buffer, u_short value) -{ - int ret; - - if ((ret = sshbuf_put_u16(buffer, value)) != 0) - fatal("%s: %s", __func__, ssh_err(ret)); -} - -void -buffer_put_int(Buffer *buffer, u_int value) -{ - int ret; - - if ((ret = sshbuf_put_u32(buffer, value)) != 0) - fatal("%s: %s", __func__, ssh_err(ret)); -} - -void -buffer_put_int64(Buffer *buffer, u_int64_t value) -{ - int ret; - - if ((ret = sshbuf_put_u64(buffer, value)) != 0) - fatal("%s: %s", __func__, ssh_err(ret)); -} - -void * -buffer_get_string_ret(Buffer *buffer, u_int *length_ptr) -{ - size_t len; - int ret; - u_char *value; - - if ((ret = sshbuf_get_string(buffer, &value, &len)) != 0) { - error("%s: %s", __func__, ssh_err(ret)); - return NULL; - } - if (length_ptr != NULL) - *length_ptr = len; /* Safe: sshbuf never stores len > 2^31 */ - return value; -} - -void * -buffer_get_string(Buffer *buffer, u_int *length_ptr) -{ - void *ret; - - if ((ret = buffer_get_string_ret(buffer, length_ptr)) == NULL) - fatal("%s: buffer error", __func__); - return (ret); -} - -char * -buffer_get_cstring_ret(Buffer *buffer, u_int *length_ptr) -{ - size_t len; - int ret; - char *value; - - if ((ret = sshbuf_get_cstring(buffer, &value, &len)) != 0) { - error("%s: %s", __func__, ssh_err(ret)); - return NULL; - } - if (length_ptr != NULL) - *length_ptr = len; /* Safe: sshbuf never stores len > 2^31 */ - return value; -} - -char * -buffer_get_cstring(Buffer *buffer, u_int *length_ptr) -{ - char *ret; - - if ((ret = buffer_get_cstring_ret(buffer, length_ptr)) == NULL) - fatal("%s: buffer error", __func__); - return ret; -} - -const void * -buffer_get_string_ptr_ret(Buffer *buffer, u_int *length_ptr) -{ - size_t len; - int ret; - const u_char *value; - - if ((ret = sshbuf_get_string_direct(buffer, &value, &len)) != 0) { - error("%s: %s", __func__, ssh_err(ret)); - return NULL; - } - if (length_ptr != NULL) - *length_ptr = len; /* Safe: sshbuf never stores len > 2^31 */ - return value; -} - -const void * -buffer_get_string_ptr(Buffer *buffer, u_int *length_ptr) -{ - const void *ret; - - if ((ret = buffer_get_string_ptr_ret(buffer, length_ptr)) == NULL) - fatal("%s: buffer error", __func__); - return (ret); -} - -void -buffer_put_string(Buffer *buffer, const void *buf, u_int len) -{ - int ret; - - if ((ret = sshbuf_put_string(buffer, buf, len)) != 0) - fatal("%s: %s", __func__, ssh_err(ret)); -} - -void -buffer_put_cstring(Buffer *buffer, const char *s) -{ - int ret; - - if ((ret = sshbuf_put_cstring(buffer, s)) != 0) - fatal("%s: %s", __func__, ssh_err(ret)); -} - -int -buffer_get_char_ret(char *v, Buffer *buffer) -{ - int ret; - - if ((ret = sshbuf_get_u8(buffer, (u_char *)v)) != 0) { - error("%s: %s", __func__, ssh_err(ret)); - return -1; - } - return 0; -} - -int -buffer_get_char(Buffer *buffer) -{ - char ch; - - if (buffer_get_char_ret(&ch, buffer) == -1) - fatal("%s: buffer error", __func__); - return (u_char) ch; -} - -void -buffer_put_char(Buffer *buffer, int value) -{ - int ret; - - if ((ret = sshbuf_put_u8(buffer, value)) != 0) - fatal("%s: %s", __func__, ssh_err(ret)); -} - -void -buffer_put_bignum2_from_string(Buffer *buffer, const u_char *s, u_int l) -{ - int ret; - - if ((ret = sshbuf_put_bignum2_bytes(buffer, s, l)) != 0) - fatal("%s: %s", __func__, ssh_err(ret)); -} - diff --git a/bufbn.c b/bufbn.c deleted file mode 100644 index 98f9466bc8a..00000000000 --- a/bufbn.c +++ /dev/null @@ -1,69 +0,0 @@ -/* $OpenBSD: bufbn.c,v 1.13 2017/04/30 23:23:54 djm Exp $ */ - -/* - * Copyright (c) 2012 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ - -#include "includes.h" - -#ifdef WITH_OPENSSL - -#include - -#include "buffer.h" -#include "log.h" -#include "ssherr.h" - -int -buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) -{ - int ret; - - if ((ret = sshbuf_put_bignum2(buffer, value)) != 0) { - error("%s: %s", __func__, ssh_err(ret)); - return -1; - } - return 0; -} - -void -buffer_put_bignum2(Buffer *buffer, const BIGNUM *value) -{ - if (buffer_put_bignum2_ret(buffer, value) == -1) - fatal("%s: buffer error", __func__); -} - -int -buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value) -{ - int ret; - - if ((ret = sshbuf_get_bignum2(buffer, value)) != 0) { - error("%s: %s", __func__, ssh_err(ret)); - return -1; - } - return 0; -} - -void -buffer_get_bignum2(Buffer *buffer, BIGNUM *value) -{ - if (buffer_get_bignum2_ret(buffer, value) == -1) - fatal("%s: buffer error", __func__); -} - -#endif /* WITH_OPENSSL */ diff --git a/bufec.c b/bufec.c deleted file mode 100644 index 749ce9d4c2a..00000000000 --- a/bufec.c +++ /dev/null @@ -1,74 +0,0 @@ -/* $OpenBSD: bufec.c,v 1.4 2014/04/30 05:29:56 djm Exp $ */ - -/* - * Copyright (c) 2012 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ - -#include "includes.h" - -#include - -#include "buffer.h" -#include "log.h" -#include "ssherr.h" - -#ifdef OPENSSL_HAS_ECC - -int -buffer_put_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve, - const EC_POINT *point) -{ - int ret; - - if ((ret = sshbuf_put_ec(buffer, point, curve)) != 0) { - error("%s: %s", __func__, ssh_err(ret)); - return -1; - } - return 0; -} - -void -buffer_put_ecpoint(Buffer *buffer, const EC_GROUP *curve, - const EC_POINT *point) -{ - if (buffer_put_ecpoint_ret(buffer, curve, point) == -1) - fatal("%s: buffer error", __func__); -} - -int -buffer_get_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve, - EC_POINT *point) -{ - int ret; - - if ((ret = sshbuf_get_ec(buffer, point, curve)) != 0) { - error("%s: %s", __func__, ssh_err(ret)); - return -1; - } - return 0; -} - -void -buffer_get_ecpoint(Buffer *buffer, const EC_GROUP *curve, - EC_POINT *point) -{ - if (buffer_get_ecpoint_ret(buffer, curve, point) == -1) - fatal("%s: buffer error", __func__); -} - -#endif /* OPENSSL_HAS_ECC */ - diff --git a/buffer.c b/buffer.c deleted file mode 100644 index c5f708ab2e1..00000000000 --- a/buffer.c +++ /dev/null @@ -1,118 +0,0 @@ -/* $OpenBSD: buffer.c,v 1.36 2014/04/30 05:29:56 djm Exp $ */ - -/* - * Copyright (c) 2012 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ - -#include "includes.h" - -#include - -#include "buffer.h" -#include "log.h" -#include "ssherr.h" - -void -buffer_append(Buffer *buffer, const void *data, u_int len) -{ - int ret; - - if ((ret = sshbuf_put(buffer, data, len)) != 0) - fatal("%s: %s", __func__, ssh_err(ret)); -} - -void * -buffer_append_space(Buffer *buffer, u_int len) -{ - int ret; - u_char *p; - - if ((ret = sshbuf_reserve(buffer, len, &p)) != 0) - fatal("%s: %s", __func__, ssh_err(ret)); - return p; -} - -int -buffer_check_alloc(Buffer *buffer, u_int len) -{ - int ret = sshbuf_check_reserve(buffer, len); - - if (ret == 0) - return 1; - if (ret == SSH_ERR_NO_BUFFER_SPACE) - return 0; - fatal("%s: %s", __func__, ssh_err(ret)); -} - -int -buffer_get_ret(Buffer *buffer, void *buf, u_int len) -{ - int ret; - - if ((ret = sshbuf_get(buffer, buf, len)) != 0) { - error("%s: %s", __func__, ssh_err(ret)); - return -1; - } - return 0; -} - -void -buffer_get(Buffer *buffer, void *buf, u_int len) -{ - if (buffer_get_ret(buffer, buf, len) == -1) - fatal("%s: buffer error", __func__); -} - -int -buffer_consume_ret(Buffer *buffer, u_int bytes) -{ - int ret = sshbuf_consume(buffer, bytes); - - if (ret == 0) - return 0; - if (ret == SSH_ERR_MESSAGE_INCOMPLETE) - return -1; - fatal("%s: %s", __func__, ssh_err(ret)); -} - -void -buffer_consume(Buffer *buffer, u_int bytes) -{ - if (buffer_consume_ret(buffer, bytes) == -1) - fatal("%s: buffer error", __func__); -} - -int -buffer_consume_end_ret(Buffer *buffer, u_int bytes) -{ - int ret = sshbuf_consume_end(buffer, bytes); - - if (ret == 0) - return 0; - if (ret == SSH_ERR_MESSAGE_INCOMPLETE) - return -1; - fatal("%s: %s", __func__, ssh_err(ret)); -} - -void -buffer_consume_end(Buffer *buffer, u_int bytes) -{ - if (buffer_consume_end_ret(buffer, bytes) == -1) - fatal("%s: buffer error", __func__); -} - - diff --git a/buffer.h b/buffer.h deleted file mode 100644 index 56174394c95..00000000000 --- a/buffer.h +++ /dev/null @@ -1,95 +0,0 @@ -/* $OpenBSD: buffer.h,v 1.26 2017/04/30 23:23:54 djm Exp $ */ - -/* - * Copyright (c) 2012 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ - -#ifndef BUFFER_H -#define BUFFER_H - -#include "sshbuf.h" - -typedef struct sshbuf Buffer; - -#define buffer_init(b) sshbuf_init(b) -#define buffer_clear(b) sshbuf_reset(b) -#define buffer_free(b) sshbuf_free(b) -#define buffer_dump(b) sshbuf_dump(b, stderr) - -/* XXX cast is safe: sshbuf never stores more than len 2^31 */ -#define buffer_len(b) ((u_int) sshbuf_len(b)) -#define buffer_ptr(b) sshbuf_mutable_ptr(b) - -void buffer_append(Buffer *, const void *, u_int); -void *buffer_append_space(Buffer *, u_int); -int buffer_check_alloc(Buffer *, u_int); -void buffer_get(Buffer *, void *, u_int); - -void buffer_consume(Buffer *, u_int); -void buffer_consume_end(Buffer *, u_int); - - -int buffer_get_ret(Buffer *, void *, u_int); -int buffer_consume_ret(Buffer *, u_int); -int buffer_consume_end_ret(Buffer *, u_int); - -#include -#include -void buffer_put_bignum2(Buffer *, const BIGNUM *); -void buffer_get_bignum2(Buffer *, BIGNUM *); -void buffer_put_bignum2_from_string(Buffer *, const u_char *, u_int); - -u_short buffer_get_short(Buffer *); -void buffer_put_short(Buffer *, u_short); - -u_int buffer_get_int(Buffer *); -void buffer_put_int(Buffer *, u_int); - -u_int64_t buffer_get_int64(Buffer *); -void buffer_put_int64(Buffer *, u_int64_t); - -int buffer_get_char(Buffer *); -void buffer_put_char(Buffer *, int); - -void *buffer_get_string(Buffer *, u_int *); -const void *buffer_get_string_ptr(Buffer *, u_int *); -void buffer_put_string(Buffer *, const void *, u_int); -char *buffer_get_cstring(Buffer *, u_int *); -void buffer_put_cstring(Buffer *, const char *); - -#define buffer_skip_string(b) (void)buffer_get_string_ptr(b, NULL); - -int buffer_put_bignum2_ret(Buffer *, const BIGNUM *); -int buffer_get_bignum2_ret(Buffer *, BIGNUM *); -int buffer_get_short_ret(u_short *, Buffer *); -int buffer_get_int_ret(u_int *, Buffer *); -int buffer_get_int64_ret(u_int64_t *, Buffer *); -void *buffer_get_string_ret(Buffer *, u_int *); -char *buffer_get_cstring_ret(Buffer *, u_int *); -const void *buffer_get_string_ptr_ret(Buffer *, u_int *); -int buffer_get_char_ret(char *, Buffer *); - -#ifdef OPENSSL_HAS_ECC -#include -int buffer_put_ecpoint_ret(Buffer *, const EC_GROUP *, const EC_POINT *); -void buffer_put_ecpoint(Buffer *, const EC_GROUP *, const EC_POINT *); -int buffer_get_ecpoint_ret(Buffer *, const EC_GROUP *, EC_POINT *); -void buffer_get_ecpoint(Buffer *, const EC_GROUP *, EC_POINT *); -#endif - -#endif /* BUFFER_H */ - diff --git a/channels.c b/channels.c index bdee1f3860a..e90f7fea9f6 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.379 2018/02/05 05:36:49 tb Exp $ */ +/* $OpenBSD: channels.c,v 1.384 2018/07/27 12:03:17 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -79,9 +79,10 @@ #include "channels.h" #include "compat.h" #include "canohost.h" -#include "key.h" +#include "sshkey.h" #include "authfd.h" #include "pathnames.h" +#include "match.h" /* -- agent forwarding */ #define NUM_SOCKS 10 @@ -97,6 +98,10 @@ /* Maximum number of fake X11 displays to try. */ #define MAX_DISPLAYS 1000 +/* Per-channel callback for pre/post select() actions */ +typedef void chan_fn(struct ssh *, Channel *c, + fd_set *readset, fd_set *writeset); + /* * Data structure for storing which hosts are permitted for forward requests. * The local sides of any remote forwards are stored in this array to prevent @@ -106,17 +111,40 @@ /* XXX: streamlocal wants a path instead of host:port */ /* Overload host_to_connect; we could just make this match Forward */ /* XXX - can we use listen_host instead of listen_path? */ -typedef struct { +struct permission { char *host_to_connect; /* Connect to 'host'. */ int port_to_connect; /* Connect to 'port'. */ char *listen_host; /* Remote side should listen address. */ char *listen_path; /* Remote side should listen path. */ int listen_port; /* Remote side should listen port. */ Channel *downstream; /* Downstream mux*/ -} ForwardPermission; +}; -typedef void chan_fn(struct ssh *, Channel *c, - fd_set *readset, fd_set *writeset); +/* + * Stores the forwarding permission state for a single direction (local or + * remote). + */ +struct permission_set { + /* + * List of all local permitted host/port pairs to allow for the + * user. + */ + u_int num_permitted_user; + struct permission *permitted_user; + + /* + * List of all permitted host/port pairs to allow for the admin. + */ + u_int num_permitted_admin; + struct permission *permitted_admin; + + /* + * If this is true, all opens/listens are permitted. This is the + * case on the server on which we have to trust the client anyway, + * and the user could do anything after logging in. + */ + int all_permitted; +}; /* Master structure for channels state */ struct ssh_channels { @@ -149,31 +177,8 @@ struct ssh_channels { chan_fn **channel_post; /* -- tcp forwarding */ - - /* List of all permitted host/port pairs to connect by the user. */ - ForwardPermission *permitted_opens; - - /* List of all permitted host/port pairs to connect by the admin. */ - ForwardPermission *permitted_adm_opens; - - /* - * Number of permitted host/port pairs in the array permitted by - * the user. - */ - u_int num_permitted_opens; - - /* - * Number of permitted host/port pair in the array permitted by - * the admin. - */ - u_int num_adm_permitted_opens; - - /* - * If this is true, all opens are permitted. This is the case on - * the server on which we have to trust the client anyway, and the - * user could do anything after logging in anyway. - */ - int all_opens_permitted; + struct permission_set local_perms; + struct permission_set remote_perms; /* -- X11 forwarding */ @@ -448,50 +453,95 @@ channel_close_fds(struct ssh *ssh, Channel *c) } static void -fwd_perm_clear(ForwardPermission *fp) +fwd_perm_clear(struct permission *perm) { - free(fp->host_to_connect); - free(fp->listen_host); - free(fp->listen_path); - bzero(fp, sizeof(*fp)); + free(perm->host_to_connect); + free(perm->listen_host); + free(perm->listen_path); + bzero(perm, sizeof(*perm)); } -enum { FWDPERM_USER, FWDPERM_ADMIN }; +/* Returns an printable name for the specified forwarding permission list */ +static const char * +fwd_ident(int who, int where) +{ + if (who == FORWARD_ADM) { + if (where == FORWARD_LOCAL) + return "admin local"; + else if (where == FORWARD_REMOTE) + return "admin remote"; + } else if (who == FORWARD_USER) { + if (where == FORWARD_LOCAL) + return "user local"; + else if (where == FORWARD_REMOTE) + return "user remote"; + } + fatal("Unknown forward permission list %d/%d", who, where); +} -static int -fwd_perm_list_add(struct ssh *ssh, int which, - const char *host_to_connect, int port_to_connect, - const char *listen_host, const char *listen_path, int listen_port, - Channel *downstream) +/* Returns the forwarding permission list for the specified direction */ +static struct permission_set * +permission_set_get(struct ssh *ssh, int where) { - ForwardPermission **fpl; - u_int n, *nfpl; + struct ssh_channels *sc = ssh->chanctxt; - switch (which) { - case FWDPERM_USER: - fpl = &ssh->chanctxt->permitted_opens; - nfpl = &ssh->chanctxt->num_permitted_opens; + switch (where) { + case FORWARD_LOCAL: + return &sc->local_perms; break; - case FWDPERM_ADMIN: - fpl = &ssh->chanctxt->permitted_adm_opens; - nfpl = &ssh->chanctxt->num_adm_permitted_opens; + case FORWARD_REMOTE: + return &sc->remote_perms; break; default: - fatal("%s: invalid list %d", __func__, which); + fatal("%s: invalid forwarding direction %d", __func__, where); } +} - if (*nfpl >= INT_MAX) - fatal("%s: overflow", __func__); +/* Reutrns pointers to the specified forwarding list and its element count */ +static void +permission_set_get_array(struct ssh *ssh, int who, int where, + struct permission ***permpp, u_int **npermpp) +{ + struct permission_set *pset = permission_set_get(ssh, where); - *fpl = xrecallocarray(*fpl, *nfpl, *nfpl + 1, sizeof(**fpl)); - n = (*nfpl)++; + switch (who) { + case FORWARD_USER: + *permpp = &pset->permitted_user; + *npermpp = &pset->num_permitted_user; + break; + case FORWARD_ADM: + *permpp = &pset->permitted_admin; + *npermpp = &pset->num_permitted_admin; + break; + default: + fatal("%s: invalid forwarding client %d", __func__, who); + } +} + +/* Adds an entry to the spcified forwarding list */ +static int +permission_set_add(struct ssh *ssh, int who, int where, + const char *host_to_connect, int port_to_connect, + const char *listen_host, const char *listen_path, int listen_port, + Channel *downstream) +{ + struct permission **permp; + u_int n, *npermp; + + permission_set_get_array(ssh, who, where, &permp, &npermp); + + if (*npermp >= INT_MAX) + fatal("%s: %s overflow", __func__, fwd_ident(who, where)); + + *permp = xrecallocarray(*permp, *npermp, *npermp + 1, sizeof(**permp)); + n = (*npermp)++; #define MAYBE_DUP(s) ((s == NULL) ? NULL : xstrdup(s)) - (*fpl)[n].host_to_connect = MAYBE_DUP(host_to_connect); - (*fpl)[n].port_to_connect = port_to_connect; - (*fpl)[n].listen_host = MAYBE_DUP(listen_host); - (*fpl)[n].listen_path = MAYBE_DUP(listen_path); - (*fpl)[n].listen_port = listen_port; - (*fpl)[n].downstream = downstream; + (*permp)[n].host_to_connect = MAYBE_DUP(host_to_connect); + (*permp)[n].port_to_connect = port_to_connect; + (*permp)[n].listen_host = MAYBE_DUP(listen_host); + (*permp)[n].listen_path = MAYBE_DUP(listen_path); + (*permp)[n].listen_port = listen_port; + (*permp)[n].downstream = downstream; #undef MAYBE_DUP return (int)n; } @@ -500,30 +550,31 @@ static void mux_remove_remote_forwardings(struct ssh *ssh, Channel *c) { struct ssh_channels *sc = ssh->chanctxt; - ForwardPermission *fp; + struct permission_set *pset = &sc->local_perms; + struct permission *perm; int r; u_int i; - for (i = 0; i < sc->num_permitted_opens; i++) { - fp = &sc->permitted_opens[i]; - if (fp->downstream != c) + for (i = 0; i < pset->num_permitted_user; i++) { + perm = &pset->permitted_user[i]; + if (perm->downstream != c) continue; /* cancel on the server, since mux client is gone */ debug("channel %d: cleanup remote forward for %s:%u", - c->self, fp->listen_host, fp->listen_port); + c->self, perm->listen_host, perm->listen_port); if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 || (r = sshpkt_put_cstring(ssh, "cancel-tcpip-forward")) != 0 || (r = sshpkt_put_u8(ssh, 0)) != 0 || (r = sshpkt_put_cstring(ssh, - channel_rfwd_bind_host(fp->listen_host))) != 0 || - (r = sshpkt_put_u32(ssh, fp->listen_port)) != 0 || + channel_rfwd_bind_host(perm->listen_host))) != 0 || + (r = sshpkt_put_u32(ssh, perm->listen_port)) != 0 || (r = sshpkt_send(ssh)) != 0) { fatal("%s: channel %i: %s", __func__, c->self, ssh_err(r)); } - fwd_perm_clear(fp); /* unregister */ + fwd_perm_clear(perm); /* unregister */ } } @@ -557,9 +608,11 @@ channel_free(struct ssh *ssh, Channel *c) if (c->type == SSH_CHANNEL_MUX_CLIENT) mux_remove_remote_forwardings(ssh, c); - s = channel_open_message(ssh); - debug3("channel %d: status: %s", c->self, s); - free(s); + if (log_level_get() >= SYSLOG_LEVEL_DEBUG3) { + s = channel_open_message(ssh); + debug3("channel %d: status: %s", c->self, s); + free(s); + } channel_close_fds(ssh, c); sshbuf_free(c->input); @@ -2599,7 +2652,7 @@ channel_output_poll(struct ssh *ssh) * SSH_CHANNEL_MUX_PROXY channel and replace the mux clients ID * with the newly allocated channel ID. * 2) Upstream messages are received by matching SSH_CHANNEL_MUX_PROXY - * channels and procesed by channel_proxy_upstream(). The local channel ID + * channels and processed by channel_proxy_upstream(). The local channel ID * is then translated back to the original mux client ID. * 3) In both cases we need to keep track of matching SSH2_MSG_CHANNEL_CLOSE * messages so we can clean up SSH_CHANNEL_MUX_PROXY channels. @@ -2610,7 +2663,7 @@ channel_output_poll(struct ssh *ssh) * channel. E.g. client_request_forwarded_tcpip() needs to figure * out whether the request is addressed to the local client or a * specific downstream client based on the listen-address/port. - * 6) Agent and X11-Forwarding have a similar problem and are currenly + * 6) Agent and X11-Forwarding have a similar problem and are currently * not supported as the matching session/channel cannot be identified * easily. */ @@ -2729,7 +2782,7 @@ channel_proxy_downstream(struct ssh *ssh, Channel *downstream) goto out; } /* Record that connection to this host/port is permitted. */ - fwd_perm_list_add(ssh, FWDPERM_USER, "", -1, + permission_set_add(ssh, FORWARD_USER, FORWARD_LOCAL, "", -1, listen_host, NULL, (int)listen_port, downstream); listen_host = NULL; break; @@ -2787,7 +2840,7 @@ channel_proxy_upstream(Channel *c, int type, u_int32_t seq, struct ssh *ssh) /* * When receiving packets from the peer we need to check whether we * need to forward the packets to the mux client. In this case we - * restore the orignal channel id and keep track of CLOSE messages, + * restore the original channel id and keep track of CLOSE messages, * so we can cleanup the channel. */ if (c == NULL || c->type != SSH_CHANNEL_MUX_PROXY) @@ -3637,11 +3690,78 @@ channel_setup_local_fwd_listener(struct ssh *ssh, } } +/* Matches a remote forwarding permission against a requested forwarding */ +static int +remote_open_match(struct permission *allowed_open, struct Forward *fwd) +{ + int ret; + char *lhost; + + /* XXX add ACLs for streamlocal */ + if (fwd->listen_path != NULL) + return 1; + + if (fwd->listen_host == NULL || allowed_open->listen_host == NULL) + return 0; + + if (allowed_open->listen_port != FWD_PERMIT_ANY_PORT && + allowed_open->listen_port != fwd->listen_port) + return 0; + + /* Match hostnames case-insensitively */ + lhost = xstrdup(fwd->listen_host); + lowercase(lhost); + ret = match_pattern(lhost, allowed_open->listen_host); + free(lhost); + + return ret; +} + +/* Checks whether a requested remote forwarding is permitted */ +static int +check_rfwd_permission(struct ssh *ssh, struct Forward *fwd) +{ + struct ssh_channels *sc = ssh->chanctxt; + struct permission_set *pset = &sc->remote_perms; + u_int i, permit, permit_adm = 1; + struct permission *perm; + + /* XXX apply GatewayPorts override before checking? */ + + permit = pset->all_permitted; + if (!permit) { + for (i = 0; i < pset->num_permitted_user; i++) { + perm = &pset->permitted_user[i]; + if (remote_open_match(perm, fwd)) { + permit = 1; + break; + } + } + } + + if (pset->num_permitted_admin > 0) { + permit_adm = 0; + for (i = 0; i < pset->num_permitted_admin; i++) { + perm = &pset->permitted_admin[i]; + if (remote_open_match(perm, fwd)) { + permit_adm = 1; + break; + } + } + } + + return permit && permit_adm; +} + /* protocol v2 remote port fwd, used by sshd */ int channel_setup_remote_fwd_listener(struct ssh *ssh, struct Forward *fwd, int *allocated_listen_port, struct ForwardOptions *fwd_opts) { + if (!check_rfwd_permission(ssh, fwd)) { + packet_send_debug("port forwarding refused"); + return 0; + } if (fwd->listen_path != NULL) { return channel_setup_fwd_listener_streamlocal(ssh, SSH_CHANNEL_RUNIX_LISTENER, fwd, fwd_opts); @@ -3671,7 +3791,7 @@ channel_rfwd_bind_host(const char *listen_host) * Initiate forwarding of connections to port "port" on remote host through * the secure channel to host:port from local side. * Returns handle (index) for updating the dynamic listen port with - * channel_update_permitted_opens(). + * channel_update_permission(). */ int channel_request_remote_forwarding(struct ssh *ssh, struct Forward *fwd) @@ -3724,7 +3844,7 @@ channel_request_remote_forwarding(struct ssh *ssh, struct Forward *fwd) listen_host = xstrdup(fwd->listen_host); listen_port = fwd->listen_port; } - idx = fwd_perm_list_add(ssh, FWDPERM_USER, + idx = permission_set_add(ssh, FORWARD_USER, FORWARD_LOCAL, host_to_connect, port_to_connect, listen_host, listen_path, listen_port, NULL); } @@ -3732,7 +3852,7 @@ channel_request_remote_forwarding(struct ssh *ssh, struct Forward *fwd) } static int -open_match(ForwardPermission *allowed_open, const char *requestedhost, +open_match(struct permission *allowed_open, const char *requestedhost, int requestedport) { if (allowed_open->host_to_connect == NULL) @@ -3753,7 +3873,7 @@ open_match(ForwardPermission *allowed_open, const char *requestedhost, * and what we've sent to the remote server (channel_rfwd_bind_host) */ static int -open_listen_match_tcpip(ForwardPermission *allowed_open, +open_listen_match_tcpip(struct permission *allowed_open, const char *requestedhost, u_short requestedport, int translate) { const char *allowed_host; @@ -3768,14 +3888,14 @@ open_listen_match_tcpip(ForwardPermission *allowed_open, allowed_host = translate ? channel_rfwd_bind_host(allowed_open->listen_host) : allowed_open->listen_host; - if (allowed_host == NULL || + if (allowed_host == NULL || requestedhost == NULL || strcmp(allowed_host, requestedhost) != 0) return 0; return 1; } static int -open_listen_match_streamlocal(ForwardPermission *allowed_open, +open_listen_match_streamlocal(struct permission *allowed_open, const char *requestedpath) { if (allowed_open->host_to_connect == NULL) @@ -3797,17 +3917,18 @@ channel_request_rforward_cancel_tcpip(struct ssh *ssh, const char *host, u_short port) { struct ssh_channels *sc = ssh->chanctxt; + struct permission_set *pset = &sc->local_perms; int r; u_int i; - ForwardPermission *fp; + struct permission *perm; - for (i = 0; i < sc->num_permitted_opens; i++) { - fp = &sc->permitted_opens[i]; - if (open_listen_match_tcpip(fp, host, port, 0)) + for (i = 0; i < pset->num_permitted_user; i++) { + perm = &pset->permitted_user[i]; + if (open_listen_match_tcpip(perm, host, port, 0)) break; - fp = NULL; + perm = NULL; } - if (fp == NULL) { + if (perm == NULL) { debug("%s: requested forward not found", __func__); return -1; } @@ -3819,7 +3940,7 @@ channel_request_rforward_cancel_tcpip(struct ssh *ssh, (r = sshpkt_send(ssh)) != 0) fatal("%s: send cancel: %s", __func__, ssh_err(r)); - fwd_perm_clear(fp); /* unregister */ + fwd_perm_clear(perm); /* unregister */ return 0; } @@ -3832,17 +3953,18 @@ static int channel_request_rforward_cancel_streamlocal(struct ssh *ssh, const char *path) { struct ssh_channels *sc = ssh->chanctxt; + struct permission_set *pset = &sc->local_perms; int r; u_int i; - ForwardPermission *fp; + struct permission *perm; - for (i = 0; i < sc->num_permitted_opens; i++) { - fp = &sc->permitted_opens[i]; - if (open_listen_match_streamlocal(fp, path)) + for (i = 0; i < pset->num_permitted_user; i++) { + perm = &pset->permitted_user[i]; + if (open_listen_match_streamlocal(perm, path)) break; - fp = NULL; + perm = NULL; } - if (fp == NULL) { + if (perm == NULL) { debug("%s: requested forward not found", __func__); return -1; } @@ -3854,7 +3976,7 @@ channel_request_rforward_cancel_streamlocal(struct ssh *ssh, const char *path) (r = sshpkt_send(ssh)) != 0) fatal("%s: send cancel: %s", __func__, ssh_err(r)); - fwd_perm_clear(fp); /* unregister */ + fwd_perm_clear(perm); /* unregister */ return 0; } @@ -3876,25 +3998,64 @@ channel_request_rforward_cancel(struct ssh *ssh, struct Forward *fwd) } /* - * Permits opening to any host/port if permitted_opens[] is empty. This is + * Permits opening to any host/port if permitted_user[] is empty. This is * usually called by the server, because the user could connect to any port * anyway, and the server has no way to know but to trust the client anyway. */ void -channel_permit_all_opens(struct ssh *ssh) +channel_permit_all(struct ssh *ssh, int where) { - if (ssh->chanctxt->num_permitted_opens == 0) - ssh->chanctxt->all_opens_permitted = 1; + struct permission_set *pset = permission_set_get(ssh, where); + + if (pset->num_permitted_user == 0) + pset->all_permitted = 1; } +/* + * Permit the specified host/port for forwarding. + */ void -channel_add_permitted_opens(struct ssh *ssh, char *host, int port) +channel_add_permission(struct ssh *ssh, int who, int where, + char *host, int port) { - struct ssh_channels *sc = ssh->chanctxt; + int local = where == FORWARD_LOCAL; + struct permission_set *pset = permission_set_get(ssh, where); + + debug("allow %s forwarding to host %s port %d", + fwd_ident(who, where), host, port); + /* + * Remote forwards set listen_host/port, local forwards set + * host/port_to_connect. + */ + permission_set_add(ssh, who, where, + local ? host : 0, local ? port : 0, + local ? NULL : host, NULL, local ? 0 : port, NULL); + pset->all_permitted = 0; +} - debug("allow port forwarding to host %s port %d", host, port); - fwd_perm_list_add(ssh, FWDPERM_USER, host, port, NULL, NULL, 0, NULL); - sc->all_opens_permitted = 0; +/* + * Administratively disable forwarding. + */ +void +channel_disable_admin(struct ssh *ssh, int where) +{ + channel_clear_permission(ssh, FORWARD_ADM, where); + permission_set_add(ssh, FORWARD_ADM, where, + NULL, 0, NULL, NULL, 0, NULL); +} + +/* + * Clear a list of permitted opens. + */ +void +channel_clear_permission(struct ssh *ssh, int who, int where) +{ + struct permission **permp; + u_int *npermp; + + permission_set_get_array(ssh, who, where, &permp, &npermp); + *permp = xrecallocarray(*permp, *npermp, 0, sizeof(**permp)); + *npermp = 0; } /* @@ -3903,63 +4064,28 @@ channel_add_permitted_opens(struct ssh *ssh, char *host, int port) * passed then they entry will be invalidated. */ void -channel_update_permitted_opens(struct ssh *ssh, int idx, int newport) +channel_update_permission(struct ssh *ssh, int idx, int newport) { - struct ssh_channels *sc = ssh->chanctxt; + struct permission_set *pset = &ssh->chanctxt->local_perms; - if (idx < 0 || (u_int)idx >= sc->num_permitted_opens) { - debug("%s: index out of range: %d num_permitted_opens %d", - __func__, idx, sc->num_permitted_opens); + if (idx < 0 || (u_int)idx >= pset->num_permitted_user) { + debug("%s: index out of range: %d num_permitted_user %d", + __func__, idx, pset->num_permitted_user); return; } debug("%s allowed port %d for forwarding to host %s port %d", newport > 0 ? "Updating" : "Removing", newport, - sc->permitted_opens[idx].host_to_connect, - sc->permitted_opens[idx].port_to_connect); + pset->permitted_user[idx].host_to_connect, + pset->permitted_user[idx].port_to_connect); if (newport <= 0) - fwd_perm_clear(&sc->permitted_opens[idx]); + fwd_perm_clear(&pset->permitted_user[idx]); else { - sc->permitted_opens[idx].listen_port = + pset->permitted_user[idx].listen_port = (datafellows & SSH_BUG_DYNAMIC_RPORT) ? 0 : newport; } } -int -channel_add_adm_permitted_opens(struct ssh *ssh, char *host, int port) -{ - debug("config allows port forwarding to host %s port %d", host, port); - return fwd_perm_list_add(ssh, FWDPERM_ADMIN, host, port, - NULL, NULL, 0, NULL); -} - -void -channel_disable_adm_local_opens(struct ssh *ssh) -{ - channel_clear_adm_permitted_opens(ssh); - fwd_perm_list_add(ssh, FWDPERM_ADMIN, NULL, 0, NULL, NULL, 0, NULL); -} - -void -channel_clear_permitted_opens(struct ssh *ssh) -{ - struct ssh_channels *sc = ssh->chanctxt; - - sc->permitted_opens = xrecallocarray(sc->permitted_opens, - sc->num_permitted_opens, 0, sizeof(*sc->permitted_opens)); - sc->num_permitted_opens = 0; -} - -void -channel_clear_adm_permitted_opens(struct ssh *ssh) -{ - struct ssh_channels *sc = ssh->chanctxt; - - sc->permitted_adm_opens = xrecallocarray(sc->permitted_adm_opens, - sc->num_adm_permitted_opens, 0, sizeof(*sc->permitted_adm_opens)); - sc->num_adm_permitted_opens = 0; -} - /* returns port number, FWD_PERMIT_ANY_PORT or -1 on error */ int permitopen_port(const char *p) @@ -4148,19 +4274,21 @@ channel_connect_by_listen_address(struct ssh *ssh, const char *listen_host, u_short listen_port, char *ctype, char *rname) { struct ssh_channels *sc = ssh->chanctxt; + struct permission_set *pset = &sc->local_perms; u_int i; - ForwardPermission *fp; - - for (i = 0; i < sc->num_permitted_opens; i++) { - fp = &sc->permitted_opens[i]; - if (open_listen_match_tcpip(fp, listen_host, listen_port, 1)) { - if (fp->downstream) - return fp->downstream; - if (fp->port_to_connect == 0) + struct permission *perm; + + for (i = 0; i < pset->num_permitted_user; i++) { + perm = &pset->permitted_user[i]; + if (open_listen_match_tcpip(perm, + listen_host, listen_port, 1)) { + if (perm->downstream) + return perm->downstream; + if (perm->port_to_connect == 0) return rdynamic_connect_prepare(ssh, ctype, rname); return connect_to(ssh, - fp->host_to_connect, fp->port_to_connect, + perm->host_to_connect, perm->port_to_connect, ctype, rname); } } @@ -4174,14 +4302,15 @@ channel_connect_by_listen_path(struct ssh *ssh, const char *path, char *ctype, char *rname) { struct ssh_channels *sc = ssh->chanctxt; + struct permission_set *pset = &sc->local_perms; u_int i; - ForwardPermission *fp; + struct permission *perm; - for (i = 0; i < sc->num_permitted_opens; i++) { - fp = &sc->permitted_opens[i]; - if (open_listen_match_streamlocal(fp, path)) { + for (i = 0; i < pset->num_permitted_user; i++) { + perm = &pset->permitted_user[i]; + if (open_listen_match_streamlocal(perm, path)) { return connect_to(ssh, - fp->host_to_connect, fp->port_to_connect, + perm->host_to_connect, perm->port_to_connect, ctype, rname); } } @@ -4196,28 +4325,29 @@ channel_connect_to_port(struct ssh *ssh, const char *host, u_short port, char *ctype, char *rname, int *reason, const char **errmsg) { struct ssh_channels *sc = ssh->chanctxt; + struct permission_set *pset = &sc->local_perms; struct channel_connect cctx; Channel *c; u_int i, permit, permit_adm = 1; int sock; - ForwardPermission *fp; + struct permission *perm; - permit = sc->all_opens_permitted; + permit = pset->all_permitted; if (!permit) { - for (i = 0; i < sc->num_permitted_opens; i++) { - fp = &sc->permitted_opens[i]; - if (open_match(fp, host, port)) { + for (i = 0; i < pset->num_permitted_user; i++) { + perm = &pset->permitted_user[i]; + if (open_match(perm, host, port)) { permit = 1; break; } } } - if (sc->num_adm_permitted_opens > 0) { + if (pset->num_permitted_admin > 0) { permit_adm = 0; - for (i = 0; i < sc->num_adm_permitted_opens; i++) { - fp = &sc->permitted_adm_opens[i]; - if (open_match(fp, host, port)) { + for (i = 0; i < pset->num_permitted_admin; i++) { + perm = &pset->permitted_admin[i]; + if (open_match(perm, host, port)) { permit_adm = 1; break; } @@ -4255,25 +4385,26 @@ channel_connect_to_path(struct ssh *ssh, const char *path, char *ctype, char *rname) { struct ssh_channels *sc = ssh->chanctxt; + struct permission_set *pset = &sc->local_perms; u_int i, permit, permit_adm = 1; - ForwardPermission *fp; + struct permission *perm; - permit = sc->all_opens_permitted; + permit = pset->all_permitted; if (!permit) { - for (i = 0; i < sc->num_permitted_opens; i++) { - fp = &sc->permitted_opens[i]; - if (open_match(fp, path, PORT_STREAMLOCAL)) { + for (i = 0; i < pset->num_permitted_user; i++) { + perm = &pset->permitted_user[i]; + if (open_match(perm, path, PORT_STREAMLOCAL)) { permit = 1; break; } } } - if (sc->num_adm_permitted_opens > 0) { + if (pset->num_permitted_admin > 0) { permit_adm = 0; - for (i = 0; i < sc->num_adm_permitted_opens; i++) { - fp = &sc->permitted_adm_opens[i]; - if (open_match(fp, path, PORT_STREAMLOCAL)) { + for (i = 0; i < pset->num_permitted_admin; i++) { + perm = &pset->permitted_admin[i]; + if (open_match(perm, path, PORT_STREAMLOCAL)) { permit_adm = 1; break; } diff --git a/channels.h b/channels.h index 126b043454e..1aeafe94e2e 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.130 2017/09/21 19:16:53 markus Exp $ */ +/* $OpenBSD: channels.h,v 1.131 2018/06/06 18:22:41 djm Exp $ */ /* * Author: Tatu Ylonen @@ -63,6 +63,15 @@ #define CHANNEL_CANCEL_PORT_STATIC -1 +/* TCP forwarding */ +#define FORWARD_DENY 0 +#define FORWARD_REMOTE (1) +#define FORWARD_LOCAL (1<<1) +#define FORWARD_ALLOW (FORWARD_REMOTE|FORWARD_LOCAL) + +#define FORWARD_ADM 0x100 +#define FORWARD_USER 0x101 + struct ssh; struct Channel; typedef struct Channel Channel; @@ -283,16 +292,11 @@ int channel_find_open(struct ssh *); struct Forward; struct ForwardOptions; void channel_set_af(struct ssh *, int af); -void channel_permit_all_opens(struct ssh *); -void channel_add_permitted_opens(struct ssh *, char *, int); -int channel_add_adm_permitted_opens(struct ssh *, char *, int); -void channel_copy_adm_permitted_opens(struct ssh *, - const struct fwd_perm_list *); -void channel_disable_adm_local_opens(struct ssh *); -void channel_update_permitted_opens(struct ssh *, int, int); -void channel_clear_permitted_opens(struct ssh *); -void channel_clear_adm_permitted_opens(struct ssh *); -void channel_print_adm_permitted_opens(struct ssh *); +void channel_permit_all(struct ssh *, int); +void channel_add_permission(struct ssh *, int, int, char *, int); +void channel_clear_permission(struct ssh *, int, int); +void channel_disable_admin(struct ssh *, int); +void channel_update_permission(struct ssh *, int, int); Channel *channel_connect_to_port(struct ssh *, const char *, u_short, char *, char *, int *, const char **); Channel *channel_connect_to_path(struct ssh *, const char *, char *, char *); diff --git a/cipher.c b/cipher.c index 5787636161d..a72682a8277 100644 --- a/cipher.c +++ b/cipher.c @@ -82,7 +82,9 @@ struct sshcipher { static const struct sshcipher ciphers[] = { #ifdef WITH_OPENSSL +#ifndef OPENSSL_NO_DES { "3des-cbc", 8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc }, +#endif { "aes128-cbc", 16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc }, { "aes192-cbc", 16, 24, 0, 0, CFLAG_CBC, EVP_aes_192_cbc }, { "aes256-cbc", 16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc }, diff --git a/clientloop.c b/clientloop.c index 7bcf22e3869..ad35cb7ba39 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.311 2018/02/11 21:16:56 dtucker Exp $ */ +/* $OpenBSD: clientloop.c,v 1.317 2018/07/11 18:53:29 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -91,11 +91,11 @@ #include "ssh.h" #include "ssh2.h" #include "packet.h" -#include "buffer.h" +#include "sshbuf.h" #include "compat.h" #include "channels.h" #include "dispatch.h" -#include "key.h" +#include "sshkey.h" #include "cipher.h" #include "kex.h" #include "myproposal.h" @@ -153,7 +153,7 @@ static time_t control_persist_exit_time = 0; volatile sig_atomic_t quit_pending; /* Set non-zero to quit the loop. */ static int last_was_cr; /* Last character was a newline. */ static int exit_status; /* Used to store the command exit status. */ -static Buffer stderr_buffer; /* Used for final exit message. */ +static struct sshbuf *stderr_buffer; /* Used for final exit message. */ static int connection_in; /* Connection to server (input). */ static int connection_out; /* Connection to server (output). */ static int need_rekeying; /* Set to non-zero if rekeying is requested. */ @@ -188,7 +188,7 @@ TAILQ_HEAD(global_confirms, global_confirm); static struct global_confirms global_confirms = TAILQ_HEAD_INITIALIZER(global_confirms); -void ssh_process_session2_setup(int, int, int, Buffer *); +void ssh_process_session2_setup(int, int, int, struct sshbuf *); /* Restores stdin to blocking mode. */ @@ -493,7 +493,7 @@ client_wait_until_can_do_something(struct ssh *ssh, struct timeval tv, *tvp; int timeout_secs; time_t minwait_secs = 0, server_alive_time = 0, now = monotime(); - int ret; + int r, ret; /* Add any selections by the channel mechanism. */ channel_prepare_select(active_state, readsetp, writesetp, maxfdp, @@ -546,8 +546,6 @@ client_wait_until_can_do_something(struct ssh *ssh, ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp); if (ret < 0) { - char buf[100]; - /* * We have to clear the select masks, because we return. * We have to return, because the mainloop checks for the flags @@ -559,8 +557,9 @@ client_wait_until_can_do_something(struct ssh *ssh, if (errno == EINTR) return; /* Note: we might still have data in the buffers. */ - snprintf(buf, sizeof buf, "select: %s\r\n", strerror(errno)); - buffer_append(&stderr_buffer, buf, strlen(buf)); + if ((r = sshbuf_putf(stderr_buffer, + "select: %s\r\n", strerror(errno))) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); quit_pending = 1; } else if (ret == 0) { /* @@ -574,15 +573,15 @@ client_wait_until_can_do_something(struct ssh *ssh, } static void -client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr) +client_suspend_self(struct sshbuf *bin, struct sshbuf *bout, struct sshbuf *berr) { /* Flush stdout and stderr buffers. */ - if (buffer_len(bout) > 0) - atomicio(vwrite, fileno(stdout), buffer_ptr(bout), - buffer_len(bout)); - if (buffer_len(berr) > 0) - atomicio(vwrite, fileno(stderr), buffer_ptr(berr), - buffer_len(berr)); + if (sshbuf_len(bout) > 0) + atomicio(vwrite, fileno(stdout), sshbuf_mutable_ptr(bout), + sshbuf_len(bout)); + if (sshbuf_len(berr) > 0) + atomicio(vwrite, fileno(stderr), sshbuf_mutable_ptr(berr), + sshbuf_len(berr)); leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE); @@ -602,8 +601,8 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr) static void client_process_net_input(fd_set *readset) { - int len; char buf[SSH_IOBUFSZ]; + int r, len; /* * Read input from the server, and add any such data to the buffer of @@ -617,10 +616,11 @@ client_process_net_input(fd_set *readset) * Received EOF. The remote host has closed the * connection. */ - snprintf(buf, sizeof buf, + if ((r = sshbuf_putf(stderr_buffer, "Connection to %.300s closed by remote host.\r\n", - host); - buffer_append(&stderr_buffer, buf, strlen(buf)); + host)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); quit_pending = 1; return; } @@ -637,10 +637,11 @@ client_process_net_input(fd_set *readset) * An error has encountered. Perhaps there is a * network problem. */ - snprintf(buf, sizeof buf, + if ((r = sshbuf_putf(stderr_buffer, "Read from remote host %.300s: %.100s\r\n", - host, strerror(errno)); - buffer_append(&stderr_buffer, buf, strlen(buf)); + host, strerror(errno))) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); quit_pending = 1; return; } @@ -653,7 +654,7 @@ client_status_confirm(struct ssh *ssh, int type, Channel *c, void *ctx) { struct channel_reply_ctx *cr = (struct channel_reply_ctx *)ctx; char errmsg[256]; - int tochan; + int r, tochan; /* * If a TTY was explicitly requested, then a failure to allocate @@ -664,7 +665,7 @@ client_status_confirm(struct ssh *ssh, int type, Channel *c, void *ctx) options.request_tty == REQUEST_TTY_YES)) cr->action = CONFIRM_CLOSE; - /* XXX supress on mux _client_ quietmode */ + /* XXX suppress on mux _client_ quietmode */ tochan = options.log_level >= SYSLOG_LEVEL_ERROR && c->ctl_chan != -1 && c->extended_usage == CHAN_EXTENDED_WRITE; @@ -688,7 +689,10 @@ client_status_confirm(struct ssh *ssh, int type, Channel *c, void *ctx) * their stderr. */ if (tochan) { - buffer_append(c->extended, errmsg, strlen(errmsg)); + if ((r = sshbuf_put(c->extended, errmsg, + strlen(errmsg))) != 0) + fatal("%s: buffer error %s", __func__, + ssh_err(r)); } else error("%s", errmsg); if (cr->action == CONFIRM_TTY) { @@ -892,14 +896,15 @@ static struct escape_help_text esc_txt[] = { }; static void -print_escape_help(Buffer *b, int escape_char, int mux_client, int using_stderr) +print_escape_help(struct sshbuf *b, int escape_char, int mux_client, + int using_stderr) { unsigned int i, suppress_flags; - char string[1024]; + int r; - snprintf(string, sizeof string, "%c?\r\n" - "Supported escape sequences:\r\n", escape_char); - buffer_append(b, string, strlen(string)); + if ((r = sshbuf_putf(b, + "%c?\r\nSupported escape sequences:\r\n", escape_char)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); suppress_flags = (mux_client ? SUPPRESS_MUXCLIENT : 0) | @@ -909,29 +914,28 @@ print_escape_help(Buffer *b, int escape_char, int mux_client, int using_stderr) for (i = 0; i < sizeof(esc_txt)/sizeof(esc_txt[0]); i++) { if (esc_txt[i].flags & suppress_flags) continue; - snprintf(string, sizeof string, " %c%-3s - %s\r\n", - escape_char, esc_txt[i].cmd, esc_txt[i].text); - buffer_append(b, string, strlen(string)); + if ((r = sshbuf_putf(b, " %c%-3s - %s\r\n", + escape_char, esc_txt[i].cmd, esc_txt[i].text)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } - snprintf(string, sizeof string, + if ((r = sshbuf_putf(b, " %c%c - send the escape character by typing it twice\r\n" "(Note that escapes are only recognized immediately after " - "newline.)\r\n", escape_char, escape_char); - buffer_append(b, string, strlen(string)); + "newline.)\r\n", escape_char, escape_char)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } -/* +/* * Process the characters one by one. */ static int process_escapes(struct ssh *ssh, Channel *c, - Buffer *bin, Buffer *bout, Buffer *berr, + struct sshbuf *bin, struct sshbuf *bout, struct sshbuf *berr, char *buf, int len) { - char string[1024]; pid_t pid; - int bytes = 0; + int r, bytes = 0; u_int i; u_char ch; char *s; @@ -940,7 +944,7 @@ process_escapes(struct ssh *ssh, Channel *c, if (c->filter_ctx == NULL) return 0; - + if (len <= 0) return (0); @@ -957,10 +961,10 @@ process_escapes(struct ssh *ssh, Channel *c, switch (ch) { case '.': /* Terminate the connection. */ - snprintf(string, sizeof string, "%c.\r\n", - efc->escape_char); - buffer_append(berr, string, strlen(string)); - + if ((r = sshbuf_putf(berr, "%c.\r\n", + efc->escape_char)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); if (c && c->ctl_chan != -1) { chan_read_failed(ssh, c); chan_write_failed(ssh, c); @@ -969,7 +973,7 @@ process_escapes(struct ssh *ssh, Channel *c, c->self, NULL); } c->type = SSH_CHANNEL_ABANDONED; - buffer_clear(c->input); + sshbuf_reset(c->input); chan_ibuf_empty(ssh, c); return 0; } else @@ -985,18 +989,20 @@ process_escapes(struct ssh *ssh, Channel *c, snprintf(b, sizeof b, "^Z"); else snprintf(b, sizeof b, "%c", ch); - snprintf(string, sizeof string, + if ((r = sshbuf_putf(berr, "%c%s escape not available to " "multiplexed sessions\r\n", - efc->escape_char, b); - buffer_append(berr, string, - strlen(string)); + efc->escape_char, b)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); continue; } /* Suspend the program. Inform the user */ - snprintf(string, sizeof string, - "%c^Z [suspend ssh]\r\n", efc->escape_char); - buffer_append(berr, string, strlen(string)); + if ((r = sshbuf_putf(berr, + "%c^Z [suspend ssh]\r\n", + efc->escape_char)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); /* Restore terminal modes and suspend. */ client_suspend_self(bin, bout, berr); @@ -1005,12 +1011,15 @@ process_escapes(struct ssh *ssh, Channel *c, continue; case 'B': - snprintf(string, sizeof string, - "%cB\r\n", efc->escape_char); - buffer_append(berr, string, strlen(string)); + if ((r = sshbuf_putf(berr, + "%cB\r\n", efc->escape_char)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); channel_request_start(ssh, c->self, "break", 0); - packet_put_int(1000); - packet_send(); + if ((r = sshpkt_put_u32(ssh, 1000)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, + ssh_err(r)); continue; case 'R': @@ -1027,11 +1036,11 @@ process_escapes(struct ssh *ssh, Channel *c, if (c && c->ctl_chan != -1) goto noescape; if (!log_is_on_stderr()) { - snprintf(string, sizeof string, + if ((r = sshbuf_putf(berr, "%c%c [Logging to syslog]\r\n", - efc->escape_char, ch); - buffer_append(berr, string, - strlen(string)); + efc->escape_char, ch)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); continue; } if (ch == 'V' && options.log_level > @@ -1040,11 +1049,12 @@ process_escapes(struct ssh *ssh, Channel *c, if (ch == 'v' && options.log_level < SYSLOG_LEVEL_DEBUG3) log_change_level(++options.log_level); - snprintf(string, sizeof string, + if ((r = sshbuf_putf(berr, "%c%c [LogLevel %s]\r\n", efc->escape_char, ch, - log_level_name(options.log_level)); - buffer_append(berr, string, strlen(string)); + log_level_name(options.log_level))) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); continue; case '&': @@ -1062,9 +1072,11 @@ process_escapes(struct ssh *ssh, Channel *c, /* Stop listening for new connections. */ channel_stop_listening(ssh); - snprintf(string, sizeof string, - "%c& [backgrounded]\n", efc->escape_char); - buffer_append(berr, string, strlen(string)); + if ((r = sshbuf_putf(berr, + "%c& [backgrounded]\n", efc->escape_char)) + != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); /* Fork into background. */ pid = fork(); @@ -1077,8 +1089,10 @@ process_escapes(struct ssh *ssh, Channel *c, exit(0); } /* The child continues serving connections. */ - buffer_append(bin, "\004", 1); /* fake EOF on stdin */ + if ((r = sshbuf_put_u8(bin, 4)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); return -1; case '?': print_escape_help(berr, efc->escape_char, @@ -1087,11 +1101,14 @@ process_escapes(struct ssh *ssh, Channel *c, continue; case '#': - snprintf(string, sizeof string, "%c#\r\n", - efc->escape_char); - buffer_append(berr, string, strlen(string)); + if ((r = sshbuf_putf(berr, "%c#\r\n", + efc->escape_char)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); s = channel_open_message(ssh); - buffer_append(berr, s, strlen(s)); + if ((r = sshbuf_put(berr, s, strlen(s))) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); free(s); continue; @@ -1103,7 +1120,10 @@ process_escapes(struct ssh *ssh, Channel *c, default: if (ch != efc->escape_char) { - buffer_put_char(bin, efc->escape_char); + if ((r = sshbuf_put_u8(bin, + efc->escape_char)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); bytes++; } /* Escaped characters fall through here */ @@ -1129,7 +1149,8 @@ process_escapes(struct ssh *ssh, Channel *c, * and append it to the buffer. */ last_was_cr = (ch == '\r' || ch == '\n'); - buffer_put_char(bin, ch); + if ((r = sshbuf_put_u8(bin, ch)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); bytes++; } return bytes; @@ -1253,8 +1274,9 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, quit_pending = 0; - /* Initialize buffers. */ - buffer_init(&stderr_buffer); + /* Initialize buffer. */ + if ((stderr_buffer = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); client_init_dispatch(); @@ -1411,24 +1433,25 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, * that the connection has been closed. */ if (have_pty && options.log_level != SYSLOG_LEVEL_QUIET) { - snprintf(buf, sizeof buf, - "Connection to %.64s closed.\r\n", host); - buffer_append(&stderr_buffer, buf, strlen(buf)); + if ((r = sshbuf_putf(stderr_buffer, + "Connection to %.64s closed.\r\n", host)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } /* Output any buffered data for stderr. */ - if (buffer_len(&stderr_buffer) > 0) { + if (sshbuf_len(stderr_buffer) > 0) { len = atomicio(vwrite, fileno(stderr), - buffer_ptr(&stderr_buffer), buffer_len(&stderr_buffer)); - if (len < 0 || (u_int)len != buffer_len(&stderr_buffer)) + (u_char *)sshbuf_ptr(stderr_buffer), + sshbuf_len(stderr_buffer)); + if (len < 0 || (u_int)len != sshbuf_len(stderr_buffer)) error("Write failed flushing stderr buffer."); - else - buffer_consume(&stderr_buffer, len); + else if ((r = sshbuf_consume(stderr_buffer, len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } /* Clear and free any buffers. */ explicit_bzero(buf, sizeof(buf)); - buffer_free(&stderr_buffer); + sshbuf_free(stderr_buffer); /* Report bytes transferred, and transfer rates. */ total_time = monotime_double() - start_time; @@ -1746,7 +1769,7 @@ struct hostkeys_update_ctx { */ struct sshkey **keys; int *keys_seen; - size_t nkeys, nnew; + size_t nkeys, nnew; /* * Keys that are in known_hosts, but were not present in the update @@ -2156,9 +2179,11 @@ client_input_global_request(int type, u_int32_t seq, struct ssh *ssh) void client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, - const char *term, struct termios *tiop, int in_fd, Buffer *cmd, char **env) + const char *term, struct termios *tiop, int in_fd, struct sshbuf *cmd, + char **env) { - int len; + int i, j, matched, len; + char *name, *val; Channel *c = NULL; debug2("%s: id %d", __func__, id); @@ -2185,7 +2210,7 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, packet_put_int((u_int)ws.ws_ypixel); if (tiop == NULL) tiop = get_saved_tio(); - tty_make_modes(-1, tiop); + ssh_tty_make_modes(ssh, -1, tiop); packet_send(); /* XXX wait for reply */ c->client_tty = 1; @@ -2193,9 +2218,6 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, /* Transfer any environment variables from client to server */ if (options.num_send_env != 0 && env != NULL) { - int i, j, matched; - char *name, *val; - debug("Sending environment."); for (i = 0; env[i] != NULL; i++) { /* Split */ @@ -2227,24 +2249,40 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, free(name); } } + for (i = 0; i < options.num_setenv; i++) { + /* Split */ + name = xstrdup(options.setenv[i]); + if ((val = strchr(name, '=')) == NULL) { + free(name); + continue; + } + *val++ = '\0'; + + debug("Setting env %s = %s", name, val); + channel_request_start(ssh, id, "env", 0); + packet_put_cstring(name); + packet_put_cstring(val); + packet_send(); + free(name); + } - len = buffer_len(cmd); + len = sshbuf_len(cmd); if (len > 0) { if (len > 900) len = 900; if (want_subsystem) { debug("Sending subsystem: %.*s", - len, (u_char*)buffer_ptr(cmd)); + len, (const u_char*)sshbuf_ptr(cmd)); channel_request_start(ssh, id, "subsystem", 1); client_expect_confirm(ssh, id, "subsystem", CONFIRM_CLOSE); } else { debug("Sending command: %.*s", - len, (u_char*)buffer_ptr(cmd)); + len, (const u_char*)sshbuf_ptr(cmd)); channel_request_start(ssh, id, "exec", 1); client_expect_confirm(ssh, id, "exec", CONFIRM_CLOSE); } - packet_put_string(buffer_ptr(cmd), buffer_len(cmd)); + packet_put_string(sshbuf_ptr(cmd), sshbuf_len(cmd)); packet_send(); } else { channel_request_start(ssh, id, "shell", 1); diff --git a/clientloop.h b/clientloop.h index 8d1f0bff695..bf79c87bf89 100644 --- a/clientloop.h +++ b/clientloop.h @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.h,v 1.35 2017/10/23 05:08:00 djm Exp $ */ +/* $OpenBSD: clientloop.h,v 1.36 2018/07/09 21:03:30 markus Exp $ */ /* * Author: Tatu Ylonen @@ -45,7 +45,7 @@ int client_x11_get_proto(struct ssh *, const char *, const char *, u_int, u_int, char **, char **); void client_global_request_reply_fwd(int, u_int32_t, void *); void client_session2_setup(struct ssh *, int, int, int, - const char *, struct termios *, int, Buffer *, char **); + const char *, struct termios *, int, struct sshbuf *, char **); char *client_request_tun_fwd(struct ssh *, int, int, int); void client_stop_mux(void); diff --git a/compat.c b/compat.c index 861e9e21fe0..0624dc6de13 100644 --- a/compat.c +++ b/compat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.106 2018/02/16 04:43:11 dtucker Exp $ */ +/* $OpenBSD: compat.c,v 1.113 2018/08/13 02:41:05 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -32,7 +32,6 @@ #include #include "xmalloc.h" -#include "buffer.h" #include "packet.h" #include "compat.h" #include "log.h" @@ -52,16 +51,28 @@ compat_datafellows(const char *version) } check[] = { { "OpenSSH_2.*," "OpenSSH_3.0*," - "OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR}, - { "OpenSSH_3.*", SSH_OLD_FORWARD_ADDR }, - { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, + "OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR| + SSH_BUG_SIGTYPE}, + { "OpenSSH_3.*", SSH_OLD_FORWARD_ADDR|SSH_BUG_SIGTYPE }, + { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF| + SSH_BUG_SIGTYPE}, { "OpenSSH_2*," "OpenSSH_3*," - "OpenSSH_4*", 0 }, - { "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT}, - { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH}, + "OpenSSH_4*", SSH_BUG_SIGTYPE }, + { "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT| + SSH_BUG_SIGTYPE}, + { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH|SSH_BUG_SIGTYPE}, { "OpenSSH_6.5*," - "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD}, + "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD| + SSH_BUG_SIGTYPE}, + { "OpenSSH_7.0*," + "OpenSSH_7.1*," + "OpenSSH_7.2*," + "OpenSSH_7.3*," + "OpenSSH_7.4*," + "OpenSSH_7.5*," + "OpenSSH_7.6*," + "OpenSSH_7.7*", SSH_NEW_OPENSSH|SSH_BUG_SIGTYPE}, { "OpenSSH*", SSH_NEW_OPENSSH }, { "*MindTerm*", 0 }, { "3.0.*", SSH_BUG_DEBUG }, @@ -128,6 +139,8 @@ compat_datafellows(const char *version) SSH_OLD_DHGEX }, { "ConfD-*", SSH_BUG_UTF8TTYMODE }, + { "Twisted_*", 0 }, + { "Twisted*", SSH_BUG_DEBUG }, { NULL, 0 } }; @@ -176,8 +189,8 @@ compat_cipher_proposal(char *cipher_prop) if (!(datafellows & SSH_BUG_BIGENDIANAES)) return cipher_prop; debug2("%s: original cipher proposal: %s", __func__, cipher_prop); - if ((cipher_prop = match_filter_list(cipher_prop, "aes*")) == NULL) - fatal("match_filter_list failed"); + if ((cipher_prop = match_filter_blacklist(cipher_prop, "aes*")) == NULL) + fatal("match_filter_blacklist failed"); debug2("%s: compat cipher proposal: %s", __func__, cipher_prop); if (*cipher_prop == '\0') fatal("No supported ciphers found"); @@ -190,8 +203,8 @@ compat_pkalg_proposal(char *pkalg_prop) if (!(datafellows & SSH_BUG_RSASIGMD5)) return pkalg_prop; debug2("%s: original public key proposal: %s", __func__, pkalg_prop); - if ((pkalg_prop = match_filter_list(pkalg_prop, "ssh-rsa")) == NULL) - fatal("match_filter_list failed"); + if ((pkalg_prop = match_filter_blacklist(pkalg_prop, "ssh-rsa")) == NULL) + fatal("match_filter_blacklist failed"); debug2("%s: compat public key proposal: %s", __func__, pkalg_prop); if (*pkalg_prop == '\0') fatal("No supported PK algorithms found"); @@ -205,14 +218,14 @@ compat_kex_proposal(char *p) return p; debug2("%s: original KEX proposal: %s", __func__, p); if ((datafellows & SSH_BUG_CURVE25519PAD) != 0) - if ((p = match_filter_list(p, + if ((p = match_filter_blacklist(p, "curve25519-sha256@libssh.org")) == NULL) - fatal("match_filter_list failed"); + fatal("match_filter_blacklist failed"); if ((datafellows & SSH_OLD_DHGEX) != 0) { - if ((p = match_filter_list(p, + if ((p = match_filter_blacklist(p, "diffie-hellman-group-exchange-sha256," "diffie-hellman-group-exchange-sha1")) == NULL) - fatal("match_filter_list failed"); + fatal("match_filter_blacklist failed"); } debug2("%s: compat KEX proposal: %s", __func__, p); if (*p == '\0') diff --git a/compat.h b/compat.h index 4fee3495a5a..d611d33e736 100644 --- a/compat.h +++ b/compat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.h,v 1.51 2018/02/16 04:43:11 dtucker Exp $ */ +/* $OpenBSD: compat.h,v 1.54 2018/08/13 02:41:05 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. @@ -33,7 +33,7 @@ #define SSH_PROTO_2 0x04 #define SSH_BUG_UTF8TTYMODE 0x00000001 -/* #define unused 0x00000002 */ +#define SSH_BUG_SIGTYPE 0x00000002 /* #define unused 0x00000004 */ /* #define unused 0x00000008 */ #define SSH_OLD_SESSIONID 0x00000010 diff --git a/config.h.in b/config.h.in index 57208740787..7940b4c86b7 100644 --- a/config.h.in +++ b/config.h.in @@ -534,6 +534,9 @@ /* Define to 1 if you have the `getlastlogxbyname' function. */ #undef HAVE_GETLASTLOGXBYNAME +/* Define to 1 if you have the `getline' function. */ +#undef HAVE_GETLINE + /* Define to 1 if you have the `getluid' function. */ #undef HAVE_GETLUID @@ -567,6 +570,9 @@ /* Define to 1 if you have the `getpwanam' function. */ #undef HAVE_GETPWANAM +/* Define to 1 if you have the `getrandom' function. */ +#undef HAVE_GETRANDOM + /* Define to 1 if you have the `getrlimit' function. */ #undef HAVE_GETRLIMIT @@ -1287,6 +1293,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_SYS_PTRACE_H +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_RANDOM_H + /* Define to 1 if you have the header file. */ #undef HAVE_SYS_SELECT_H @@ -1543,7 +1552,7 @@ /* Need setpgrp to acquire controlling tty */ #undef NEED_SETPGRP -/* compiler does not accept __attribute__ on protoype args */ +/* compiler does not accept __attribute__ on prototype args */ #undef NO_ATTRIBUTE_ON_PROTOTYPE_ARGS /* compiler does not accept __attribute__ on return types */ @@ -1670,12 +1679,6 @@ /* The size of `short int', as computed by sizeof. */ #undef SIZEOF_SHORT_INT -/* Define if you want S/Key support */ -#undef SKEY - -/* Define if your skeychallenge() function takes 4 arguments (NetBSD) */ -#undef SKEYCHALLENGE_4ARG - /* Define as const if snprintf() can declare const char *fmt */ #undef SNPRINTF_CONST @@ -1776,7 +1779,7 @@ /* Define if you want to enable AIX4's authenticate function */ #undef WITH_AIXAUTHENTICATE -/* Define if you have/want arrays (cluster-wide session managment, not C +/* Define if you have/want arrays (cluster-wide session management, not C arrays) */ #undef WITH_IRIX_ARRAY diff --git a/configure b/configure index 5f5536fa4e3..330fb9b1d9b 100755 --- a/configure +++ b/configure @@ -751,7 +751,6 @@ with_solaris_privs with_osfsia with_zlib with_zlib_version_check -with_skey with_ldns with_libedit with_audit @@ -1447,7 +1446,6 @@ Optional Packages: --with-osfsia Enable Digital Unix SIA --with-zlib=PATH Use zlib in PATH --without-zlib-version-check Disable zlib version check - --with-skey[=PATH] Enable S/Key support (optionally in PATH) --with-ldns[=PATH] Use ldns for DNSSEC support (optionally in PATH) --with-libedit[=PATH] Enable libedit support for sftp --with-audit=module Enable audit support (modules=debug,bsm,linux) @@ -5546,9 +5544,7 @@ _ACEOF fi -if test -z "$LD" ; then - LD=$CC -fi +LD="$CC" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 @@ -5727,7 +5723,7 @@ int main(int argc, char **argv) { _ACEOF if ac_fn_c_try_compile "$LINENO"; then : -if `grep -i "unrecognized option" conftest.err >/dev/null` +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -5770,7 +5766,7 @@ int main(int argc, char **argv) { _ACEOF if ac_fn_c_try_compile "$LINENO"; then : -if `grep -i "unrecognized option" conftest.err >/dev/null` +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -5813,7 +5809,7 @@ int main(int argc, char **argv) { _ACEOF if ac_fn_c_try_compile "$LINENO"; then : -if `grep -i "unrecognized option" conftest.err >/dev/null` +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -5856,7 +5852,7 @@ int main(int argc, char **argv) { _ACEOF if ac_fn_c_try_compile "$LINENO"; then : -if `grep -i "unrecognized option" conftest.err >/dev/null` +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -5899,7 +5895,7 @@ int main(int argc, char **argv) { _ACEOF if ac_fn_c_try_compile "$LINENO"; then : -if `grep -i "unrecognized option" conftest.err >/dev/null` +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -5942,7 +5938,7 @@ int main(int argc, char **argv) { _ACEOF if ac_fn_c_try_compile "$LINENO"; then : -if `grep -i "unrecognized option" conftest.err >/dev/null` +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -5985,7 +5981,7 @@ int main(int argc, char **argv) { _ACEOF if ac_fn_c_try_compile "$LINENO"; then : -if `grep -i "unrecognized option" conftest.err >/dev/null` +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -6028,7 +6024,7 @@ int main(int argc, char **argv) { _ACEOF if ac_fn_c_try_compile "$LINENO"; then : -if `grep -i "unrecognized option" conftest.err >/dev/null` +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -6071,7 +6067,7 @@ int main(int argc, char **argv) { _ACEOF if ac_fn_c_try_compile "$LINENO"; then : -if `grep -i "unrecognized option" conftest.err >/dev/null` +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -6114,7 +6110,7 @@ int main(int argc, char **argv) { _ACEOF if ac_fn_c_try_compile "$LINENO"; then : -if `grep -i "unrecognized option" conftest.err >/dev/null` +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -6157,7 +6153,7 @@ int main(int argc, char **argv) { _ACEOF if ac_fn_c_try_compile "$LINENO"; then : -if `grep -i "unrecognized option" conftest.err >/dev/null` +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -6200,7 +6196,7 @@ int main(int argc, char **argv) { _ACEOF if ac_fn_c_try_compile "$LINENO"; then : -if `grep -i "unrecognized option" conftest.err >/dev/null` +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -6219,7 +6215,12 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext } if test "x$use_toolchain_hardening" = "x1"; then - { + # Cygwin GCC 7.x allows thunking on the CLI, but produces non-working + # code. Unfortunately you only notice this at link time. + case "$host" in + *-*-cygwin*) ;; + *) + { { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -mfunction-return=thunk" >&5 $as_echo_n "checking if $CC supports compile flag -mfunction-return=thunk... " >&6; } saved_CFLAGS="$CFLAGS" @@ -6244,7 +6245,7 @@ int main(int argc, char **argv) { _ACEOF if ac_fn_c_try_compile "$LINENO"; then : -if `grep -i "unrecognized option" conftest.err >/dev/null` +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -6262,7 +6263,7 @@ $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext } # gcc - { + { { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -mindirect-branch=thunk" >&5 $as_echo_n "checking if $CC supports compile flag -mindirect-branch=thunk... " >&6; } saved_CFLAGS="$CFLAGS" @@ -6287,7 +6288,7 @@ int main(int argc, char **argv) { _ACEOF if ac_fn_c_try_compile "$LINENO"; then : -if `grep -i "unrecognized option" conftest.err >/dev/null` +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -6305,6 +6306,8 @@ $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext } # gcc + ;; + esac { { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -mretpoline" >&5 $as_echo_n "checking if $CC supports compile flag -mretpoline... " >&6; } @@ -6330,7 +6333,7 @@ int main(int argc, char **argv) { _ACEOF if ac_fn_c_try_compile "$LINENO"; then : -if `grep -i "unrecognized option" conftest.err >/dev/null` +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -6373,9 +6376,17 @@ int main(int argc, char **argv) { _ACEOF if ac_fn_c_try_link "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + LDFLAGS="$saved_LDFLAGS" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } LDFLAGS="$saved_LDFLAGS $_define_flag" +fi else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -6410,7 +6421,7 @@ int main(int argc, char **argv) { _ACEOF if ac_fn_c_try_compile "$LINENO"; then : -if `grep -i "unrecognized option" conftest.err >/dev/null` +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -6453,9 +6464,17 @@ int main(int argc, char **argv) { _ACEOF if ac_fn_c_try_link "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + LDFLAGS="$saved_LDFLAGS" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } LDFLAGS="$saved_LDFLAGS $_define_flag" +fi else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -6490,9 +6509,17 @@ int main(int argc, char **argv) { _ACEOF if ac_fn_c_try_link "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + LDFLAGS="$saved_LDFLAGS" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } LDFLAGS="$saved_LDFLAGS $_define_flag" +fi else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -6527,9 +6554,17 @@ int main(int argc, char **argv) { _ACEOF if ac_fn_c_try_link "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + LDFLAGS="$saved_LDFLAGS" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } LDFLAGS="$saved_LDFLAGS $_define_flag" +fi else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -6570,7 +6605,7 @@ int main(int argc, char **argv) { _ACEOF if ac_fn_c_try_link "$LINENO"; then : -if `grep -i "unrecognized option" conftest.err >/dev/null` +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -6944,6 +6979,7 @@ for ac_header in \ sys/prctl.h \ sys/pstat.h \ sys/ptrace.h \ + sys/random.h \ sys/select.h \ sys/stat.h \ sys/stream.h \ @@ -7154,7 +7190,7 @@ case "$host" in # Some versions of VAC won't allow macro redefinitions at # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that # particularly with older versions of vac or xlc. - # It also throws errors about null macro argments, but these are + # It also throws errors about null macro arguments, but these are # not fatal. { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler allows macro redefinitions" >&5 $as_echo_n "checking if compiler allows macro redefinitions... " >&6; } @@ -7178,7 +7214,6 @@ else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" - LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" @@ -7497,7 +7532,7 @@ int main(int argc, char **argv) { _ACEOF if ac_fn_c_try_compile "$LINENO"; then : -if `grep -i "unrecognized option" conftest.err >/dev/null` +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -10195,7 +10230,7 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $func_calloc_0_nonnull" >&5 $as_echo "$func_calloc_0_nonnull" >&6; } -if test "x$func_calloc_0_nonnull" == "xyes"; then +if test "x$func_calloc_0_nonnull" = "xyes"; then $as_echo "#define HAVE_CALLOC 1" >>confdefs.h @@ -10387,94 +10422,6 @@ else $as_echo "no" >&6; } fi -# Check whether user wants S/Key support -SKEY_MSG="no" - -# Check whether --with-skey was given. -if test "${with_skey+set}" = set; then : - withval=$with_skey; - if test "x$withval" != "xno" ; then - - if test "x$withval" != "xyes" ; then - CPPFLAGS="$CPPFLAGS -I${withval}/include" - LDFLAGS="$LDFLAGS -L${withval}/lib" - fi - - -$as_echo "#define SKEY 1" >>confdefs.h - - LIBS="-lskey $LIBS" - SKEY_MSG="yes" - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for s/key support" >&5 -$as_echo_n "checking for s/key support... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include -#include - -int -main () -{ - - char *ff = skey_keyinfo(""); ff=""; - exit(0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - as_fn_error $? "** Incomplete or missing s/key libraries." "$LINENO" 5 - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if skeychallenge takes 4 arguments" >&5 -$as_echo_n "checking if skeychallenge takes 4 arguments... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include -#include - -int -main () -{ - - (void)skeychallenge(NULL,"name","",0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define SKEYCHALLENGE_4ARG 1" >>confdefs.h - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - fi - - -fi - - # Check whether user wants to use ldns LDNS_MSG="no" @@ -11074,7 +11021,7 @@ int main(int argc, char **argv) { _ACEOF if ac_fn_c_try_compile "$LINENO"; then : -if `grep -i "unrecognized option" conftest.err >/dev/null` +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -11117,9 +11064,17 @@ int main(int argc, char **argv) { _ACEOF if ac_fn_c_try_link "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + LDFLAGS="$saved_LDFLAGS" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } LDFLAGS="$saved_LDFLAGS $_define_flag" +fi else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -11178,6 +11133,7 @@ for ac_func in \ getaddrinfo \ getcwd \ getgrouplist \ + getline \ getnameinfo \ getopt \ getpagesize \ @@ -11186,6 +11142,7 @@ for ac_func in \ getpgid \ _getpty \ getrlimit \ + getrandom \ getsid \ getttyent \ glob \ @@ -13962,7 +13919,7 @@ LIBS="$saved_LIBS" ### Configure cryptographic random number support -# Check wheter OpenSSL seeds itself +# Check whether OpenSSL seeds itself if test "x$openssl" = "xyes" ; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL's PRNG is internally seeded" >&5 $as_echo_n "checking whether OpenSSL's PRNG is internally seeded... " >&6; } @@ -16072,7 +16029,7 @@ _ACEOF fi -# We need int64_t or else certian parts of the compile will fail. +# We need int64_t or else certain parts of the compile will fail. if test "x$ac_cv_have_int64_t" = "xno" && \ test "x$ac_cv_sizeof_long_int" != "x8" && \ test "x$ac_cv_sizeof_long_long_int" = "x0" ; then @@ -21030,7 +20987,6 @@ echo " PAM support: $PAM_MSG" echo " OSF SIA support: $SIA_MSG" echo " KerberosV support: $KRB5_MSG" echo " SELinux support: $SELINUX_MSG" -echo " S/KEY support: $SKEY_MSG" echo " MD5 password support: $MD5_MSG" echo " libedit support: $LIBEDIT_MSG" echo " libldns support: $LDNS_MSG" diff --git a/configure.ac b/configure.ac index 663062bef14..83e5307501e 100644 --- a/configure.ac +++ b/configure.ac @@ -83,9 +83,11 @@ if test ! -z "$PATH_PASSWD_PROG" ; then [Full path of your "passwd" program]) fi -if test -z "$LD" ; then - LD=$CC -fi +dnl Since autoconf doesn't support it very well, we no longer allow users to +dnl override LD, however keeping the hook here for now in case there's a use +dnl use case we overlooked and someone needs to re-enable it. Unless a good +dnl reason is found we'll be removing this in future. +LD="$CC" AC_SUBST([LD]) AC_C_INLINE @@ -162,8 +164,15 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) if test "x$use_toolchain_hardening" = "x1"; then - OSSH_CHECK_CFLAG_COMPILE([-mfunction-return=thunk]) # gcc - OSSH_CHECK_CFLAG_COMPILE([-mindirect-branch=thunk]) # gcc + # Cygwin GCC 7.x allows thunking on the CLI, but produces non-working + # code. Unfortunately you only notice this at link time. + case "$host" in + *-*-cygwin*) ;; + *) + OSSH_CHECK_CFLAG_COMPILE([-mfunction-return=thunk]) # gcc + OSSH_CHECK_CFLAG_COMPILE([-mindirect-branch=thunk]) # gcc + ;; + esac OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) @@ -274,7 +283,7 @@ typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], [ AC_MSG_RESULT([yes]) ], [ AC_MSG_RESULT([no]) AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, - [compiler does not accept __attribute__ on protoype args]) ] + [compiler does not accept __attribute__ on prototype args]) ] ) if test "x$no_attrib_nonnull" != "x1" ; then @@ -413,6 +422,7 @@ AC_CHECK_HEADERS([ \ sys/prctl.h \ sys/pstat.h \ sys/ptrace.h \ + sys/random.h \ sys/select.h \ sys/stat.h \ sys/stream.h \ @@ -514,7 +524,7 @@ case "$host" in # Some versions of VAC won't allow macro redefinitions at # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that # particularly with older versions of vac or xlc. - # It also throws errors about null macro argments, but these are + # It also throws errors about null macro arguments, but these are # not fatal. AC_MSG_CHECKING([if compiler allows macro redefinitions]) AC_COMPILE_IFELSE( @@ -525,7 +535,6 @@ case "$host" in [ AC_MSG_RESULT([yes]) ], [ AC_MSG_RESULT([no]) CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" - LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" ] @@ -753,7 +762,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) PATH="$PATH:/usr/etc" AC_DEFINE([WITH_IRIX_ARRAY], [1], [Define if you have/want arrays - (cluster-wide session managment, not C arrays)]) + (cluster-wide session management, not C arrays)]) AC_DEFINE([WITH_IRIX_PROJECT], [1], [Define if you want IRIX project management]) AC_DEFINE([WITH_IRIX_AUDIT], [1], @@ -1398,7 +1407,7 @@ AC_RUN_IFELSE( ) AC_MSG_RESULT([$func_calloc_0_nonnull]) -if test "x$func_calloc_0_nonnull" == "xyes"; then +if test "x$func_calloc_0_nonnull" = "xyes"; then AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) else AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) @@ -1493,55 +1502,6 @@ else AC_MSG_RESULT([no]) fi -# Check whether user wants S/Key support -SKEY_MSG="no" -AC_ARG_WITH([skey], - [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)], - [ - if test "x$withval" != "xno" ; then - - if test "x$withval" != "xyes" ; then - CPPFLAGS="$CPPFLAGS -I${withval}/include" - LDFLAGS="$LDFLAGS -L${withval}/lib" - fi - - AC_DEFINE([SKEY], [1], [Define if you want S/Key support]) - LIBS="-lskey $LIBS" - SKEY_MSG="yes" - - AC_MSG_CHECKING([for s/key support]) - AC_LINK_IFELSE( - [AC_LANG_PROGRAM([[ -#include -#include - ]], [[ - char *ff = skey_keyinfo(""); ff=""; - exit(0); - ]])], - [AC_MSG_RESULT([yes])], - [ - AC_MSG_RESULT([no]) - AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) - ]) - AC_MSG_CHECKING([if skeychallenge takes 4 arguments]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include -#include - ]], [[ - (void)skeychallenge(NULL,"name","",0); - ]])], - [ - AC_MSG_RESULT([yes]) - AC_DEFINE([SKEYCHALLENGE_4ARG], [1], - [Define if your skeychallenge() - function takes 4 arguments (NetBSD)])], - [ - AC_MSG_RESULT([no]) - ]) - fi - ] -) - # Check whether user wants to use ldns LDNS_MSG="no" AC_ARG_WITH(ldns, @@ -1778,6 +1738,7 @@ AC_CHECK_FUNCS([ \ getaddrinfo \ getcwd \ getgrouplist \ + getline \ getnameinfo \ getopt \ getpagesize \ @@ -1786,6 +1747,7 @@ AC_CHECK_FUNCS([ \ getpgid \ _getpty \ getrlimit \ + getrandom \ getsid \ getttyent \ glob \ @@ -3005,7 +2967,7 @@ LIBS="$saved_LIBS" ### Configure cryptographic random number support -# Check wheter OpenSSL seeds itself +# Check whether OpenSSL seeds itself if test "x$openssl" = "xyes" ; then AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) AC_RUN_IFELSE( @@ -3904,7 +3866,7 @@ fi AC_CHECK_TYPES([struct timespec]) -# We need int64_t or else certian parts of the compile will fail. +# We need int64_t or else certain parts of the compile will fail. if test "x$ac_cv_have_int64_t" = "xno" && \ test "x$ac_cv_sizeof_long_int" != "x8" && \ test "x$ac_cv_sizeof_long_long_int" = "x0" ; then @@ -5215,7 +5177,6 @@ echo " PAM support: $PAM_MSG" echo " OSF SIA support: $SIA_MSG" echo " KerberosV support: $KRB5_MSG" echo " SELinux support: $SELINUX_MSG" -echo " S/KEY support: $SKEY_MSG" echo " MD5 password support: $MD5_MSG" echo " libedit support: $LIBEDIT_MSG" echo " libldns support: $LDNS_MSG" diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh index 00b384dc7a6..55113d9d38d 100755 --- a/contrib/aix/buildbff.sh +++ b/contrib/aix/buildbff.sh @@ -240,21 +240,7 @@ echo # Generate keys unless they already exist echo Creating host keys if required. -if [ -f "$sysconfdir/ssh_host_key" ] ; then - echo "$sysconfdir/ssh_host_key already exists, skipping." -else - $bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N "" -fi -if [ -f $sysconfdir/ssh_host_dsa_key ] ; then - echo "$sysconfdir/ssh_host_dsa_key already exists, skipping." -else - $bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N "" -fi -if [ -f $sysconfdir/ssh_host_rsa_key ] ; then - echo "$sysconfdir/ssh_host_rsa_key already exists, skipping." -else - $bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N "" -fi +$bindir/ssh-keygen -A echo # Set startup command depending on SRC support diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index db6aaa08a03..261020af33e 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config @@ -22,7 +22,7 @@ CSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh -# List of apps used. This is checkad for existance in csih_sanity_check +# List of apps used. This is checkad for existence in csih_sanity_check # Don't use *any* transient commands before sourcing the csih helper script, # otherwise the sanity checks are short-circuited. declare -a csih_required_commands=( diff --git a/contrib/cygwin/ssh-user-config b/contrib/cygwin/ssh-user-config index 33dc0cbea45..6fa4bb3eac4 100644 --- a/contrib/cygwin/ssh-user-config +++ b/contrib/cygwin/ssh-user-config @@ -127,7 +127,7 @@ readonly -f check_user_homedir check_user_dot_ssh_dir() { if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ] then - csih_error "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files." + csih_error "${pwdhome}/.ssh is existent but not a directory. Cannot create user identity files." fi if [ ! -e "${pwdhome}/.ssh" ] diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index a0d5e207102..8e9594d9c72 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%define ver 7.7p1 +%define ver 7.8p1 %define rel 1%{?dist} # OpenSSH privilege separation requires a user & group ID diff --git a/contrib/solaris/README b/contrib/solaris/README index fefdd4b538e..cabecaa1a5c 100755 --- a/contrib/solaris/README +++ b/contrib/solaris/README @@ -5,7 +5,7 @@ SVR4 style package tools. The build process is called a 'dummy install'.. Which means the software does a "make install-nokeys DESTDIR=[fakeroot]". This way all manpages should -be handled correctly and key are defered until the first time the sshd +be handled correctly and key are deferred until the first time the sshd is started. Directions: diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index d9c4298f1c5..9a1168f01bd 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 7.7p1 +Version: 7.8p1 URL: https://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz @@ -56,7 +56,7 @@ arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all -patented algorithms to seperate libraries (OpenSSL). +patented algorithms to separate libraries (OpenSSL). This package includes all files necessary for both the OpenSSH client and server. @@ -70,7 +70,7 @@ arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all -patented algorithms to seperate libraries (OpenSSL). +patented algorithms to separate libraries (OpenSSL). This package contains an X Window System passphrase dialog for OpenSSH. diff --git a/defines.h b/defines.h index 3fa5ec5a9b1..8f4213062a9 100644 --- a/defines.h +++ b/defines.h @@ -660,12 +660,6 @@ struct winsize { # define krb5_get_err_text(context,code) error_message(code) #endif -#if defined(SKEYCHALLENGE_4ARG) -# define _compat_skeychallenge(a,b,c,d) skeychallenge(a,b,c,d) -#else -# define _compat_skeychallenge(a,b,c,d) skeychallenge(a,b,c) -#endif - /* Maximum number of file descriptors available */ #ifdef HAVE_SYSCONF # define SSH_SYSFDMAX sysconf(_SC_OPEN_MAX) diff --git a/dh.c b/dh.c index 46afba03369..ac8d5a0ae67 100644 --- a/dh.c +++ b/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.63 2018/02/07 02:06:50 jsing Exp $ */ +/* $OpenBSD: dh.c,v 1.66 2018/08/04 00:55:06 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -145,9 +145,9 @@ DH * choose_dh(int min, int wantbits, int max) { FILE *f; - char line[4096]; - int best, bestcount, which; - int linenum; + char *line = NULL; + size_t linesize = 0; + int best, bestcount, which, linenum; struct dhgroup dhg; if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL) { @@ -158,7 +158,7 @@ choose_dh(int min, int wantbits, int max) linenum = 0; best = bestcount = 0; - while (fgets(line, sizeof(line), f)) { + while (getline(&line, &linesize, f) != -1) { linenum++; if (!parse_prime(linenum, line, &dhg)) continue; @@ -176,6 +176,9 @@ choose_dh(int min, int wantbits, int max) if (dhg.size == best) bestcount++; } + free(line); + line = NULL; + linesize = 0; rewind(f); if (bestcount == 0) { @@ -186,7 +189,7 @@ choose_dh(int min, int wantbits, int max) linenum = 0; which = arc4random_uniform(bestcount); - while (fgets(line, sizeof(line), f)) { + while (getline(&line, &linesize, f) != -1) { if (!parse_prime(linenum, line, &dhg)) continue; if ((dhg.size > max || dhg.size < min) || @@ -198,6 +201,8 @@ choose_dh(int min, int wantbits, int max) } break; } + free(line); + line = NULL; fclose(f); if (linenum != which+1) { logit("WARNING: line %d disappeared in %s, giving up", @@ -274,6 +279,7 @@ dh_gen_key(DH *dh, int need) if (DH_generate_key(dh) == 0 || !dh_pub_is_valid(dh, dh->pub_key)) { BN_clear_free(dh->priv_key); + dh->priv_key = NULL; return SSH_ERR_LIBCRYPTO_ERROR; } return 0; diff --git a/entropy.c b/entropy.c index 14b98f18891..c178c00cf61 100644 --- a/entropy.c +++ b/entropy.c @@ -53,7 +53,8 @@ #include "atomicio.h" #include "pathnames.h" #include "log.h" -#include "buffer.h" +#include "sshbuf.h" +#include "ssherr.h" /* * Portable OpenSSH PRNG seeding: @@ -181,29 +182,34 @@ seed_from_prngd(unsigned char *buf, size_t bytes) } void -rexec_send_rng_seed(Buffer *m) +rexec_send_rng_seed(struct sshbuf *m) { u_char buf[RANDOM_SEED_SIZE]; + size_t len = sizeof(buf); + int r; if (RAND_bytes(buf, sizeof(buf)) <= 0) { error("Couldn't obtain random bytes (error %ld)", ERR_get_error()); - buffer_put_string(m, "", 0); - } else - buffer_put_string(m, buf, sizeof(buf)); + len = 0; + } + if ((r = sshbuf_put_string(m, buf, len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + explicit_bzero(buf, sizeof(buf)); } void -rexec_recv_rng_seed(Buffer *m) +rexec_recv_rng_seed(struct sshbuf *m) { - u_char *buf; - u_int len; + u_char *buf = NULL; + size_t len = 0; + int r; - buf = buffer_get_string_ret(m, &len); - if (buf != NULL) { - debug3("rexec_recv_rng_seed: seeding rng with %u bytes", len); - RAND_add(buf, len, len); - } + if ((r = sshbuf_get_string_direct(m, &buf, &len)) != 0 + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + + debug3("rexec_recv_rng_seed: seeding rng with %u bytes", len); + RAND_add(buf, len, len); } #endif /* OPENSSL_PRNG_ONLY */ diff --git a/entropy.h b/entropy.h index 9d5285b2905..870164d30e9 100644 --- a/entropy.h +++ b/entropy.h @@ -25,11 +25,10 @@ #ifndef _RANDOMS_H #define _RANDOMS_H -#include "buffer.h" +struct sshbuf; void seed_rng(void); - -void rexec_send_rng_seed(Buffer *); -void rexec_recv_rng_seed(Buffer *); +void rexec_send_rng_seed(struct sshbuf *); +void rexec_recv_rng_seed(struct sshbuf *); #endif /* _RANDOMS_H */ diff --git a/gss-genr.c b/gss-genr.c index 62559ed9ec4..d56257b4a9f 100644 --- a/gss-genr.c +++ b/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.24 2016/09/12 01:22:38 deraadt Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.26 2018/07/10 09:13:30 djm Exp $ */ /* * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. @@ -37,7 +37,8 @@ #include #include "xmalloc.h" -#include "buffer.h" +#include "ssherr.h" +#include "sshbuf.h" #include "log.h" #include "ssh2.h" @@ -46,6 +47,21 @@ extern u_char *session_id2; extern u_int session_id2_len; +/* sshbuf_get for gss_buffer_desc */ +int +ssh_gssapi_get_buffer_desc(struct sshbuf *b, gss_buffer_desc *g) +{ + int r; + u_char *p; + size_t len; + + if ((r = sshbuf_get_string(b, &p, &len)) != 0) + return r; + g->value = p; + g->length = len; + return 0; +} + /* Check that the OID in a data stream matches that in the context */ int ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len) @@ -94,10 +110,12 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status, OM_uint32 lmin; gss_buffer_desc msg = GSS_C_EMPTY_BUFFER; OM_uint32 ctx; - Buffer b; + struct sshbuf *b; char *ret; + int r; - buffer_init(&b); + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); if (major_status != NULL) *major_status = ctxt->major; @@ -110,8 +128,9 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status, gss_display_status(&lmin, ctxt->major, GSS_C_GSS_CODE, ctxt->oid, &ctx, &msg); - buffer_append(&b, msg.value, msg.length); - buffer_put_char(&b, '\n'); + if ((r = sshbuf_put(b, msg.value, msg.length)) != 0 || + (r = sshbuf_put_u8(b, '\n')) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); gss_release_buffer(&lmin, &msg); } while (ctx != 0); @@ -121,16 +140,17 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status, gss_display_status(&lmin, ctxt->minor, GSS_C_MECH_CODE, ctxt->oid, &ctx, &msg); - buffer_append(&b, msg.value, msg.length); - buffer_put_char(&b, '\n'); + if ((r = sshbuf_put(b, msg.value, msg.length)) != 0 || + (r = sshbuf_put_u8(b, '\n')) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); gss_release_buffer(&lmin, &msg); } while (ctx != 0); - buffer_put_char(&b, '\0'); - ret = xmalloc(buffer_len(&b)); - buffer_get(&b, ret, buffer_len(&b)); - buffer_free(&b); + if ((r = sshbuf_put_u8(b, '\n')) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + ret = xstrdup((const char *)sshbuf_ptr(b)); + sshbuf_free(b); return (ret); } @@ -238,15 +258,18 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash) } void -ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service, +ssh_gssapi_buildmic(struct sshbuf *b, const char *user, const char *service, const char *context) { - buffer_init(b); - buffer_put_string(b, session_id2, session_id2_len); - buffer_put_char(b, SSH2_MSG_USERAUTH_REQUEST); - buffer_put_cstring(b, user); - buffer_put_cstring(b, service); - buffer_put_cstring(b, context); + int r; + + sshbuf_reset(b); + if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 || + (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || + (r = sshbuf_put_cstring(b, user)) != 0 || + (r = sshbuf_put_cstring(b, service)) != 0 || + (r = sshbuf_put_cstring(b, context)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } int diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index 795992d9f7d..a151bc1e4ad 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv-krb5.c,v 1.8 2013/07/20 01:55:13 djm Exp $ */ +/* $OpenBSD: gss-serv-krb5.c,v 1.9 2018/07/09 21:37:55 markus Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -35,14 +35,13 @@ #include #include "xmalloc.h" -#include "key.h" +#include "sshkey.h" #include "hostfile.h" #include "auth.h" #include "log.h" #include "misc.h" #include "servconf.h" -#include "buffer.h" #include "ssh-gss.h" extern ServerOptions options; diff --git a/gss-serv.c b/gss-serv.c index 6cae720e5d9..ab3a15f0f1d 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.30 2017/06/24 06:34:38 djm Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.31 2018/07/09 21:37:55 markus Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -36,8 +36,7 @@ #include "openbsd-compat/sys-queue.h" #include "xmalloc.h" -#include "buffer.h" -#include "key.h" +#include "sshkey.h" #include "hostfile.h" #include "auth.h" #include "log.h" diff --git a/hostfile.c b/hostfile.c index 12f174ff97b..e1f826bddc9 100644 --- a/hostfile.c +++ b/hostfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.71 2017/05/31 09:15:42 deraadt Exp $ */ +/* $OpenBSD: hostfile.c,v 1.73 2018/07/16 03:09:13 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -663,14 +663,14 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx, const char *host, const char *ip, u_int options) { FILE *f; - char line[8192], oline[8192], ktype[128]; + char *line = NULL, ktype[128]; u_long linenum = 0; char *cp, *cp2; u_int kbits; int hashed; int s, r = 0; struct hostkey_foreach_line lineinfo; - size_t l; + size_t linesize = 0, l; memset(&lineinfo, 0, sizeof(lineinfo)); if (host == NULL && (options & HKF_WANT_MATCH) != 0) @@ -679,15 +679,16 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx, return SSH_ERR_SYSTEM_ERROR; debug3("%s: reading file \"%s\"", __func__, path); - while (read_keyfile_line(f, path, line, sizeof(line), &linenum) == 0) { + while (getline(&line, &linesize, f) != -1) { + linenum++; line[strcspn(line, "\n")] = '\0'; - strlcpy(oline, line, sizeof(oline)); + free(lineinfo.line); sshkey_free(lineinfo.key); memset(&lineinfo, 0, sizeof(lineinfo)); lineinfo.path = path; lineinfo.linenum = linenum; - lineinfo.line = oline; + lineinfo.line = xstrdup(line); lineinfo.marker = MRK_NONE; lineinfo.status = HKF_STATUS_OK; lineinfo.keytype = KEY_UNSPEC; @@ -826,6 +827,8 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx, break; } sshkey_free(lineinfo.key); + free(lineinfo.line); + free(line); fclose(f); return r; } diff --git a/kex.c b/kex.c index 15ea28b07f5..25f9f66f69a 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.136 2018/02/07 02:06:50 jsing Exp $ */ +/* $OpenBSD: kex.c,v 1.141 2018/07/09 13:37:10 sf Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -174,7 +174,7 @@ kex_names_cat(const char *a, const char *b) size_t len; if (a == NULL || *a == '\0') - return NULL; + return strdup(b); if (b == NULL || *b == '\0') return strdup(a); if (strlen(b) > 1024*1024) @@ -209,27 +209,88 @@ kex_names_cat(const char *a, const char *b) * specified names should be removed. */ int -kex_assemble_names(const char *def, char **list) +kex_assemble_names(char **listp, const char *def, const char *all) { - char *ret; + char *cp, *tmp, *patterns; + char *list = NULL, *ret = NULL, *matching = NULL, *opatterns = NULL; + int r = SSH_ERR_INTERNAL_ERROR; - if (list == NULL || *list == NULL || **list == '\0') { - *list = strdup(def); + if (listp == NULL || *listp == NULL || **listp == '\0') { + if ((*listp = strdup(def)) == NULL) + return SSH_ERR_ALLOC_FAIL; return 0; } - if (**list == '+') { - if ((ret = kex_names_cat(def, *list + 1)) == NULL) - return SSH_ERR_ALLOC_FAIL; - free(*list); - *list = ret; - } else if (**list == '-') { - if ((ret = match_filter_list(def, *list + 1)) == NULL) - return SSH_ERR_ALLOC_FAIL; - free(*list); - *list = ret; + + list = *listp; + *listp = NULL; + if (*list == '+') { + /* Append names to default list */ + if ((tmp = kex_names_cat(def, list + 1)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto fail; + } + free(list); + list = tmp; + } else if (*list == '-') { + /* Remove names from default list */ + if ((*listp = match_filter_blacklist(def, list + 1)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto fail; + } + free(list); + /* filtering has already been done */ + return 0; + } else { + /* Explicit list, overrides default - just use "list" as is */ } - return 0; + /* + * The supplied names may be a pattern-list. For the -list case, + * the patterns are applied above. For the +list and explicit list + * cases we need to do it now. + */ + ret = NULL; + if ((patterns = opatterns = strdup(list)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto fail; + } + /* Apply positive (i.e. non-negated) patterns from the list */ + while ((cp = strsep(&patterns, ",")) != NULL) { + if (*cp == '!') { + /* negated matches are not supported here */ + r = SSH_ERR_INVALID_ARGUMENT; + goto fail; + } + free(matching); + if ((matching = match_filter_whitelist(all, cp)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto fail; + } + if ((tmp = kex_names_cat(ret, matching)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto fail; + } + free(ret); + ret = tmp; + } + if (ret == NULL || *ret == '\0') { + /* An empty name-list is an error */ + /* XXX better error code? */ + r = SSH_ERR_INVALID_ARGUMENT; + goto fail; + } + + /* success */ + *listp = ret; + ret = NULL; + r = 0; + + fail: + free(matching); + free(opatterns); + free(list); + free(ret); + return r; } /* put algorithm proposal into buffer */ @@ -342,6 +403,7 @@ kex_send_ext_info(struct ssh *ssh) if ((algs = sshkey_alg_list(0, 1, 1, ',')) == NULL) return SSH_ERR_ALLOC_FAIL; + /* XXX filter algs list by allowed pubkey/hostbased types */ if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 || (r = sshpkt_put_u32(ssh, 1)) != 0 || (r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 || @@ -378,7 +440,7 @@ kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh) { struct kex *kex = ssh->kex; u_int32_t i, ninfo; - char *name, *found; + char *name; u_char *val; size_t vlen; int r; @@ -401,16 +463,8 @@ kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh) return SSH_ERR_INVALID_FORMAT; } debug("%s: %s=<%s>", __func__, name, val); - found = match_list("rsa-sha2-256", val, NULL); - if (found) { - kex->rsa_sha2 = 256; - free(found); - } - found = match_list("rsa-sha2-512", val, NULL); - if (found) { - kex->rsa_sha2 = 512; - free(found); - } + kex->server_sig_algs = val; + val = NULL; } else debug("%s: %s (unrecognised)", __func__, name); free(name); diff --git a/kex.h b/kex.h index 01bb3986abf..593de120836 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.83 2017/05/30 14:23:52 markus Exp $ */ +/* $OpenBSD: kex.h,v 1.91 2018/07/11 18:53:29 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -27,8 +27,6 @@ #define KEX_H #include "mac.h" -#include "buffer.h" /* XXX for typedef */ -#include "key.h" /* XXX for typedef */ #ifdef WITH_LEAKMALLOC #include "leakmalloc.h" @@ -43,6 +41,8 @@ # define EC_POINT void # endif /* OPENSSL_HAS_ECC */ #else /* WITH_OPENSSL */ +# define DH void +# define BIGNUM void # define EC_KEY void # define EC_GROUP void # define EC_POINT void @@ -64,6 +64,7 @@ #define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org" #define COMP_NONE 0 +/* pre-auth compression (COMP_ZLIB) is only supported in the client */ #define COMP_ZLIB 1 #define COMP_DELAYED 2 @@ -139,7 +140,7 @@ struct kex { int hostkey_type; int hostkey_nid; u_int kex_type; - int rsa_sha2; + char *server_sig_algs; int ext_info_c; struct sshbuf *my; struct sshbuf *peer; @@ -169,7 +170,7 @@ struct kex { int kex_names_valid(const char *); char *kex_alg_list(char); char *kex_names_cat(const char *, const char *); -int kex_assemble_names(const char *, char **); +int kex_assemble_names(char **, const char *, const char *); int kex_new(struct ssh *, char *[PROPOSAL_MAX], struct kex **); int kex_setup(struct ssh *, char *[PROPOSAL_MAX]); diff --git a/kexdhs.c b/kexdhs.c index da8f4c439fb..5dfca0a240f 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.26 2018/02/07 02:06:51 jsing Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.27 2018/04/10 00:10:49 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -194,7 +194,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh) /* destroy_sensitive_data(); */ - /* send server hostkey, DH pubkey 'f' and singed H */ + /* send server hostkey, DH pubkey 'f' and signed H */ if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 || (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ diff --git a/kexgexs.c b/kexgexs.c index d7b48ea8880..f6983fd6910 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.32 2018/02/07 02:06:51 jsing Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.33 2018/04/10 00:10:49 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -224,7 +224,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) /* destroy_sensitive_data(); */ - /* send server hostkey, DH pubkey 'f' and singed H */ + /* send server hostkey, DH pubkey 'f' and signed H */ if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 || (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ diff --git a/key.c b/key.c deleted file mode 100644 index a05fdd3c07c..00000000000 --- a/key.c +++ /dev/null @@ -1,236 +0,0 @@ -/* $OpenBSD: key.c,v 1.132 2017/12/18 02:25:15 djm Exp $ */ -/* - * placed in the public domain - */ - -#include "includes.h" - -#include -#include -#include -#include -#include - -#define SSH_KEY_NO_DEFINE -#include "key.h" - -#include "compat.h" -#include "sshkey.h" -#include "ssherr.h" -#include "log.h" -#include "authfile.h" - -static void -fatal_on_fatal_errors(int r, const char *func, int extra_fatal) -{ - if (r == SSH_ERR_INTERNAL_ERROR || - r == SSH_ERR_ALLOC_FAIL || - (extra_fatal != 0 && r == extra_fatal)) - fatal("%s: %s", func, ssh_err(r)); -} - -Key * -key_from_blob(const u_char *blob, u_int blen) -{ - int r; - Key *ret = NULL; - - if ((r = sshkey_from_blob(blob, blen, &ret)) != 0) { - fatal_on_fatal_errors(r, __func__, 0); - error("%s: %s", __func__, ssh_err(r)); - return NULL; - } - return ret; -} - -int -key_to_blob(const Key *key, u_char **blobp, u_int *lenp) -{ - u_char *blob; - size_t blen; - int r; - - if (blobp != NULL) - *blobp = NULL; - if (lenp != NULL) - *lenp = 0; - if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) { - fatal_on_fatal_errors(r, __func__, 0); - error("%s: %s", __func__, ssh_err(r)); - return 0; - } - if (blen > INT_MAX) - fatal("%s: giant len %zu", __func__, blen); - if (blobp != NULL) - *blobp = blob; - if (lenp != NULL) - *lenp = blen; - return blen; -} - -int -key_sign(const Key *key, u_char **sigp, u_int *lenp, - const u_char *data, u_int datalen, const char *alg) -{ - int r; - u_char *sig; - size_t siglen; - - if (sigp != NULL) - *sigp = NULL; - if (lenp != NULL) - *lenp = 0; - if ((r = sshkey_sign(key, &sig, &siglen, - data, datalen, alg, datafellows)) != 0) { - fatal_on_fatal_errors(r, __func__, 0); - error("%s: %s", __func__, ssh_err(r)); - return -1; - } - if (siglen > INT_MAX) - fatal("%s: giant len %zu", __func__, siglen); - if (sigp != NULL) - *sigp = sig; - if (lenp != NULL) - *lenp = siglen; - return 0; -} - -Key * -key_demote(const Key *k) -{ - int r; - Key *ret = NULL; - - if ((r = sshkey_demote(k, &ret)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); - return ret; -} - -int -key_drop_cert(Key *k) -{ - int r; - - if ((r = sshkey_drop_cert(k)) != 0) { - fatal_on_fatal_errors(r, __func__, 0); - error("%s: %s", __func__, ssh_err(r)); - return -1; - } - return 0; -} - -int -key_cert_check_authority(const Key *k, int want_host, int require_principal, - const char *name, const char **reason) -{ - int r; - - if ((r = sshkey_cert_check_authority(k, want_host, require_principal, - name, reason)) != 0) { - fatal_on_fatal_errors(r, __func__, 0); - error("%s: %s", __func__, ssh_err(r)); - return -1; - } - return 0; -} - -/* authfile.c */ - -Key * -key_load_cert(const char *filename) -{ - int r; - Key *ret = NULL; - - if ((r = sshkey_load_cert(filename, &ret)) != 0) { - fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); - /* Old authfile.c ignored all file errors. */ - if (r == SSH_ERR_SYSTEM_ERROR) - debug("%s: %s", __func__, ssh_err(r)); - else - error("%s: %s", __func__, ssh_err(r)); - return NULL; - } - return ret; - -} - -Key * -key_load_public(const char *filename, char **commentp) -{ - int r; - Key *ret = NULL; - - if ((r = sshkey_load_public(filename, &ret, commentp)) != 0) { - fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); - /* Old authfile.c ignored all file errors. */ - if (r == SSH_ERR_SYSTEM_ERROR) - debug("%s: %s", __func__, ssh_err(r)); - else - error("%s: %s", __func__, ssh_err(r)); - return NULL; - } - return ret; -} - -Key * -key_load_private(const char *path, const char *passphrase, - char **commentp) -{ - int r; - Key *ret = NULL; - - if ((r = sshkey_load_private(path, passphrase, &ret, commentp)) != 0) { - fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); - /* Old authfile.c ignored all file errors. */ - if (r == SSH_ERR_SYSTEM_ERROR || - r == SSH_ERR_KEY_WRONG_PASSPHRASE) - debug("%s: %s", __func__, ssh_err(r)); - else - error("%s: %s", __func__, ssh_err(r)); - return NULL; - } - return ret; -} - -Key * -key_load_private_cert(int type, const char *filename, const char *passphrase, - int *perm_ok) -{ - int r; - Key *ret = NULL; - - if ((r = sshkey_load_private_cert(type, filename, passphrase, - &ret, perm_ok)) != 0) { - fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); - /* Old authfile.c ignored all file errors. */ - if (r == SSH_ERR_SYSTEM_ERROR || - r == SSH_ERR_KEY_WRONG_PASSPHRASE) - debug("%s: %s", __func__, ssh_err(r)); - else - error("%s: %s", __func__, ssh_err(r)); - return NULL; - } - return ret; -} - -Key * -key_load_private_type(int type, const char *filename, const char *passphrase, - char **commentp, int *perm_ok) -{ - int r; - Key *ret = NULL; - - if ((r = sshkey_load_private_type(type, filename, passphrase, - &ret, commentp, perm_ok)) != 0) { - fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR); - /* Old authfile.c ignored all file errors. */ - if (r == SSH_ERR_SYSTEM_ERROR || - (r == SSH_ERR_KEY_WRONG_PASSPHRASE)) - debug("%s: %s", __func__, ssh_err(r)); - else - error("%s: %s", __func__, ssh_err(r)); - return NULL; - } - return ret; -} diff --git a/key.h b/key.h deleted file mode 100644 index fd59cbf544d..00000000000 --- a/key.h +++ /dev/null @@ -1,69 +0,0 @@ -/* $OpenBSD: key.h,v 1.52 2017/12/18 02:25:15 djm Exp $ */ - -/* - * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef KEY_H -#define KEY_H - -#include "sshkey.h" - -typedef struct sshkey Key; - -#define types sshkey_types -#define fp_type sshkey_fp_type -#define fp_rep sshkey_fp_rep - -#ifndef SSH_KEY_NO_DEFINE -#define key_free sshkey_free -#define key_equal_public sshkey_equal_public -#define key_equal sshkey_equal -#define key_type sshkey_type -#define key_ssh_name sshkey_ssh_name -#define key_ssh_name_plain sshkey_ssh_name_plain -#define key_type_from_name sshkey_type_from_name -#define key_is_cert sshkey_is_cert -#define key_type_plain sshkey_type_plain -#endif - -void key_free(Key *); -Key *key_demote(const Key *); - -int key_drop_cert(Key *); -int key_cert_check_authority(const Key *, int, int, const char *, - const char **); - -Key *key_from_blob(const u_char *, u_int); -int key_to_blob(const Key *, u_char **, u_int *); - -int key_sign(const Key *, u_char **, u_int *, const u_char *, u_int, - const char *); - -/* authfile.c */ -Key *key_load_cert(const char *); -Key *key_load_public(const char *, char **); -Key *key_load_private(const char *, const char *, char **); -Key *key_load_private_cert(int, const char *, const char *, int *); -Key *key_load_private_type(int, const char *, const char *, char **, int *); - -#endif diff --git a/log.c b/log.c index 99450dd125c..d9c2d136cc6 100644 --- a/log.c +++ b/log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: log.c,v 1.50 2017/05/17 01:24:17 djm Exp $ */ +/* $OpenBSD: log.c,v 1.51 2018/07/27 12:03:17 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -105,6 +105,12 @@ static struct { { NULL, SYSLOG_LEVEL_NOT_SET } }; +LogLevel +log_level_get(void) +{ + return log_level; +} + SyslogFacility log_facility_number(char *name) { diff --git a/log.h b/log.h index 78221046c26..ef7bea7e1aa 100644 --- a/log.h +++ b/log.h @@ -1,4 +1,4 @@ -/* $OpenBSD: log.h,v 1.22 2017/05/17 01:24:17 djm Exp $ */ +/* $OpenBSD: log.h,v 1.23 2018/07/27 12:03:17 markus Exp $ */ /* * Author: Tatu Ylonen @@ -49,6 +49,7 @@ typedef enum { typedef void (log_handler_fn)(LogLevel, const char *, void *); void log_init(char *, LogLevel, SyslogFacility, int); +LogLevel log_level_get(void); int log_change_level(LogLevel); int log_is_on_stderr(void); void log_redirect_stderr_to(const char *); diff --git a/loginrec.c b/loginrec.c index bdbc9bbf44f..9a427dec412 100644 --- a/loginrec.c +++ b/loginrec.c @@ -168,7 +168,7 @@ #include #include "xmalloc.h" -#include "key.h" +#include "sshkey.h" #include "hostfile.h" #include "ssh.h" #include "loginrec.h" @@ -177,7 +177,8 @@ #include "packet.h" #include "canohost.h" #include "auth.h" -#include "buffer.h" +#include "sshbuf.h" +#include "ssherr.h" #ifdef HAVE_UTIL_H # include @@ -210,7 +211,7 @@ int utmpx_get_entry(struct logininfo *li); int wtmp_get_entry(struct logininfo *li); int wtmpx_get_entry(struct logininfo *li); -extern Buffer loginmsg; +extern struct sshbuf *loginmsg; /* pick the shortest string */ #define MIN_SIZEOF(s1,s2) (sizeof(s1) < sizeof(s2) ? sizeof(s1) : sizeof(s2)) diff --git a/match.c b/match.c index 3cf40306b02..bb3e95f678c 100644 --- a/match.c +++ b/match.c @@ -1,4 +1,4 @@ -/* $OpenBSD: match.c,v 1.37 2017/03/10 04:24:55 djm Exp $ */ +/* $OpenBSD: match.c,v 1.38 2018/07/04 13:49:31 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -294,16 +294,20 @@ match_list(const char *client, const char *server, u_int *next) } /* - * Filters a comma-separated list of strings, excluding any entry matching - * the 'filter' pattern list. Caller must free returned string. + * Filter proposal using pattern-list filter. + * "blacklist" determines sense of filter: + * non-zero indicates that items matching filter should be excluded. + * zero indicates that only items matching filter should be included. + * returns NULL on allocation error, otherwise caller must free result. */ -char * -match_filter_list(const char *proposal, const char *filter) +static char * +filter_list(const char *proposal, const char *filter, int blacklist) { size_t len = strlen(proposal) + 1; char *fix_prop = malloc(len); char *orig_prop = strdup(proposal); char *cp, *tmp; + int r; if (fix_prop == NULL || orig_prop == NULL) { free(orig_prop); @@ -314,7 +318,8 @@ match_filter_list(const char *proposal, const char *filter) tmp = orig_prop; *fix_prop = '\0'; while ((cp = strsep(&tmp, ",")) != NULL) { - if (match_pattern_list(cp, filter, 0) != 1) { + r = match_pattern_list(cp, filter, 0); + if ((blacklist && r != 1) || (!blacklist && r == 1)) { if (*fix_prop != '\0') strlcat(fix_prop, ",", len); strlcat(fix_prop, cp, len); @@ -324,3 +329,22 @@ match_filter_list(const char *proposal, const char *filter) return fix_prop; } +/* + * Filters a comma-separated list of strings, excluding any entry matching + * the 'filter' pattern list. Caller must free returned string. + */ +char * +match_filter_blacklist(const char *proposal, const char *filter) +{ + return filter_list(proposal, filter, 1); +} + +/* + * Filters a comma-separated list of strings, including only entries matching + * the 'filter' pattern list. Caller must free returned string. + */ +char * +match_filter_whitelist(const char *proposal, const char *filter) +{ + return filter_list(proposal, filter, 0); +} diff --git a/match.h b/match.h index 937ba041277..852b1a5cb16 100644 --- a/match.h +++ b/match.h @@ -1,4 +1,4 @@ -/* $OpenBSD: match.h,v 1.17 2017/02/03 23:01:19 djm Exp $ */ +/* $OpenBSD: match.h,v 1.18 2018/07/04 13:49:31 djm Exp $ */ /* * Author: Tatu Ylonen @@ -20,7 +20,8 @@ int match_hostname(const char *, const char *); int match_host_and_ip(const char *, const char *, const char *); int match_user(const char *, const char *, const char *, const char *); char *match_list(const char *, const char *, u_int *); -char *match_filter_list(const char *, const char *); +char *match_filter_blacklist(const char *, const char *); +char *match_filter_whitelist(const char *, const char *); /* addrmatch.c */ int addr_match_list(const char *, const char *); diff --git a/misc.c b/misc.c index 874dcc8a234..ae4d29b84c2 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.127 2018/03/12 00:52:01 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.131 2018/07/27 05:13:02 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -69,7 +69,6 @@ #include "ssh.h" #include "sshbuf.h" #include "ssherr.h" -#include "uidswap.h" #include "platform.h" /* remove newline at end of string */ @@ -239,8 +238,8 @@ set_rdomain(int fd, const char *name) #define QUOTE "\"" /* return next token in configuration line */ -char * -strdelim(char **s) +static char * +strdelim_internal(char **s, int split_equals) { char *old; int wspace = 0; @@ -250,7 +249,8 @@ strdelim(char **s) old = *s; - *s = strpbrk(*s, WHITESPACE QUOTE "="); + *s = strpbrk(*s, + split_equals ? WHITESPACE QUOTE "=" : WHITESPACE QUOTE); if (*s == NULL) return (old); @@ -267,18 +267,37 @@ strdelim(char **s) } /* Allow only one '=' to be skipped */ - if (*s[0] == '=') + if (split_equals && *s[0] == '=') wspace = 1; *s[0] = '\0'; /* Skip any extra whitespace after first token */ *s += strspn(*s + 1, WHITESPACE) + 1; - if (*s[0] == '=' && !wspace) + if (split_equals && *s[0] == '=' && !wspace) *s += strspn(*s + 1, WHITESPACE) + 1; return (old); } +/* + * Return next token in configuration line; splts on whitespace or a + * single '=' character. + */ +char * +strdelim(char **s) +{ + return strdelim_internal(s, 1); +} + +/* + * Return next token in configuration line; splts on whitespace only. + */ +char * +strdelimw(char **s) +{ + return strdelim_internal(s, 0); +} + struct passwd * pwcopy(struct passwd *pw) { @@ -1005,31 +1024,6 @@ percent_expand(const char *string, ...) #undef EXPAND_MAX_KEYS } -/* - * Read an entire line from a public key file into a static buffer, discarding - * lines that exceed the buffer size. Returns 0 on success, -1 on failure. - */ -int -read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, - u_long *lineno) -{ - while (fgets(buf, bufsz, f) != NULL) { - if (buf[0] == '\0') - continue; - (*lineno)++; - if (buf[strlen(buf) - 1] == '\n' || feof(f)) { - return 0; - } else { - debug("%s: %s line %lu exceeds size limit", __func__, - filename, *lineno); - /* discard remainder of line */ - while (fgetc(f) != '\n' && !feof(f)) - ; /* nothing */ - } - } - return -1; -} - int tun_open(int tun, int mode, char **ifname) { @@ -1582,15 +1576,6 @@ forward_equals(const struct Forward *a, const struct Forward *b) return 1; } -/* returns 1 if bind to specified port by specified user is permitted */ -int -bind_permitted(int port, uid_t uid) -{ - if (port < IPPORT_RESERVED && uid != 0) - return 0; - return 1; -} - /* returns 1 if process is already daemonized, 0 otherwise */ int daemonized(void) diff --git a/misc.h b/misc.h index cdafea73598..6be289fd275 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.71 2018/03/12 00:52:01 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.74 2018/07/27 05:13:02 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -31,7 +31,6 @@ struct Forward { }; int forward_equals(const struct Forward *, const struct Forward *); -int bind_permitted(int, uid_t); int daemonized(void); /* Common server and client forwarding options. */ @@ -45,6 +44,7 @@ struct ForwardOptions { char *chop(char *); char *strdelim(char **); +char *strdelimw(char **); int set_nonblock(int); int unset_nonblock(int); void set_nodelay(int); @@ -166,7 +166,6 @@ int safe_path_fd(int, const char *, struct passwd *, char *read_passphrase(const char *, int); int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); -int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); #define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) #define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b)) diff --git a/moduli b/moduli index cf28bd36bde..780b2b97569 100644 --- a/moduli +++ b/moduli @@ -1,407 +1,438 @@ -# $OpenBSD: moduli,v 1.20 2017/11/29 05:49:54 dtucker Exp $ +# $OpenBSD: moduli,v 1.21 2018/04/03 02:14:08 dtucker Exp $ # Time Type Tests Tries Size Generator Modulus -20170623034823 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EAE4E76CB -20170623034906 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EAEB63283 -20170623034928 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EAEE49C27 -20170623034936 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EAEF2BE1B -20170623034957 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EAF22F2D7 -20170623035029 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EAF68D3A7 -20170623035052 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EAF9A9793 -20170623035228 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB085C01B -20170623035326 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB1140217 -20170623035332 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB11ACBD7 -20170623035408 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB16AD187 -20170623035414 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB1737B53 -20170623035442 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB1B1C483 -20170623035454 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB1C8B93B -20170623035510 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB1EAD06B -20170623035525 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB208DA8B -20170623035553 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB2498F17 -20170623035604 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB25D82D3 -20170623035609 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB262420F -20170623035735 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB3376DEF -20170623035801 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB370E193 -20170623035916 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB426D9CF -20170623035935 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB44E559B -20170623035955 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB4777177 -20170623040012 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB4995E77 -20170623040023 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB4ACAF8B -20170623040032 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB4BB1ADB -20170623040120 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB52D4F1F -20170623040131 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB542306B -20170623040202 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB5899CB7 -20170623040216 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB5A317FB -20170623040224 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB5AEBE43 -20170623040246 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB5E190BF -20170623040254 2 6 100 2047 2 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB5EBE533 -20170623040334 2 6 100 2047 5 F740D04A6CFD4547DDBE874AEED3DF220F4ABD1EEA9BB022EDB3019835812EB327F3F0BBD0D137702856B499924C1A0D78D467EFBCB2215008FC3918FF88710ED5CA4F3554494F3AC374C8695B1DA006470F1C5C751825389DF3FBAC83DFEFAE2B07FA30E3B6B13D2BF9FAA27DCBD03FEB6847F08C3C6C89B04366A78D8C43E1E26B63ED5BB9A3E1AAE00BD4A4BF058B41B70E9F599C7DAE2E42701C68FDDEFE7213432E77342F785D64B723FF33A2D9C6F85F149776F898EF8BEFE3D03D2163974A3C0F13520F4BE92A246DED5A6FC997B2657D1A72A1210E881D0A0F14E93522268E3D8FFB84ABB3B9B064985E891C7C0DC09E166008A5E13A777EB649ECAF -20170623040448 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C4B50D13 -20170623040459 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C4C9F477 -20170623040510 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C4DDC50B -20170623040603 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C55E2BE7 -20170623040614 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C5715757 -20170623040626 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C58A0617 -20170623040632 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C5910FF7 -20170623040709 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C5E85ABB -20170623040729 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C61714B7 -20170623040745 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C6362DF7 -20170623040759 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C64F9EEB -20170623040829 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C6949627 -20170623040836 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C69F6763 -20170623040925 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C712B23B -20170623040941 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C7336C6F -20170623041004 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C76418FB -20170623041040 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C7B6A153 -20170623041049 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C7C6F12F -20170623041059 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C7D798EF -20170623041129 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C81D54F3 -20170623041311 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C919987F -20170623041314 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C91A831B -20170623041341 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C95422FF -20170623041350 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C9646B7F -20170623041354 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3C9662E87 -20170623041503 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3CA105123 -20170623041522 2 6 100 2047 5 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3CA3BE707 -20170623041541 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3CA620DAB -20170623041546 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3CA66FFC3 -20170623041620 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3CAB69493 -20170623041704 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3CB1C2B4B -20170623041709 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3CB1FD10B -20170623041747 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3CB7550DB -20170623041822 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3CBC63D2B -20170623041830 2 6 100 2047 2 EDB5FA2E865AD05F06510EFBFC71F9DFBAA5C1EEF3F6FDC2650C1D8C507DECA3422AE18746EA7D7BEA600C0AE9A0812A3DC02C099F8AF046EF014EC2A58734A716F156FCE4F19E3A9EB38F225A1CA0B868F70B3BE0CAE3AC2A20F330EF3CC33CB27D1FCB2D27505409144F957AC592567AC0B2A8099F6D58B546C7EE734FD806CDFDDE5F41C38966EB61005CA78D970BFA2C77F099BB19543B559AA118B6F303644D541E83B293138BEF5B8F0B0382ACA8DBDD693845FF6B7EE6ABF1B8B4733998F31DBF74F9CBA5145A0C5345EDC5B056CDCAA3AF605701C56651B8A968AD6D7E421DD3B5F3765865D5FDC55252F25C9661CD71A43A20B13A16CFF3CBD499AB -20170623043901 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5508B03E93 -20170623044452 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5509C5C937 -20170623044600 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5509F436FB -20170623044825 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB550A640733 -20170623045050 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB550AD6755B -20170623045124 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB550AE93B43 -20170623045420 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB550B6F1ED3 -20170623045805 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB550C20298F -20170623045930 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB550C5914BF -20170623050341 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB550D1A1773 -20170623050720 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB550DC219FB -20170623051801 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB550FBDD1AF -20170623052216 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5510842093 -20170623052416 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5510DBFCD7 -20170623052526 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB55110BB843 -20170623052831 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB551196B36B -20170623053119 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB551217A237 -20170623053458 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5512C20307 -20170623053734 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB55133990CB -20170623054412 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5514721AB3 -20170623054517 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB55149F4D0B -20170623055017 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB551583DD9B -20170623055422 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB55163A7903 -20170623055449 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5516475E5F -20170623055516 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5516556F37 -20170623055539 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB55165F8F67 -20170623055716 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5516A5CA13 -20170623055812 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5516C8A4A3 -20170623055846 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5516DBF96B -20170623060438 2 6 100 3071 2 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5517E20F03 -20170623060534 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB551803F1D7 -20170623060551 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB55180824C7 -20170623060759 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB5518622977 -20170623061152 2 6 100 3071 5 E795DA675C82260F11D7C50B677AE8A8D94BF342724BB06FA0D426CE2E83E8971A1BE2AC59516488B25D561568B14DBBFFB5F33686D2952409B9C20FC19A13CB91C9176420F59F464DC198E254B87C765DC12B885CF1A463858C3CB0A918AF66C6A2CA06A48B4D5BDEB5A56B24C36BA330488DFCBDD499957E755CCE704F183CB4549441A7D761C22B7F7CB66BE50F0A6591F17778F51E73544B765E83A3C00BD3309F8CE1B135A3DD481DBE8C2CEE54E8DDF1351015E70D9012662E69F654A5A9F68C416167685A1695C8139BA1825287C98680945506D5AB750BEB68C6D2B430E7E4043D0A00DECDA77F81A2432929F530C5BC0CBBC011095D897BD81FB98792345F5372BA53E53F31FB09730C58E8FDA9F7C1EBA0AEA4FE50B2B5CE146043CB18BFB3A12F06ED1D3287242D3D59E85E0A5E243626525D3EAD946126B9F32590011EEA0EDD5E2025037D51940B3E1A45B614A23F48278977535E3773F0AA2A24413F4A397AC0881582E8832C7B140C0BA4818A55C8620FD2BEBB55190DD957 -20170623061950 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21EBBB813F -20170623062054 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21EBE73A63 -20170623062250 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21EC3B7BBB -20170623062850 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21ED5538D7 -20170623063051 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21EDADBD87 -20170623063106 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21EDB14127 -20170623063228 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21EDEBD58B -20170623063242 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21EDEE14B3 -20170623063301 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21EDF542E7 -20170623063538 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21EE64F8A3 -20170623063759 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21EEC9D597 -20170623064815 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F0A8EB1F -20170623065609 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F21F5CB7 -20170623070150 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F32604CB -20170623070933 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F48C5ED3 -20170623071215 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F5044ECB -20170623071504 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F5815613 -20170623071625 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F5B8F8AB -20170623071723 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F5DE3F7B -20170623071945 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F645009B -20170623072445 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F721A837 -20170623072516 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F731AF17 -20170623073343 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F8B6F58F -20170623073442 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F8DA7A47 -20170623073826 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21F983F783 -20170623074239 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21FA40B7CF -20170623074307 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21FA4F193B -20170623074345 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21FA61D323 -20170623074648 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21FAEB991B -20170623074919 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21FB5876F7 -20170623075011 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21FB79557F -20170623075040 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21FB88E5F7 -20170623075211 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21FBC86DF3 -20170623075233 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21FBD19D1B -20170623075313 2 6 100 3071 5 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21FBE8A97F -20170623080026 2 6 100 3071 2 E787C1EA14A0022F3F98A02847D293441332B2EB8BFF8C4D74ECFF730CCA9D1AFC6433A6DD4BA7089EC18D8D314550FCDC6DA23FEFDE48622BB6FFD89AB71CC0BA6C8C0930593E85A442A9C589ECF35E17D9CC7E2AE713B3704D69B61EF6E79A41AE02ADBF7966DF94B1C6861795B7EDFA8D7418EBAEB47F26F158AEF3DB418FD1632DBB93B431204964B78C7AE9ED796E39F1B6DE1FEE4CE77815462F36342E80B44B052BADC06F78CFEA7D3D0B294C5C8E8E623F95F5D3C1A17D911A0E78FE7754AA4A440FE75498D9AA47AACF2FC2F716630AEF10950F1FACD4CF847A7E4B0C20F507A7322996DBC4D2250A99CB213CB95AAF7A8B6A0B5317BE8FF728D3A0A0AAEA1B86729DDD59566916640F9AF7A455145CE29CB58884CC2E9DD705B1E87D10E139945FBE70D20D718FED9AF202A22673D76128A5FCB2860419675ADB97512628C7C65C7078B0C730A258C8979912C18EC065367791A404C71318B78FE29CC115ECD74C4EFCDE86C35BD0CFC3ADC41B4F24243A262B251F6E21FD35417B -20170623082844 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069919E3F0A3 -20170623084111 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB47998481906991AE37AEB -20170623091322 2 6 100 4095 5 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB47998481906991D857A5F -20170623095654 2 6 100 4095 5 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB4799848190699210172E7 -20170623095828 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069921188C6B -20170623095901 2 6 100 4095 5 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB4799848190699211B667F -20170623100423 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069921818383 -20170623101338 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB4799848190699223C1F3B -20170623101757 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB4799848190699228B3683 -20170623104910 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB4799848190699250221BB -20170623110231 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB4799848190699260AC373 -20170623110814 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB47998481906992672C113 -20170623113826 2 6 100 4095 5 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069928D90D4F -20170623120249 2 6 100 4095 5 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB47998481906992AC1BA3F -20170623121815 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB47998481906992BFC1B7B -20170623122456 2 6 100 4095 5 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB47998481906992C7EB0CF -20170623123432 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB47998481906992D3D886B -20170623125910 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB47998481906992F34AA0B -20170623130350 2 6 100 4095 5 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB47998481906992F8B1CFF -20170623131900 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069930BE28FB -20170623132006 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069930CCBBC3 -20170623134400 2 6 100 4095 5 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069932B40887 -20170623134659 2 6 100 4095 5 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069932E77127 -20170623140059 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069934031953 -20170623140936 2 6 100 4095 5 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069934AC3B0F -20170623142309 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069935BCCF33 -20170623142743 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB47998481906993611A26B -20170623150027 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069938A6965B -20170623150107 2 6 100 4095 2 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB479984819069938AB78CB -20170623150738 2 6 100 4095 5 DCFD3F9E0CF8187E955D8AEB347A5E4250C2B78E67E73E1DCDB99D67EC98180AE5FEF9119D38E50CBDBF46C8B2F62240FF5E1B28FB01276B82DB7422A777AA30AC5A9423D9AC3D33C9FECCC85823BD1138919E8F831364B093CF13B11CDD11394AA8D2256D58264266F780EABBA494E99EF63EC1F69997D180ABBA50B091AFD7FF478DAFF435CE2529E5F8FC81316AB0EA636014E125715FC77D653B142734C93FCD825C28CB928D579E9ED2C6C11E89C64B9C4B91CA962FB11C824F302BDEF7F67D1F7AC95F52B49FD4A044101BA3BDDD59C7663AB270D24DC846B90925F615EBFA5182F261938182E301C83FDC027381BD0FA753C84E57CC51531E7D0C468988B67D0B312E73C65E21D93C69C7862553F60BC9B26C6B5FB68BEDA3D7B0770C1116FF2B88484C7FB29A9D46D01719E89CB76A25C1B8349E3F8DA38CC00B3C1502BA6775BE363D27FA71A72DE0094E6805DEABB343B4A6DC98CD5F5191017B4E1CB0E5EE2FA979642305B8FDE9EE6A26E469C03C8B806F9492C0C544D7A0FE7773B3940812AE6B76C447BC28AA8127D9A7FEB7F98B9720C889CE2FF4806225B012B06F2FC0737D2A73A3046BD7ACBF0A8CF02BB3FAB81A60A29C0AA5B3B731541F62B542F4EF8224C6BAF6A087D0A9FE43492E5CE13F855E80457A516155CCA04A6144E402A1A3D71D657556B9124837730953505EB4799848190699392AA267 -20170623152234 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988DA657F33 -20170623152823 2 6 100 4095 5 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988DAD58DFF -20170623153243 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988DB1F719B -20170623153719 2 6 100 4095 5 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988DB76316F -20170623154606 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988DC289BA3 -20170623155435 2 6 100 4095 5 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988DCCFF757 -20170623161905 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988DEC7BD43 -20170623163928 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988E064A38B -20170623164410 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988E0BD160B -20170623172908 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988E467E87B -20170623174045 2 6 100 4095 5 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988E54CE16F -20170623175902 2 6 100 4095 5 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988E6CA185F -20170623180229 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988E706D14B -20170623180811 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988E76F7CD3 -20170623180923 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988E77E8123 -20170623182724 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988E8D82A2B -20170623185420 2 6 100 4095 5 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988EAF9DAE7 -20170623195226 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988EFA2202B -20170623195633 2 6 100 4095 5 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988EFEED5BF -20170623201051 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F10F59CB -20170623202959 2 6 100 4095 5 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F2921927 -20170623203734 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F32287EB -20170623204218 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F37F8B03 -20170623204329 2 6 100 4095 5 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F38F411F -20170623204840 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F3EE7B13 -20170623205709 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F493374B -20170623205814 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F4A24813 -20170623210627 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F53F787B -20170623210958 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F57EC8EB -20170623211248 2 6 100 4095 5 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F5B1A9D7 -20170623213826 2 6 100 4095 5 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F7B2A7AF -20170623213924 2 6 100 4095 2 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F7BDBA73 -20170623214723 2 6 100 4095 5 F2D0058FA043FB189699D118DE484B66A10DCE703B27209CFC6D23D9178067C9D560D7D8BA9D4439A22AED66322F25D886C0A5CD41821B49AAE3D7A7B72F9B0E2D823709AF5444C7E9474DF5867E605E638923A2FAD546A86B8014BA460D238A939B445D7489C91977B54AB531D75B0F4264F187218F885129751EC78654F4B21191365FEA1B7FEFC40842BBC07C4F1D1AD153F6A39B582406F6B5895336A1199F7556EE957EAC716AE6678CBE5390730F0EBB3CC5210242A80CB128BFD747ED1B61AF6BBD5B5DC07B34C5CA7AF73D1EE973B93E13918801AEFD674DF92A0AD84BFA2A8CEE1AD26140DA1D5FC0C450A1EAEBC88F8EA8E703A0F3A814E1F6975AA5BE732473575D16F137D2CE5F7A546CE4371ECB5E8052295E122A9CF89A026E2D09BDE56B8B04CC4CAE66CD0C5E0DFE30695DD798C50E39C911C887FEBACAAEFD2BFE7D454E051C432D66AD84680DA7C126F1A9C7C540283CCB863B9414BB536BA358259104ECB406B4976F97558FA4E5854888A8D13C96A14025DA0C55F869F6AF954B1E7AA1D317262C52099860E870A7EAF72F9910ACA809FF2DEA37FCA3EFB31FD43A308E4138E40178BEAC0FBB0E79ED7D1DCF8F8A81A4ABBFE6749F4C1B96BD65A14822490BC0A71E854BC8077C7A8F2C6FE308F86DEC97F600A4A0015F086B021F7F0BCAFDE3DA4D7E38A9AA1E992539389E99412FD22988F8513E37 -20170623233949 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D915376BC3 -20170624020214 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D918FF036F -20170624030028 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D91A80668F -20170624033630 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D91B697BC3 -20170624052652 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D91E5556DB -20170624075515 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D922262F73 -20170624103157 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D92638CCD7 -20170624120558 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D92895C273 -20170624130210 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D92A0429E7 -20170624131317 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D92A441063 -20170624132538 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D92A8E794F -20170624133715 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D92AD26E07 -20170624145051 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D92CB7412F -20170624163751 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D92F668E7B -20170624172739 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D930A8FC4B -20170624174055 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D930F6B80B -20170624185924 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D932ED85B7 -20170624220917 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D937BF2B3B -20170624222456 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D9381B839B -20170625033902 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D94007305B -20170625053719 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D942F8C1E7 -20170625062259 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D944178FAB -20170625072908 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D945B1B3DF -20170625075138 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D9463A10C3 -20170625080610 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D94691AE5B -20170625112146 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D94B5B8CDB -20170625113648 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D94BB43777 -20170625131459 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D94E2020A7 -20170625141110 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D94F7F2B87 -20170625144415 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D9504A46D3 -20170625145639 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D9508CDF97 -20170625203254 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D958CDC1DB -20170625215049 2 6 100 6143 2 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D95AA6BE13 -20170625220255 2 6 100 6143 5 E30D9BCD65DA0EAEF6A1D4D083834D4724538836AE04DFB6A7DAF235F5D9992B7E42128D43E229BF4906EF0C6A27F60B95A1FC514C2D55A0D616B3B6924F08E9C0BCD8AE1CB624F645785C2AA552C94E125D6602CF63CF52014A1B0A4AE0DE823B03B6ABFA25839ABC3E8E050C295B8B3471EC58EAD9B659294C72EA65229E4E8EB21CA79CBB41BB552118A3CD32108E51D5FCE5C46A6CD03E4246CB57E32BAA09B15503FBFA4F4C943B2378F10EE312C1F12A14010AFD1698B8EBCCFC8D0DF17829A153199154EBF9E40FD81B8E1AF5881D0EC1D3BEDB2D0F1DB9C44C9D8E7047310623D4FAAE28D2C16612CFB9AE9A8FD05B8FE22930346ECF7B21B5800778EA0D5D3B7BDF18B03ABF33C9D0B4648CF687ED229C811CE290CFAF94F9C9AF4EC3E47480955E5C81E85DA9EBCE99652DA07225C7CCEF39E224556E48D6371981C7232E00F3419F7B335FF36FE3989558277654DB356063ABC8F7BD0EF828B40D3BFC06D12FEC51278ACD32C3B67D4E2A0BBA1E20BDDA06DB9AF6AB250179DE3332EAC0A6D381963B51E8E167B8285BA3E6538B1D38B16B32196ABE009ADFDAF5E686E0107F76ED10414B6249D6895188456505CDB897FFCCEB8931802F87C02DFDC62825C6255DF2654712BE230CC86A30229D9E3438DB35CEED8F8447B9209CDECFC1776D2C43B4B98E9EEA3F4C049C1287CDB4540D395A4BC992602150CCC0479597E221E201B778DCA9701C517C89B95004FC19373ED9755C90FF32C44013678876EAD3FE5E637BF2F1959130EAF79E7A93088F52AA0AC993324294536CF3787C3A3F06F2DC201A070967E6F4525803DC83F5160B560465A4CE4BF20315858BE0E62A07C55B3A772CBF93DE99AADFCB304D2B544A9F17A22C2BEB791D98F714CA7CFF701CB7CAEC55C292A25A147935D7BBD1E66F2ED3EBC66E763209169033CE5A2D9884DC0CBAFF37517372544E1EB780A26CC71E5649EDFD5DA2FCFB58093D74D76FC2DAEC54567104701C31E3872C15BAC5F2A96833EEDAB9B7FF731F827DB3273D271BA8F9DE06181C1E38D031896971D801C571954337D95AE8D4FF -20170626000351 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973A06777EB -20170626010044 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973A1E685DB -20170626011405 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973A237A0AB -20170626020723 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973A39C76DB -20170626021405 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973A3C0D837 -20170626025354 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973A4CB1E73 -20170626025848 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973A4E33427 -20170626034407 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973A60D840F -20170626042648 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973A7271AD3 -20170626063327 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973AA7A8227 -20170626073301 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973AC001F7B -20170626073912 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973AC204247 -20170626083935 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973ADB29CEF -20170626085130 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973ADFA675B -20170626103016 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973B0702723 -20170626110918 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973B1648BFF -20170626113343 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973B1F924B3 -20170626150922 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973B78B107B -20170626162428 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973B972EB6B -20170626171558 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973BAC16547 -20170626231518 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973C3C4E533 -20170627001636 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973C53DC917 -20170627023229 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973C8A24E33 -20170627055348 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973CDB0A037 -20170627085558 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973D234059B -20170627111046 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973D57B1B3B -20170627114331 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973D63E6527 -20170627143549 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973DA76351B -20170627150713 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973DB2FF40B -20170627151417 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973DB566CC3 -20170627162358 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973DD096627 -20170627175138 2 6 100 6143 5 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973DF2B3477 -20170627180034 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973DF5CD463 -20170627192816 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973E16B337B -20170627194138 2 6 100 6143 2 FE3AFB7EA9CBCB633757EA982ED0DDFF120459E69D35DB36ACC5F69B04A5CCEE59A0312A97687F2B3DBC20917F4BF0B16D97B75EDCA16B58BDEB8BB1A726F6CB8BF5D7FC483777129A1C19CB559943EF201323760672C63859E830C6E99AFE5DD7A4E89BAD41C63B687558DD277F4E06A29D1E14A21CAA6FDD4E6F21EB8B146F2C04F93B1C94234E6295F2F8773B16BA3D51758841EA48ADD1A626E252DB3B78594B4586AC9E9EAF100F294ADC82BEBBF8CAB96B671EE7050B42733EB741107C5D2199D305C84F93C6AEEE6BD607DB7C0EFED773FB1DB73B04EFA72EB36111B99EBE6EEE899307FD288329FB2DB7E81776AEF0F935FFEE77611BDCFEC309F97EEB6E36FE42CA4C8EFAA0B4B93F5D83606B8FA7B49DD1DBB8F828B9C805381CB5DF4AC7FFAE27C62CBCD2FE80BB4157EB7F3267041255AC2F7EA3B450951878166049E5FF1BD3B361082FB184E342DDA1961ACFD90944F37E09A06AFE463AA9AA66EE699D28C4D109F3E8111CF4D625161B2855C11593AE408AE44DC026091119744FF09A4AB3C00717ACA004E26ACA53BF6444D839CF477A56FEAFFBF2E4CB946512815269D8E3C163FC29288A917A4A0ACC6DF54454CE2D54AC79AE05BF816DE1E3E9D3A9CC69DBE674880F98ECB8D8D4C4247AC07BC9B7C40FB89C4B9D4DA4604B37D15047DFB28C5D241CDFA327C3996872A0C05B84342F81A308D7796CA4A4038E47A5D4658F757C3F9645F11DEA92AE4D2E77FDB1A5D12519FF947F39A68152528CB02F915894D728C0E755B8BC4A99FCFC778A4099558A06D5FECC4C22DAA7E23C3B5E8E99B5365D5046C8C65846D949A521C0B25EFE5F5CD0845F09C29C096C4A80755120A299EA652B204775E53B2D521F366F4EF9FA65B1D8CB048295C39BE92667200E2889B1577CBD0AC23B2280B758A3650BE60D55F215DBF166873592253B1254968B5A46A61C792A153342C3ADE408676F4B27B7F22C50B079D0E32AEA134168A53A36F18E2FFA2459EDBA89BEC13D19C342235F6E9CF8F721B608F6297A3486173A7D5CED5E2AF6343775668C1B1FB0B745157973E1B23A4B -20170627235654 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6CE22848CB -20170628025708 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6CE4C7FC03 -20170628090844 2 6 100 7679 5 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6CEA316C0F -20170628104935 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6CEB9D111B -20170628114328 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6CEC57837B -20170628155547 2 6 100 7679 5 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6CEFEB085F -20170628161354 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6CF024A37B -20170629103301 2 6 100 7679 5 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6CF75BD46F -20170629121023 2 6 100 7679 5 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6CF8B74F97 -20170630003105 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D0331EC63 -20170630052003 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D04F2C61B -20170630145450 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D0CF7BF93 -20170701010810 2 6 100 7679 5 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D1578081F -20170701015400 2 6 100 7679 5 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D161119BF -20170701082405 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D1B5FB48B -20170701092427 2 6 100 7679 5 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D1C2B0E47 -20170701161137 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D21ABD21B -20170702022204 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D29CF7033 -20170702023811 2 6 100 7679 5 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D29FB9AAF -20170702062241 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D2CED4213 -20170702082528 2 6 100 7679 5 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D2E88DA5F -20170702151719 2 6 100 7679 5 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D33FAA757 -20170702175101 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D360021F3 -20170702200102 2 6 100 7679 5 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D37A9C6C7 -20170703011731 2 6 100 7679 5 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D3BCD4977 -20170703155054 2 6 100 7679 2 E411B879FDA69428A30BDE74B417706E5936E16C5E1F2B64A07EAE1D69C857C23126701460740D93467EB3A3386827E658069CAC4D55CC4929493C193D53A0D91141135B2F0B19E659BB541883E569D38B329761EDF3C409D34A49870356F3723AD2F720383E49B1752B837DF80F48632A469A0A96AC8F02E5B766B590D722B5BD3ED9191BB70C1D4044A3D5CE850489216C3184D73BAE2B655D76B30EC1851951A756E2A45CD1FF82A83BDC1803005034BEB2EAC35FF7362831D8FBE02E07B1CCA351D47AD65B5282151FB2711A880410CED2C1CF205CC2072F6F244189F5BDB3AFDBA7FB02DD21C99D1EF72C1EF8BC6C68A273D16CB2D3CA190C30BDDEEAD7CA2E519F3AF806B5CBD436B971C1F1981EB35CB4007D129F43E660F7E47E807C889A1DC5FEFA7C304DB41B36982FEFB7390DC6C8E9474D3EEB84B3F757C367475EB1B4CB5B86F9507090F2CB37533E2B96BBC6F75B3BF1F4CECF18F67E7492A681845CF5AFA1B70FB3B0A09CDD3375BCF716CBF2A594533D157CB6C4008CF8C4818C9418E44A995028487B0346BD399BFB431CA94B3FC2AF9822520153105ADACEBE719CC24D1D043AC2AC24BD41759AA452000C43CB885D5F0D71DC2451A2C5C04B0B085BD23B5295B7A109DCD729C34479D51EAB4617FDD163128B25F5803B262C3D97E2D63B3E84D85B67ECDFDE6FA377E208BD2EF867072D341AC731338268AD82285DD6D219DE44EB0588E477CBFCD5F5C068D2FA877339424F324012D346C3E2B3C4408E4FD84535C5D4EA02137ABE0426BC4C3AD6EABAA221579CBA22023F8204ECCC98D143652DEBF5869CD73A81C0E4C6FC9A22F9E648B6783AA1D0F0A1F76B1C4E8692339A6A259F3D8419CF7FD22A26023678BFE4F70C79E7F113882E6C7A0606C5AA9094DB161683E43CCEC8C73FEBC7B82617B90541C2BC15EBA18B55E430373CF21DD235BA332EE6D7A6D042BAB4DEF94939AAD2A1F6FD235B09CA6CCFB45A614C79F3C83253B82BB73826DD22127F3F14292A9B682D607D6C9313DF5324712F976C8978AEDC97B40095E66BF850BCB83F477E1F5AB045844EA5CA0652C7C2C284B90FFDCAE2D5F3C165F66FCE871A5D0AFAA158E77099BFA7A969C8F3425E326D24E7E875D588B5E652ED331ABE4A72AFF7D89CFA9D55116B2610AEA4D1D16BCE1FE8D22849827677FEC8EC9864F5A4B874E7AA3228E31DACECA3ED7E1F31675CCA03E599E748BBCA483821DDC5F1C7ED376EDE7A650AD06CE3FC4E76062354B7D89093EBBF9717CED067846349E8BBEEC4CDDE0907F2DD1C31125F1DBB7B9A94E07677C4EBC756A5ED3D8DB30FB5772328272C6D431F42D3 -20170704184253 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936A2722BB3 -20170704204537 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936A4446CCB -20170705051520 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936ABC7F083 -20170705084652 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936AED1CC73 -20170705094007 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936AF8A26FF -20170705115139 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936B15913CF -20170705123819 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936B1FD105B -20170705150548 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936B411305B -20170705152103 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936B43D87FB -20170705174143 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936B637D557 -20170706120313 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936C5C0BE63 -20170706131942 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936C6CA2F0F -20170706141404 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936C781A68B -20170706153843 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936C8A1C2AB -20170706173242 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936CA322EEF -20170706183451 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936CB02939B -20170706184330 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936CB163C7B -20170706195815 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936CC15613B -20170707002909 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936CFBE39B3 -20170707012259 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936D06F0ADF -20170707064939 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936D4E0A703 -20170707065604 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936D4EE0BAF -20170707120623 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936D9082CA3 -20170707121752 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936D928FC67 -20170707164931 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936DCD75823 -20170707220455 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936E0F28243 -20170707233018 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936E20BF7B3 -20170708014205 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936E3C89587 -20170708023140 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936E469C123 -20170708053646 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936E6DBCAE7 -20170708071735 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936E8297A7F -20170708072409 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936E836D247 -20170708102649 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936EA984FCF -20170708144918 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936EE06AB6B -20170708163647 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936EF6DD803 -20170708181531 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936F0B07D83 -20170708234000 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936F4E4D5BF -20170709023719 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936F727B0C3 -20170709063946 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936FA3DA1B3 -20170709093311 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145936FC71EB57 -20170709151341 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D14593700D34957 -20170709162318 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D14593701B3041F -20170709184215 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D1459370374B3A3 -20170709215933 2 6 100 7679 5 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D14593705ED75E7 -20170710000252 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D145937077174C3 -20170710052851 2 6 100 7679 2 C0388038628CD48D5377C99911D89CEDF70AC54721EE6974975D61C9E25580D2108B48CBCDB8B647B271FA822546C00580DB013D19EE5A49EFD9AAECA2036A83BB3E2F96C3E7CB273AA9ACEFCA5A3E4C7C8FCF3332DE11288D8BD76E17B4C530F5F6EFB0D757F63E3B2B519EE960FA8206DF81E7B9DA463CE389E3164588BF5B66355D481DC620F0B2F352782105DF3AB86076DD7D612CE9839CB251D5C975166859A41B740E08E66B746B710479FAA430E2891E60647E04FE71D8F8BC9A6BCD20CFB42299142DC016E672CC350D497809379F54F6F3D1649ADCE72ADECEAAE1ECA85EEE8006700379DE3687A67AF796E1F317815461CFF6E58615CD453265612315FA8F99DC65D9CC218004671E43CE58C9F54862D86B58FD71212199A2A562B1AB9604BF43676A403E8EA56A69E68F1CF0C60C83B8EB31D9C0A23D8410C3A6898D749CAD8CDA9F17A224536BD08436B25E50BA67BAD09276BB55583CEDF48AEEFFD8FA3DBE4F609760DF1EDED136B38792CD164D2EA3C5443F0D8F9117544A9A6AAC615ADE01440B7948B2B53BC3F7218DEDEB16D23C3B0C2AA4BEB99F9A9225D87B6CCB037D8E9A2918C20FE9F2BFF429FD0F23AE370E820842AEDD823DD5B6DDD7F4AD3A06735A2E4144DBABEA5DD83A6AA98EED5F6F3021C246FBABD280986A1E7A24CCBE11BC3050CC04DB566277CECBA8B5BDC1D15E1F066B25B668C7B87EA54894EC7559B64F1400934DCE1C06A10955988E3B3F4A40566B3989608404859335C53EBD6BEE21614EB7C954D543DBA7EB61555B7CED9D08EF560426DBCE3018FBEF788CF69AEAB433B692A9E28CBAFEFC048BD9AB423678D4DD5807329BCC417CF77EC7FD8E50B6D9A8D6B2017B24F6890557AF327980D086499B7C4ED6518B9C23DAB9571CA9E8E949C039C5CC002CBC9BDD08728D543143AFE577738AD309AB2493A8157272196B73C28A4826B37A8274198A4E8188CDADB1D7BB209C84D03500F79B9DFEC1E4441F34069CC01D6B9A57940914F56217C0F3A5CE0C75DE2815EE396D4AB00EC9695DFBCDD88EA6C8017CC29B1257EED39B50E0D075CCF9564D4B22F59F4B5E6667E4CACAC6B63D8CC1C9AB2CC6309A319E559D2062FB99D15B62F08E4DAD676698813D227FF8967B3B3830970E92277B2446A3C269A74FB437800824A8987DA3636A17A53C7E55C66077BE0FBD63441402F19C6C4E1F1C46185A3F3F5D7D7F553F0066EBFCF2ECD74CFC6DB48F6A458AE66EC12532B691FA3AE9A0C19809B3A1AF06340EFB012A33D484D272CA09D5862DAC5E3A00006F260BDE5CE74E007AB12A8F686373949308E574DCE7EA9D1459370B975DE3 -20170710074510 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C8898200FD23 -20170710114649 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C88984F315BB -20170711033842 2 6 100 8191 5 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C88990A1C3A7 -20170711064933 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C88992F18383 -20170711070835 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C8899321BE1B -20170712081942 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889A5694573 -20170712175235 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889AC1C9503 -20170712184856 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889ACBA643B -20170712224446 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889AF76B1E3 -20170713034208 2 6 100 8191 5 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889B2F38EEF -20170713034622 2 6 100 8191 5 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889B2F6567F -20170713071216 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889B55B411B -20170713222010 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889BFD2C803 -20170714013005 2 6 100 8191 5 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889C1EF6397 -20170714094721 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889C7A27293 -20170714141853 2 6 100 8191 5 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889CAA42B27 -20170714204505 2 6 100 8191 5 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889CEF31E77 -20170714205139 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889CEFD860B -20170714214942 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889CF9B7253 -20170714230801 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889D071D153 -20170715054028 2 6 100 8191 5 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889D4C6B33F -20170715152910 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889DB4248D3 -20170715213011 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889DF38680B -20170716095854 2 6 100 8191 5 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889E75F9737 -20170716115603 2 6 100 8191 5 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889E896321F -20170717072754 2 6 100 8191 5 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889F528B29F -20170718103850 2 6 100 8191 5 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889FB304F4F -20170718123146 2 6 100 8191 5 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C889FC58729F -20170718203220 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C88A012AA89B -20170718211015 2 6 100 8191 2 DDFBC1CD4FB7E30639422038F1FFBA2CD3EC3915F3C923282C6588F6EB218FF7B24870C0FE4B48213AB0948E101686FB7B0093ED467B6CA413EDD4B0BFE2155AEBC4DA3D2DD0C78DA9AD989A0E989010D6D5E86A123C169E126F97826EE5F602FF641FDF642A107E7538CB61740CBAF69F6C7DC5DD4DF28998AB61B8672F0B74A3A8DD7D165828D69DCC1BAE4D45F707C3894E040BCC0AF7AA810A6D5CB89276217EB7AFAFE4966D68C10318E8C8CB23CA593E8057F29FF9154908B11D6530E6352F9406C81D9DAC5C298979320B4E0DD89203A1F680C8084154D0439DB6C53EDAF6FCC0E8682EC99D345180120AEC810CBB0C2F1B6D1B660ACEAAD5996A5D184659B6A1F11456BA6A5E94D223959D8171C030499A9DB458702CB35CA7E7CD75D26FF5E94640AB8740ECE82559784BB6D5CB4D041D053629BD3F4178077F3F7E280296C46A3F0FBC37813A1AA221FBA2612F0CFE56450E9B1F2C2AE278EC7A7AAB66D61FA9749FE997EDC31131091620897014D33B2386B490CFD80656B7D2EB08C9DA9928798986996D60F74D766EB8988E2FF676E38C587E7A6651AA28BEB8BB56EBBD6E641E92309AEAA671A5F2EC72629442D2C3A4C2B8E4304DC71B342CD116527832078E6B53C1E0A72909615B408E17625F7259ACA98E46359448FC141F57B51A069B8A402AE3A87E10AE7E910F3916BAC6CE716C539E825A06626673DE7EBD899A3982FCC599791E7CA964C0D37BB076708C03DC7C022980974025C0EA9B72CC3D0A03E4626E030E9C857ECF6B3807AC9E8E0F72098C7E80DAA05BFF60394A8374096878F015597DD5B22E65646A7DDC87B5F6AE68594DF39B0BDB2675A32369AD81FD62033146B8DA6A801E918572CBC70DEBA9F70D088D69425733ACE0084E60E7FCB459A5B71F74F711184B1AEA240834D28D049474BB2E7ED1B17AA2B5EB7D274341456834320BE8FB245B1C2B84A096E7E40573FEB7C2997ED16C8C2C62409B8064398ED220FA82C59E53AD7E864C24473FCC7F017B897D5855F092A9428957467EFD93F67D3FA302C578328A9484CD0496CC83BEAC96504F9601DA2048D25BF43B5A69E46234A164D854B89DF1DEDC36F0304BA5FC035B27E782087C3EC0A81840A3EC042204C63F9698CC74A818428039B23664C409529C4EDD822DF77819805023795EE625D524F12824C1F1FE99546DF75107AFFF7D424C4C3FB3D0BDA2E9BC0D93603457FFE44FABEAB1E6B62223B201D42784731BEE11E0FF0BF29C930DAF913F974739800522E2B9C4094475A5F35AA92E2939E5719EB4EE19446ADC9ECC7EE6BAB5D264C9E74AB6DE856D541146048341EB51734A34E33EF8D929F645E23FD902CB5676DA9C84C9F46490710DC8CF2AA922252C3885CBD8D0CB1D176CAFEB46A625C56BE949F487C6E35E2CE481F024C88A0186FF33 -20170719070720 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA225378FA20B88F -20170719080355 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA225378FABF2F5B -20170719081323 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA225378FAD37237 -20170719083433 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA225378FB0C1BEB -20170719124018 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA225378FDE8D93F -20170720083815 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA2253790C2785C7 -20170720203303 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA225379147CF99B -20170721064950 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA2253791BAF7AFB -20170721151849 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA225379217C124F -20170721220636 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA225379260D3263 -20170722033935 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA22537929DAE9CB -20170722155118 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA225379320A3B27 -20170722181755 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA22537933A7A623 -20170722212038 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA225379359D2C63 -20170722230812 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA22537936C5DA37 -20170723005838 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA22537937F9469F -20170723041453 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA2253793A1DBF1B -20170723051250 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA2253793AB9FC9B -20170723112206 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA2253793EBF09F7 -20170723140224 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA2253794072005B -20170723170945 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA225379427689A7 -20170724050156 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA2253794A23E407 -20170724065019 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA2253794B47E553 -20170725032628 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA225379588A6BE3 -20170725142722 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA2253795F8CFE9B -20170725192821 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA22537962B35BAB -20170726032919 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA22537967BE1D7F -20170726062511 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA22537969930233 -20170726073958 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA2253796A4B8B7B -20170726144150 2 6 100 8191 5 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA2253796EA9D3DF -20170726150548 2 6 100 8191 2 D84B8E9B7259F34AA46062684AD05873FD407C5FA804FFBC429D0DED5B497259FFF7F3C26D7A4C21592FCD658B607A5BDE7C4EAA7F5A3B6B713EAEDD5D0D47029CF51556BAFBBC91819DDA500332F7CE6777565C34CE56ED26BFE90830291C460891DDFEBF4FFFE5F217602081211E73EEC97612AC2C9FE8988738F0DC0FD2241B3C54357109D82FAAB532DB9C18B53B543D43B533FD67E36547972674968EB83AEE7EFC9F2AAF2C610C452EEA89A4FF5089BA6922F35128A844F6350A70671DD53C205AC7A75A1659CD3E57D385AB0BD78AF14DC129B1172884F1FCF5D795B6031A2BEB2410948A422D21AD3A215C85720F5EE695E235E36832E0A559DACDBD2B7CA3A1317CA005A963B49E3337829C40974C70F47540D89AAE625A1FD110874DC13D6E7B5711021F0CFD94C46D87582EBFF78EB2412B6D91DC0250A0B805F5E3B096ACB247C2A247A39164337FB3CB818AD4A950E6347B801DA742E5B532F4FC48815AA62B894FDB23B6E4D448DB62713AA46CC33C7D83D60A44B2B70FE8D841A56A4150A01C82B19CB93AE0AAA65E765EFF95933AC55742E0240744158B9CEF9DA8E18C3736BC8894306BF86D9B927CD62252ABFD39A3B352168336404C6B5F0DB4AEE518069274266E0C424F45D487B500BC087F49B53B0FA822D306D8B272E66C035569FFF1A191D354728253419E5B49115B88EB94E8452A28A3D699E73709FFD95D30430D45B730AF36D90C4DF464241C059375E8215E02294DFEAF8169BF1B47F7EE6F6479CB772D552D604589CE0A80BF7C38AFB2D8111D02A11D02264E2D1634128E53835E5815A92C19027DD08493C23344883FA5F2802A67E586221E2E22DFB8C67D75903F7211D52D19DC92DAC9C2E55D5D23E4B316F4F36AE24526C0D7CB5D43A5FA64CD621E9BBEB44ADAC0FB50237872CF13E0008D4D8F3B53B7F97FF8FD71E7B6ECCE359F5FBF3F6128DFD062C1E1177C6DDB97CBB9ED8AF082BF55D2DDF76920020A8AFCA08235752DE7542237D273F0324767F297BD98F573642B54D55AAEDCD9A5DB65DDF24F1E52489E22A8CDB204653F03A45261E20C965772CC92D71AD8A9DCA1205CA72C3AE330CA9ABFC93BD4C0591279661736B131AE905D5EB899BED456FE76BE26C4700FDF3238999B250DEF64F155FED724D3E38BDCAAD31CAC112BF39F0BC0CD3A906BEA43676E126616B51546C9E282117163EA7B38F255797A803F663EA16485FE4A8C2510409D3B6EF809EAC2BF897277A17A9C6E58709B57591FDA62321CEC2F545FCDB0AEEAF33ED378707C81711E003F1E77EEEE292F61E37FDC2FC4F97CEA96E1A4FB8643A9F18C9D6780BC5B815E43AF81E3B1D47D68D5A559C194F35A143B9EAE147D975BEF88D55AF1408BC1705C02F112616D08BFE6A44C0EFAC373CBB557E4953C79ACAA2253796EE14A73 +20171129060817 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC65210B1E863 +20171129060830 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC65210C3D8AF +20171129060835 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC65210C56383 +20171129060853 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC65210E2A407 +20171129060928 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC652112864BB +20171129060940 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC652113A4B2F +20171129061019 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC652118756EB +20171129061110 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC65211ECF08B +20171129061125 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC6521205BFC7 +20171129061139 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC652121B156B +20171129061144 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC652121DB6C7 +20171129061155 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC652122E3A4B +20171129061219 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC6521258E75B +20171129061248 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC652128E21EB +20171129061255 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC6521294FDC3 +20171129061331 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC65212DB195B +20171129061336 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC65212DD4653 +20171129061427 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC6521341B5DF +20171129061437 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC652134DD68B +20171129061446 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC652135A0283 +20171129061500 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC652136FF967 +20171129061601 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC65213E379AF +20171129061606 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC65213E53213 +20171129061704 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC6521459419B +20171129061720 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC6521471A4D7 +20171129061822 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC65214F0057F +20171129061829 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC65214F60057 +20171129061843 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC652150D5E63 +20171129061855 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC65215200027 +20171129061901 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC6521525622F +20171129061942 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC6521578C59F +20171129061951 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC6521582692B +20171129062008 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC652159DB0EF +20171129062015 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC65215A1F453 +20171129062045 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC65215DD99B7 +20171129062054 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC65215E9E31F +20171129062130 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC652162FE18F +20171129062138 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC6521639C1E7 +20171129062159 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC652165F37BB +20171129062221 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC65216873C97 +20171129062228 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC652168EBECB +20171129062350 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC6521738FF13 +20171129062433 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC652178ED13F +20171129062446 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC65217A15C2F +20171129062541 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC652181044FB +20171129062603 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC6521837D78F +20171129062624 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC652185C9EDF +20171129062634 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC652186C3473 +20171129062650 2 6 100 2047 5 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC65218888AC7 +20171129062658 2 6 100 2047 2 F6A83AA30FCC5A1FED886CF60BFAD561F8558C07EC39F7972F8BD034F16AE485A25E223E609D18CBA60DFB74F85637DC6A55E38BA145746B5C2EFC007E1B36B0B179A7756B160A90E6C7AA8D42DC5EF9F96EB654D37EAA3BC2A96CA6F9F60A47E340873B6131B9013ACDB75EBB189B671B8D48BD60D36D2BD4B9D2F5FC828F9989F2E9FEDE3AF8E10343C458CAEC77EBCDD113C75D4F190EFA489835725FD7A0CB3E3A9C30DE03BC5D3991D53A86A25A3F3601171130DBE5F2E6F844F6AE9565261F9110A264A1C61EA0CDDF6DB06F28F9E3B70A482C849E5523932B4F2343E90AC140AC06AB027E293CE2B81BA61021B1B15DDCA48B721AED9AC65218915923 +20171129062719 2 6 100 2047 2 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADAB68F23 +20171129062852 2 6 100 2047 2 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADB8020BB +20171129062857 2 6 100 2047 5 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADB83D6A7 +20171129062904 2 6 100 2047 2 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADB8A117B +20171129062913 2 6 100 2047 5 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADB95C4A7 +20171129063020 2 6 100 2047 5 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADC1E13B7 +20171129063054 2 6 100 2047 2 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADC606493 +20171129063136 2 6 100 2047 5 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADCB2F54F +20171129063229 2 6 100 2047 5 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADD20E077 +20171129063237 2 6 100 2047 2 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADD2BAEB3 +20171129063257 2 6 100 2047 5 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADD51762F +20171129063345 2 6 100 2047 2 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADDB29C0B +20171129063402 2 6 100 2047 5 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADDD1340F +20171129063440 2 6 100 2047 2 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADE1D2F13 +20171129063453 2 6 100 2047 2 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADE32DC9B +20171129063513 2 6 100 2047 5 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADE56C75F +20171129063518 2 6 100 2047 5 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADE5898EF +20171129063545 2 6 100 2047 5 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADE8E3FC7 +20171129063559 2 6 100 2047 2 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADEA2F2AB +20171129063613 2 6 100 2047 5 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADEB8D03F +20171129063626 2 6 100 2047 5 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADECF0D4F +20171129063639 2 6 100 2047 2 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADEE3F9DB +20171129063648 2 6 100 2047 2 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADEECDD2B +20171129063728 2 6 100 2047 5 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADF3B2B1F +20171129063831 2 6 100 2047 2 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3ADFB933CB +20171129063954 2 6 100 2047 5 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3AE05FFACF +20171129064044 2 6 100 2047 2 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3AE0C83FEB +20171129064109 2 6 100 2047 2 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3AE0F81483 +20171129064127 2 6 100 2047 2 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3AE1194DFB +20171129064141 2 6 100 2047 2 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3AE12EBF3B +20171129064157 2 6 100 2047 5 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3AE14B8657 +20171129064308 2 6 100 2047 2 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3AE1DFF6A3 +20171129064313 2 6 100 2047 5 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3AE1E37B6F +20171129064345 2 6 100 2047 2 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3AE21EA40B +20171129064404 2 6 100 2047 2 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3AE23F19DB +20171129064429 2 6 100 2047 2 FB10C8B63DDACEB1654E9B1BF39D2E5A65A310270D19FA63F4520A3B76AF3FB32C535647E803A830B96E950AAE9539547D53CA1373E7C059B5E8FC81A00E193B547C8F490B1428A4692EF9B4248E69498595D579D93CE2D867709AE84F6558381A51673E2BC55FC04B8655EDF3743980319C875C7B733996FE318A3EC6DBFEE79D596AF1A4AA7497575D8A2E378D86CC368073E9E11FFC83F85886D1FC8F1D32CC0021259D040063526D8ABF2F7E00D4B627AED022D63B84F7DB55EE10550FA9562A067EAAEE021D1893DC6DADCCADAE1C0AD8F350A20CB33DAD32035FE12CF7DD29A0BF35DD87228B512DF58C7A3DD5187E2E58FC39AC835F847A3AE26AA1A3 +20171129070339 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D8656503B +20171129070431 2 6 100 3071 5 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D8673A5D7 +20171129070444 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D8674FE3B +20171129070802 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D86F9B0D3 +20171129071143 2 6 100 3071 5 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D8790794F +20171129072038 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D890948AB +20171129072201 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D893CA93B +20171129072633 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D89FA04BB +20171129072704 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D8A081C83 +20171129073026 2 6 100 3071 5 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D8A94313F +20171129073736 2 6 100 3071 5 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D8BBF2F57 +20171129073811 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D8BD07FFB +20171129074006 2 6 100 3071 5 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D8C1A2AAF +20171129074244 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D8C85024B +20171129074339 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D8CA238BB +20171129074739 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D8D485DB3 +20171129074856 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D8D771FB3 +20171129075003 2 6 100 3071 5 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D8D9E294F +20171129075124 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D8DCE88FB +20171129080839 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D90AB02AB +20171129080910 2 6 100 3071 5 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D90B81087 +20171129081213 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D91332803 +20171129081802 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D9223D76B +20171129082038 2 6 100 3071 5 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D928D0B97 +20171129082101 2 6 100 3071 5 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D92957057 +20171129082300 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D92DF3C23 +20171129082841 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D93CA39BB +20171129083100 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D94254653 +20171129083144 2 6 100 3071 5 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D943C67CF +20171129083314 2 6 100 3071 5 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D9472895F +20171129083902 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D955FDEA3 +20171129084024 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D9591B8D3 +20171129084309 2 6 100 3071 5 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D96010007 +20171129084528 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D9659DC3B +20171129084819 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D96CA1933 +20171129084937 2 6 100 3071 5 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D96F8F0FF +20171129085037 2 6 100 3071 5 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D971A1D57 +20171129085105 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D97264D63 +20171129085212 2 6 100 3071 5 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D974AC317 +20171129085529 2 6 100 3071 2 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D97CB27FB +20171129085643 2 6 100 3071 5 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D97F5D31F +20171129085754 2 6 100 3071 5 FE72CDD6784FBAB0F7AA00E2F31A76435F8A02AC8B14A52C64CF4998EFEDADF9272FF9ADCF5AEDB6EEAE34A36C64833C8D63398A4906979A6B785139D9E7FE72FE8E3502B71B7780E8F4D74A520D3C8E5706EA428CCB746B673EC7472704203315FFDA7F3D5FCE56F6F441AA575B77748D6CB69DC1D7DB8531902CCB0E4D4817FBF4BCFE05120B60B7B99C62C578E6BDADE8E45B44DD67448F25F9118DA92DE375421E131781ED0895CACACB30C2D94D994B16215284CDE857A6C677C0E04A9B81E9D88076167EF3CB8041B65A1756850C2C667F2C6F5D6700F868A1518FD192B3C1915F19D119B2CF4588BD043ED3443982768B641FED8E2BF8E85BAC97A82808450DCCD35B5ED09E089AA04226A7710E20D5C00AED1CBAA176D93E1FEA308B4763F0FE9456E11F645A06D22A33EEA1931104605F280C7C5630548F3D35F6DBEDC8133FDC184F95D43B7D865EEF1E78A952BE3F098328A863447E2EBB726F3AB543F686CBD8BF8F9E780166758B495B7B75066E4B1987002422692D981F137F +20171129085925 2 6 100 3071 5 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD6062755797851948CD513EF +20171129090650 2 6 100 3071 5 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD6062755797851948E0DB457 +20171129090703 2 6 100 3071 2 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD6062755797851948E0E411B +20171129091339 2 6 100 3071 2 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD6062755797851948F218A93 +20171129092140 2 6 100 3071 5 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD60627557978519490711E0F +20171129092229 2 6 100 3071 5 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD606275579785194908BB287 +20171129092532 2 6 100 3071 2 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD60627557978519491098743 +20171129092609 2 6 100 3071 5 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD606275579785194911B52CF +20171129092912 2 6 100 3071 5 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD60627557978519491979D17 +20171129093038 2 6 100 3071 2 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD60627557978519491CBE28B +20171129093318 2 6 100 3071 5 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD60627557978519492326CF7 +20171129093513 2 6 100 3071 2 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD606275579785194927B907B +20171129093638 2 6 100 3071 5 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD60627557978519492B0BBB7 +20171129094059 2 6 100 3071 2 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD60627557978519493646CBB +20171129094240 2 6 100 3071 2 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD606275579785194939F7823 +20171129094307 2 6 100 3071 2 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD60627557978519493AB8EBB +20171129094439 2 6 100 3071 5 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD60627557978519493E34B3F +20171129094532 2 6 100 3071 5 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD60627557978519493FF8E7F +20171129094653 2 6 100 3071 2 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD60627557978519494307873 +20171129094922 2 6 100 3071 5 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD60627557978519494921E2F +20171129094940 2 6 100 3071 2 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD6062755797851949496EE1B +20171129095758 2 6 100 3071 5 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD60627557978519495F23CAF +20171129100214 2 6 100 3071 5 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD606275579785194969CC5B7 +20171129101245 2 6 100 3071 2 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD60627557978519498540453 +20171129101539 2 6 100 3071 2 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD60627557978519498C81ACB +20171129101618 2 6 100 3071 2 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD60627557978519498DC4FEB +20171129101802 2 6 100 3071 2 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD606275579785194991CB3FB +20171129102023 2 6 100 3071 2 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD606275579785194997603BB +20171129102105 2 6 100 3071 2 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD606275579785194998A9683 +20171129102314 2 6 100 3071 5 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD60627557978519499DEC1C7 +20171129102700 2 6 100 3071 5 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD6062755797851949A7663FF +20171129102831 2 6 100 3071 2 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD6062755797851949AADA95B +20171129103048 2 6 100 3071 2 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD6062755797851949B0592FB +20171129103239 2 6 100 3071 2 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD6062755797851949B4D9C73 +20171129103850 2 6 100 3071 5 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD6062755797851949C57B5F7 +20171129104512 2 6 100 3071 2 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD6062755797851949D60C7AB +20171129105020 2 6 100 3071 2 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD6062755797851949E393D6B +20171129105252 2 6 100 3071 5 E5B2496BAE5BB80230B69F3FCDC4E4D64BEFCD390B3D2F4A774F3ED4CBDB333B81930CBAF737164C13615CC0BE2EC320E34B8312ADCAA5D9644C0F054DD446C6299262BC184374B516DE3613628A8FB2606ECBCCE08BEE2ABE5D4B7B4CED22910635B723FFDC9381C8F87D0A471F935B62AF4CBEA3C329DF758BEE99F07C33AD6499CDCDDD64E3105F689C831D566296C978F27F0DB2F44389D9E0256790A0E4976FE38192C4BCB20FAF5853ED8AB04B16FFA478AB5945A3E98B12D014509039AB2F05629C48CA9E2272F71AE6AF07E7FBD92CD944A656731FB783E8EB38DF15630CA074D8CB41ECE91AA8A0D756690813C1DDFBE58CCCE7A50F4C83479C85B11908F80768F76F2FB8870B70F498F3235A044A80F32CE9AA9C613CD611D8CDD3CFD3F6A033F1764CD3029AD5435525D8BDD1B45100D61986BF8DBD8290AEC82FE15DBBBF00850AE58137383EEAFF9C9EDEDF8CCD42840E5D57C006F37AA3493FBA1E1719C7BDFC5EE22275A4D0415FD0DAB28E5CD6062755797851949E9CF297 +20171129114245 2 6 100 4095 2 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC980424F9ADB +20171129114850 2 6 100 4095 2 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC98042BB88F3 +20171129121702 2 6 100 4095 2 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC98044D9C36B +20171129124238 2 6 100 4095 2 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC98046CAF153 +20171129125253 2 6 100 4095 2 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC980478C8AA3 +20171129130704 2 6 100 4095 5 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC980489794E7 +20171129133140 2 6 100 4095 2 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC9804A64C06B +20171129140253 2 6 100 4095 5 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC9804C68CB3F +20171129144402 2 6 100 4095 2 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC9804F74F3CB +20171129145354 2 6 100 4095 5 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC980502DC987 +20171129150624 2 6 100 4095 2 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC9805112DBB3 +20171129150654 2 6 100 4095 2 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC9805113FE53 +20171129151512 2 6 100 4095 5 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC98051AA1CA7 +20171129153640 2 6 100 4095 5 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC9805342345F +20171129160526 2 6 100 4095 2 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC980555FD073 +20171129163211 2 6 100 4095 2 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC980575A8F7B +20171129165338 2 6 100 4095 2 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC98058EDA363 +20171129171055 2 6 100 4095 5 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC98059F788C7 +20171129171346 2 6 100 4095 2 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC9805A15681B +20171129171648 2 6 100 4095 5 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC9805A3C890F +20171129173802 2 6 100 4095 5 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC9805B983947 +20171129174541 2 6 100 4095 2 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC9805C1B745B +20171129182644 2 6 100 4095 5 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC9805EF8CFA7 +20171129183105 2 6 100 4095 5 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC9805F423DD7 +20171129183151 2 6 100 4095 2 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC9805F48127B +20171129183501 2 6 100 4095 2 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC9805F7A0D7B +20171129184425 2 6 100 4095 5 FADF655A8C18F13858C1C774D0060DD6FF25EAC29084E6A0A1E0D1218FD17F8800F697434FF377BC9ACB86AB48BDC139C51630956017D96CB0CC5C2D22604CABCBA881260B3A1F00A9F328DE35AC41638728AE65A1829F90AEE08237C971608AB5A7F3B50C53B3313FD68C774AAE29BCC1DA02BE0766D62DDE586169BAACB485CADC4F16EA0648E67D4D0F8DEFD9CCA4CC2B4000CD0C6372205F97C78F270F7E75A18DE0D3C8A3A1C1C606337BF6BEC94DD93D2646462E5F23AA4C292C00761D06FE220616A50C042A39351EBB2373EF21A35D5279D82E78B016A538B99CC166A148BABD91BCBE318A7987A5DA51B8B72D038F2D77668D48150A25ADC84018ADC7F36563E82D9DAA3B04593A989F9F05BBC0183DCE1BF6D6E2F9E4EFD5B52DF56B20AC035E36D57DFE521E9B3D256DE7F55C78837C0F5036DEC0581DF76CE7990A87F25113148BA1FF3502D82FC127B8134D3573BB8711B7891EF0C56B5C95037C9FBA6698219D63F5244A2E5D3479D0887CF5296900A23B344F3D804DF82712ABBD8A42218943957FA29966DBDB3A829959D08588FB670EEA4BF17605F928391B6BD36239CBE217CE278D2068D845F0B619CE726F2E9CA46ECA76180A90FFFFFA400D8F2956F3801FAADC49D9B05A786CA5D860A9B3AF3521842AB2C8C67CF7C9D966863B61AB2AA02970BD03F828980FEADEE067C4E7448FADC980601F06C7 +20171129190009 2 6 100 4095 5 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED907E91691F +20171129190047 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED907E94D7B3 +20171129191357 2 6 100 4095 5 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED907F80F827 +20171129191536 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED907F970063 +20171129201007 2 6 100 4095 5 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED9083AC9B87 +20171129202520 2 6 100 4095 5 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED9084C8A5FF +20171129202732 2 6 100 4095 5 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED9084EB4BAF +20171129203556 2 6 100 4095 5 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED9085801D57 +20171129204816 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED908664D7C3 +20171129205307 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED9086BA916B +20171129211738 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED9088852733 +20171129212245 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED9088DFD4A3 +20171129212444 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED9088FEF233 +20171129213520 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED9089C4756B +20171129214659 2 6 100 4095 5 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED908A9732EF +20171129215106 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED908ADCE773 +20171129215630 2 6 100 4095 5 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED908B3A5BEF +20171129220756 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED908C0BB263 +20171129221730 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED908CB5663B +20171129223322 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED908DDCC3A3 +20171129224236 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED908E85C73B +20171129224324 2 6 100 4095 5 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED908E8D9E2F +20171129225233 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED908F379CB3 +20171129225757 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED908F98DCDB +20171129231535 2 6 100 4095 5 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED9090E1233F +20171129232541 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED909198027B +20171129233438 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED90923CF07B +20171129233904 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED90928C0D7B +20171129235019 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED90935B1963 +20171130000155 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED90942FB1FB +20171130000803 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED90949B573B +20171130003235 2 6 100 4095 5 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED90966596E7 +20171130005040 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED9097B63323 +20171130005620 2 6 100 4095 5 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED909818E76F +20171130012144 2 6 100 4095 5 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED9099F4FB5F +20171130014001 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED909B4379EB +20171130014931 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED909BF25ABB +20171130015813 2 6 100 4095 2 D693DF66A6AA48BBECF942D3453355A19560938DE0A34C3E1158E5B9ECD70272CAE9686FAC4B6F64149C85607C158A67DB1C9B7FABD46379269492CB6B7E484D8AD4EA76D75EAD74F6A1E64D29206EC7BFF0630F3663C338039F8D10751AB8A177EEBB41E68434EAE03F7CA3761DE111900DC75F03209D8F6A92E178D94ADC7791D1BA55E7B6943A70D19957E348CA4B2407F89427D3B90979868732C69C221A3747ABCC7A9116D92237A1FDBE81E1ADDDA92F7FC0C15E7436B7C222E7759589919788B718B1F9F48356230B8F061F01FF21CD2DFEB2A1C744F8CBA3765364F1F417E105EDA7EB0ADBF1FD4CF4415B41CDA9BEF3CF6607A097EA2CFE32FA5376C01D1DF3B003FDEAE7571D0C54B5DED4DBBA2C753FB5ED889DD832085D75661CC762BBA28567CD080FB738B61C58ABF9962935C44322F1B96BEBEB594681CD2F20CA9F4D71C23D48E69725D37A4718924C4F145FBE0D841BE7C410A29C45810E240C319BADC04F990C4A84592FF925A73B6FE898F861B0E84D1146EB6856ADF066B11A0AE6915230F8A8E8234B33B5BAC1F3D1C3C05C8562DB51ACCAE2890C937F412D6E963C96965AA36350E8AB2901EE705B25407BC60711D9FC17E7885E5ED413ABBE2C207D55647F82C44367C13F489AD520A2A8FFA64C4F6EAF7AA816717F3019C6D240A4B9D788AFB73EA403523222D1E5940C47CAF304ED909C91146B +20171130055239 2 6 100 6143 5 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF480431DB8C972F +20171130062757 2 6 100 6143 5 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF480431DC5AB557 +20171130090503 2 6 100 6143 5 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF480431E0222F57 +20171130104830 2 6 100 6143 5 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF480431E2966E47 +20171130131919 2 6 100 6143 2 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF480431E65A304B +20171130151632 2 6 100 6143 2 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF480431E9314BFB +20171130154516 2 6 100 6143 5 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF480431E9DF731F +20171130170406 2 6 100 6143 2 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF480431EBBC2FF3 +20171130200258 2 6 100 6143 2 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF480431EFD0ED9B +20171130222515 2 6 100 6143 2 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF480431F32CBD03 +20171130230654 2 6 100 6143 2 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF480431F4224A5B +20171130235630 2 6 100 6143 2 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF480431F549CCE3 +20171203125416 2 6 100 6143 5 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF480431FC1A85BF +20171203150512 2 6 100 6143 5 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF480431FF1C415F +20171203162042 2 6 100 6143 5 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF48043200E63AC7 +20171203162245 2 6 100 6143 2 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF48043200EA5A8B +20171203172127 2 6 100 6143 5 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF4804320235B727 +20171203181636 2 6 100 6143 2 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF4804320364E433 +20171203183124 2 6 100 6143 5 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF48043203B31AB7 +20171203185109 2 6 100 6143 2 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF48043204236403 +20171203190034 2 6 100 6143 5 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF4804320453C2BF +20171203192853 2 6 100 6143 2 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF48043204F5D0C3 +20171203234953 2 6 100 6143 2 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF4804320B184C73 +20171204012939 2 6 100 6143 5 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF4804320D6A5B1F +20171204015042 2 6 100 6143 2 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF4804320DDD6F5B +20171204040850 2 6 100 6143 5 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF480432110E46BF +20171204060221 2 6 100 6143 5 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF480432139A662F +20171204093759 2 6 100 6143 2 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF48043218861E53 +20171204110909 2 6 100 6143 2 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF4804321AA18B6B +20171204112744 2 6 100 6143 2 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF4804321B0A25B3 +20171204113618 2 6 100 6143 5 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF4804321B357127 +20171204120614 2 6 100 6143 2 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF4804321BE218DB +20171204122520 2 6 100 6143 2 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF4804321C47FCD3 +20171204125750 2 6 100 6143 5 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF4804321CFEB977 +20171204133934 2 6 100 6143 5 F2F9DF4571769305CF3128D1F3B27E0B51064C0D70472B4B834907A11B6C76DAA091DDD058F56E7E5A1A144CBAD246C592ADB38DB36673E636E06043CF3776DE42B2A3C52B29A5378A538205F863CBCE489A9D26209B2679B7C10179193C7B50CC806D8FEA57F761D54F010EDBDCBC7624B989AD0C894E9ABA77744E164CB92A615919DA4E66C41F0D7DE03C2C8C89077E8E712CB867993110D1DAC8F8CC87AEC5F98E0A46D2DA94727D432D4406AE31F8FB2B9DAD9E882994E41FA2B46D364B416F05BE0D579DC31D0ABD89EBA6789835C4B4CE6B8F0E9C19E2B99BBB55211D9392F18A210686F487C38F6ED33CAFA7F2468B423CC7F36DE73655CE7B94D681409616C94E55B31AB6DC3422956DB8F00490A539D95F1BF4965340CB90B5BA03104F643F96B9ABDCB5D34920E4E675DBAB81C038C11AB28459E1F10F15EBE9C21BA47427C72C2960DD8763BFCE27D47C4A06B24EBD911DED8A0ADE710930F87132830B1B8E0675447A48E519FB18FD66D4012DE35E03533CB9C13B7D19823092F7F0D9C0E5C0EF7BCF9017817CEBB550168BB846E91AA5FFF1E44B7F42215890A26157EFA5647AF412924BFC0F6CD278261BA1F959AE90F165DB11AD56CEB5223AF8BCCD5760AAB2ED5F11C56B517FFBC96B178E46EF11E7A4E8209C1CA887218600B8B20FAA80AA0B00816969A0AE25807374C24566AC03F8DFB417D0C3E43AC9BDA056AD0562A28C9F7C5EEC7AC847699170668113DF07F22A875C40D570B8CCF09EE00D91B9841A7D10F1763EE48C0BABA0F76EAD940AB5FB376C685E2EF4A81717F8ACDA8ED205FB819E62598FB343451EE47D73B9541D9F8FB6DF4029FC8FCEC0F5B94258DB49B39717B0FEB5DB3BA8FB1D28F4FE0319F84111BE08E9D251791A0A1809B55C307B0D337923EDB8CA4F2018DE38A3B7AADDFB938D93C4F3F287DBFDD542D11C747A319AAA9CA8446EA4D5A3B8B91B48B850009A9353596F2352839D55FD45F442272123402D58C80411E5113C50E35D28EDAD3C7271E9ABB4E7152C70B306571433323661D4D12B2FAB10304F721B07FF4804321DF18F77 +20171204174709 2 6 100 6143 2 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE7517467E2B +20171204175707 2 6 100 6143 2 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE75177CF673 +20171204201457 2 6 100 6143 5 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE751ADCB617 +20171205043550 2 6 100 6143 2 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE752748419B +20171205051645 2 6 100 6143 2 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE7528400323 +20171205062021 2 6 100 6143 5 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE7529BA43F7 +20171205073410 2 6 100 6143 2 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE752B7A9EB3 +20171205074444 2 6 100 6143 2 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE752BB3FF13 +20171205101150 2 6 100 6143 2 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE752F440E8B +20171205115054 2 6 100 6143 2 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE7531576573 +20171205121540 2 6 100 6143 2 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE7531E8F173 +20171205130945 2 6 100 6143 2 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE75332BD36B +20171205141051 2 6 100 6143 2 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE753499FF7B +20171205144900 2 6 100 6143 2 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE75357B36FB +20171205154530 2 6 100 6143 2 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE7536CFC643 +20171205175129 2 6 100 6143 2 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE75398C8CC3 +20171205180055 2 6 100 6143 2 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE7539B7B69B +20171205191334 2 6 100 6143 2 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE753B4A4AD3 +20171205223915 2 6 100 6143 2 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE754018391B +20171206002554 2 6 100 6143 5 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE75429F0B5F +20171206024048 2 6 100 6143 5 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE7545C299D7 +20171206032820 2 6 100 6143 2 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE7546E1FE43 +20171206033917 2 6 100 6143 5 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE75471CD4D7 +20171206045008 2 6 100 6143 5 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE7548C1EC97 +20171206052722 2 6 100 6143 2 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE7549823083 +20171206065709 2 6 100 6143 5 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE754B6C9C7F +20171206083216 2 6 100 6143 5 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE754D96E15F +20171206085625 2 6 100 6143 5 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE754E17B6B7 +20171206134251 2 6 100 6143 2 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE7554BF8FF3 +20171206161018 2 6 100 6143 5 EF730E8C844746DF23D55A6C9508EF59F158850FF4A3A24B3E29C95547FE16E3C3F7269D4096406935222EDC51BFDFE89B454D8C02F868FB297A1FBFEB61A5392779A6C51AF8F9068CC579276D045FF317D9B7540D9A39FA936004991CB06BA169012F75BAF0B8D6203470AF1BE5569341E462DF72FF4AFD9C24BCB7584C71C1766DFDD74FE13D98C176DC64979F4720C0A996226948C9DE5E1890C2E703168AB3B33D50C395F13CDE094300C4BB0ED86352950C238DDEB1A8412A2409B6C487F9CBBB110A754A7B4985CF55DE4FC5137CDF13F9B0E10768DF0A28D6628DFEC684A25439E5C943718E4E4CFC89A3DCE1B747F77A0CE08B98AC92705E8DD3A6EDD18FAEA2FBB4988C3CC947C8206DD67CF44BEF69B617E781E93501877F81E4CC2263DB0B5EEEFFF3FCFCD2AB6E34B724D755A9D5025C978AA679D806318EF9F81787D3C69FB2D25B0382A3A96F44216791D41CCC3DF04EBD19B84858F0935C1C774F4685C8114EBCA8C71946C35CB42B82AD56541E3B4AB0A47E0AD8FCF9073BCFB801EA84DDF5DF4426578561BC737C2469B34F275502BC0BD7AB018506FD8DD6A9477F1588C2F76FD82B2AD3740E7F161632C66B961737EB70E9B44F362F73C1F874F7C06C5370297E975D25E004D6090BD119915694AFB57427DDE7F50C81B9A1812E10FA39A01E2F2FF18C96FADEA62BF08FAB027A31D84E4C0267AF7E880B5A0608683542E9895DB15FA1ADA9F1D28569C8E27662CE912CD1869227F542C1F228C6A2226D4AC24673994AA453BF21A1961D17C7E29B297E8AF7A71C4E2957A603900A3B4947B7B59A70767EB9106C043A48EEFAC3CCDC0F78F559CDBE64328E3C21D33D30E6AAFF638761F988CD99C59ECBAC4276ACE22062F6903B4B78B45917829AAA0CF11D04272EB44385A3479AD7B6E3E94126CC35AE082A73AAE991670C5145576789B43055B5F9D457523B16032CC65B679BD5AA08657D719EAC3D0345812BFA599249E4719AA2DF1507916FA735535781F053C4CB92D28007CC8D621E571E957AED705C2D11724E6D4A3BE268FDCCA230A1BE9EDE7558211DF7 +20171206195122 2 6 100 7679 2 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A634801E6B61B +20171206235707 2 6 100 7679 5 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A6348054D6277 +20171207033003 2 6 100 7679 5 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A634808323A27 +20171207054441 2 6 100 7679 5 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A634809E6C2F7 +20171207104116 2 6 100 7679 2 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A63480D5E19B3 +20171207110410 2 6 100 7679 5 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A63480DA1758F +20171207170628 2 6 100 7679 2 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A634812866F03 +20171207183951 2 6 100 7679 5 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A634813B1BBCF +20171207212011 2 6 100 7679 5 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A634815D9070F +20171208005123 2 6 100 7679 5 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A6348189250C7 +20171208011303 2 6 100 7679 2 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A634818D35CE3 +20171208021235 2 6 100 7679 2 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A63481996D303 +20171208133603 2 6 100 7679 5 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A634822901357 +20171208151649 2 6 100 7679 2 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A634823DEBFBB +20171208175501 2 6 100 7679 2 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A634825D190FB +20171208193058 2 6 100 7679 5 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A634826F30FB7 +20171209011341 2 6 100 7679 2 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A63482B5BD51B +20171209030814 2 6 100 7679 5 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A63482CD52277 +20171209040411 2 6 100 7679 2 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A63482D874DDB +20171209121718 2 6 100 7679 2 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A634833C845DB +20171209182655 2 6 100 7679 5 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A6348386E2CD7 +20171209190603 2 6 100 7679 5 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A634838DD3487 +20171209234111 2 6 100 7679 2 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A63483C59DD8B +20171210084529 2 6 100 7679 2 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A6348432B34CB +20171210100748 2 6 100 7679 5 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A63484426B89F +20171211113225 2 6 100 7679 5 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A634856D74BDF +20171211183528 2 6 100 7679 5 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A63485BE7C88F +20171211220143 2 6 100 7679 2 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A63485E59F1D3 +20171212002701 2 6 100 7679 5 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A634860299B67 +20171212043247 2 6 100 7679 5 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A6348632526BF +20171212143825 2 6 100 7679 5 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A63486A53EDEF +20171212144749 2 6 100 7679 2 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A63486A6818FB +20171212180038 2 6 100 7679 5 CF96EF3064F3389AC4D7DA6813F67988F77979BB89C86E3A82B8FBE165D96646B6665C28FE7F5D1742E288AF6A47CEAD57277CF7B7902B8B7F899CB512DDF0EDEC293B152ABA4085290AE8BF93AF988437B549319AF0E18E39805C80A4714E4108DC29DDF708365B8FAC1F220784A8AA89F4C04176DFCEFC652988A6F878937AF8FEFF6A45672DB27EC215CDCBB9C530BDC2F1F357DC69073AA6B3670B988F271386E1B2F72635AA83420CF2A393338D1C4E2B502C11CA2098481EA292ACD7A7BFF84945E9CC04B47B1967F09CC7A4BE5AAA749583318E561E5504F28472B0AEF60B854142AACFE6017786E8B5FB674C79D68B7B44842F18E2075B8679A99D43892847B09A0CADFBED479942F599A1666D96EEED85A222431F8637D6FB73F5E08465417DAAA47BD31BDCE2262E06E0B7E5BF6FA9703890997C275CE11CA52A92D0F4889F370164D4EFA8C461E2F3BBABA54F8A1DD165C3D5344DF572B67EF92DC3E8EF66926B673AD59FB5CE5FF5ECED31535CC347374D846F0373EDD82DEFAF4DEEF238A1ABFF44FDC2D9511E8AE69349B69749DD6D2AD5A2A95F579B3A0D232FAB4A915568409150F184F1F58114354235084F9B104F9DA8EC13D34AB93BD61620CC0B93118FF2299B80856CE2A40792F58E37990677E1C4A662D619F835DA5537873CDF05DCDB369AEB2E6159E351E9140DDD5E4FB57EAAD9CB5A41EAC61CD1E95D983832D0E8D35EEFF88E699A33A4AB0FC82B8A1B38F527933108FCC6533C9DE3AFCAE396246399DB878A9D500905A707B3C1F3F490E327A5C219151E7077C9E456F3DD046F6FAC8C3F98CC90FC558E87A7CB654320DA2B48F41BE0D8498A98DF562EE0A33FF61AF92E90DABA5323CF416C7E3B5E0A5190A36442F08AEE80B4886C407A689A81293D7CF6D7F88C112F7D166D4AE27147BCDC4C91E2880F5A4065B0AC7480BCDB9A0BCB790FDDF0370DF819986DA21FE700E15D449F5C0849B70C8A84569F205D74141F87B73D2EE3BB4D7A88F2DC90272219E39B5456F5CE8F0DA1E40E98C1B968112DC3664663B3C2A2B1402657CC0529AD6CED5BD2A177F9ED6FDA41378C8ADA6F33615516CFE0077E9426424F06DF517A5117F2882FFE3144245623DF8DDEF9869E5F6D328884018885209EA24F7F617837E7751D56EF3201D3FD607706B889728591E7C822ED97FF0B9DC111D5D0142387D88CB799345EF48235922632D6610F9E1C7AAAB6368EC0D4A76185686FCDA99499DC1B7F08C8A1BDDEF3F803CF168D818CEAC1F8B79E70C49E37B3E19B0096D1B6C2D4BF73DBF503401AE4EFCF9DEB8AC4A9C39E140CA9086E9927274E2A63486CA4B787 +20171213010731 2 6 100 7679 5 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F5561319BBF +20171213020125 2 6 100 7679 2 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F5561E7621B +20171213022044 2 6 100 7679 2 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F556220C81B +20171213024903 2 6 100 7679 5 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F55627C3CE7 +20171213030139 2 6 100 7679 2 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F5562A0B013 +20171213055041 2 6 100 7679 5 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F5564BC168F +20171213060909 2 6 100 7679 2 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F5564E9CBA3 +20171213072312 2 6 100 7679 5 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F5565D64617 +20171214093125 2 6 100 7679 2 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F557B083E83 +20171214095927 2 6 100 7679 5 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F557B5C6367 +20171214222602 2 6 100 7679 2 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F5585408053 +20171214233609 2 6 100 7679 2 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F55862A758B +20171215214134 2 6 100 7679 2 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F559742D26B +20171216043116 2 6 100 7679 5 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F559C858AD7 +20171216061211 2 6 100 7679 5 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F559DBA299F +20171216061646 2 6 100 7679 2 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F559DBFD57B +20171216094255 2 6 100 7679 2 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F55A0524813 +20171216110833 2 6 100 7679 5 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F55A15D5D1F +20171216171002 2 6 100 7679 2 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F55A5EC1993 +20171216211154 2 6 100 7679 5 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F55A8EA2ED7 +20171217022713 2 6 100 7679 5 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F55ACD2DE8F +20171217032242 2 6 100 7679 5 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F55AD80002F +20171217074522 2 6 100 7679 5 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F55B0B564D7 +20171217095738 2 6 100 7679 2 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F55B254E7FB +20171217120716 2 6 100 7679 2 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F55B3EDC9EB +20171217153508 2 6 100 7679 2 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F55B680123B +20171217162942 2 6 100 7679 2 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F55B727103B +20171218014406 2 6 100 7679 2 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F55BDE7E6A3 +20171218033011 2 6 100 7679 2 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F55BF2DBDBB +20171218052822 2 6 100 7679 5 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F55C08EEBC7 +20171218071736 2 6 100 7679 2 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F55C1D36F8B +20171218072625 2 6 100 7679 2 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F55C1E549DB +20171218081603 2 6 100 7679 5 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F55C2747B77 +20171218163834 2 6 100 7679 5 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F55C883ECE7 +20171218165317 2 6 100 7679 2 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F55C8AA3DD3 +20171218195505 2 6 100 7679 2 DC810DED621062F0CB271F50E716119CBA30A56C758377BD69D70043B8C9ACA2E7EFA9896D324B18FB1A550BDB994533A67258C7EB28B23D1AFB6D3FE0C5C8AD961F2BFAE67E57978F749D3F33A0D9AEAFD817FD663E60298D0DF73E4B27A85B6799D929240EC6C4C59E0D98E0A7875F3FCC3E29394083D1344F78DC70B5E23C108A03B7B81121BEDD2093262B7E32C7AB695AD545D3A99F410199DDD9759FE1EE8502180206841B3C74CB6A939B38707309B421A75FFEC30C977F91A9F9F3C9F65EF2EA6251E72F8A65C7753815C188320E91B079EDFB9F1D480F529B67075B57523C44895DE2427D32D3935EAC5F46659C5F723C9BB006862EF143A77C384560EB5474F8D034FC8059F6D7BCD9EBD17D2740741FB4025CF87FFE3DAAFF72C8D9D10E1F779AEC56D3C6340426E2D980EAA07C46F2E720D1B8206D2A29162C6CA877FA89C0876DA70FF3A773BDEE1BB5831EFB58A9191430B0DE46EA4F484642F257AC176B74A91A02594D00D2FD30BE4927DED30C4389245EC5ECA93B1B08AFBB86B8012394F8CB874DC092498A2F9B44E27804C039632A192C8329F0DF25B196E6AB5E07FB3732B94990A2F0490FB07D9E33B0AA2830EDB572D7C7968A193B83FF869F65ABEDEC65EB03EA6DF0CD6C077DE627FD3583AFDA1754E655BE7ECF7A2BEAA422E516B26194FAEFEE6F535439B413325E1263E7E797DE9D717540A96AF360F8EE1FD4B190A513E83AEF6BCAB5A245F4A4F129F5F8AED11A558FE968A0CF2E254438384D0EE91BEE99A39696821DBA585144FA65484897CFC517FCE1D1512F792C6996063585F640AC9480220ED1FF3EDC1D7E55344977F71692D6F5DB091821A3F9612B65138848B874A93A71A74039337BF291938B0A8ACA2141BE969DCE4322A276C86C5A8E369EF6717158B46EBE48F8F9BC4F2E46203AC21CDD9F0ED1989F7D964D46D7DA63444C9CADA82AF53E38873A5D3F68868CA4F65748210716658F2A841B3890E773A2623A59073F14A0F2F1B0893FDBE5BA72FC9609DB8E8A56A322E2B4178CE7B2022D741BD256303D926B48D5239B354F611C52B475C62351854D6E27C89231E7E7972C19C7D6F5BEB07D1A1FF827348DA862F422047A2DB7B591AE497578A4BA95CBECFB503F5DC04C0C6A946FFB515F2F0BDC4332F2674706F7C1908B681D8EE3667777092C06DC9CF00F98143F4A1350FCBAEBB5157A5473D33F51778987B35B1D48249A491EE8F8778DE6DC29131F708642884BED0B0D159E1EFE428D18D3631F13A593323F1659FE9E1A708115D2F131DCC3808CE016036FF1D0D9193CBEB2CD1C49F9973E0BCB09A2A9394E2F55CABFB253 +20171219124324 2 6 100 8191 2 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203ABF9DA753 +20171220012557 2 6 100 8191 5 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203AC87B0257 +20171220113159 2 6 100 8191 5 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203ACF6BF797 +20171220172848 2 6 100 8191 2 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203AD382D913 +20171220184955 2 6 100 8191 5 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203AD4620FCF +20171220232754 2 6 100 8191 5 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203AD788C3AF +20171221050933 2 6 100 8191 5 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203ADADA05AF +20171221135413 2 6 100 8191 5 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203AE091EA4F +20171221220649 2 6 100 8191 5 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203AE5EFB017 +20171223020323 2 6 100 8191 2 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203AF8256AAB +20171223193520 2 6 100 8191 2 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203B035D92A3 +20171223214753 2 6 100 8191 2 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203B04C1A663 +20171224021554 2 6 100 8191 2 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203B078E9D33 +20171224034823 2 6 100 8191 2 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203B087DB16B +20171224121415 2 6 100 8191 5 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203B0DB70677 +20171224130232 2 6 100 8191 5 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203B0E3090C7 +20171224135245 2 6 100 8191 2 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203B0EAF8073 +20171224212046 2 6 100 8191 5 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203B133C2B4F +20171224212702 2 6 100 8191 2 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203B13441743 +20171225003349 2 6 100 8191 2 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203B152CE5AB +20171225004348 2 6 100 8191 5 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203B153F6807 +20171225041057 2 6 100 8191 5 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203B176011EF +20171225091911 2 6 100 8191 2 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203B1A71C743 +20171225162026 2 6 100 8191 2 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203B1EB91123 +20171225192243 2 6 100 8191 2 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203B20715EBB +20171225215524 2 6 100 8191 2 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203B21F31B1B +20171226063458 2 6 100 8191 5 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203B272E398F +20171226064036 2 6 100 8191 5 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203B27337437 +20171226213456 2 6 100 8191 5 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203B302C487F +20171227055343 2 6 100 8191 5 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203B35235327 +20171227125423 2 6 100 8191 2 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203B393B67F3 +20171227150248 2 6 100 8191 2 EE490FB8716A6562BB33AA7C81BBFDCF2BC4C7257F68FC888B014D4D06FF9501EDEC5B4B462DBA35A9C6E541F218CB4A44F6F9FC88F4B4CC522803FA78E320467D89DC594A89B9718278C390023E9A367EDC39614216835EC52511F0ABAD50A37B742603D8ECA51491AC9A0F61B8A0AE8C09831869F2BF140277A0DA761C57856191FB3D6BCA46D51AC32A52FA6012B8AF5531F1E361751EC530B502B9001CAD88C0E921D4F809CA97C06278C0503B17BAE6B082168C34AB558BAC649EC3A69D2D136804E89B4FC952AF03C5056A6CA50D130934CBA7FA852BB950328E6BA2BFCF86C7319C96E5AC7172B03A000D678E4734BF756645816DCFA5710D65F77B994C1D12000502CC31478258694CFEE378707F7111E7337A0EBBD8EA3E91459AEB73B310DEE37464DF317FB6BBBD6A4DB32B505F7F6D0D5A6C8BE439514BAA032CB41864647F64F18B414BA2A2BF7AEF787D1F84B2EFDF5935857C9A6167CA426109FEBA69EE58FEF126F3F98FBC46570EF50DD3F502044DBD580E5DCFD214DA8788B7104D4A77C4006AC153E704B395F061118D5898155A7BC758C13D6D9B381F40B1998FFBB520D78110956D7E01EB07F2AA4CE132C3CDE594E3FEF45F2FD2C6B8B2C75B8C232DEC3C82BDF494E846D8AD466F8F234FE2698C90B203C989F9EBE77DF2126CE4C765E19BCBC628F6B70FFEE9214B88E27CF989939EF396D513BDD2CA737EDB8C6845E5883D283445F3FB8F662F0CFC29F405A592C8C0D68575361B09BA4D1398D61B552D239F897D84B8D46A6E1B113D76AE9BABA8D5617B3ACC1A8F4AFBA8597BA96CF872A5AE48BE79A44771937D01D0EF76C99C1C99C7EE94DBDFE3FBA41B69DEC9F4B1858E3D4F488CAEA52692C9334ADB39A8FEDC815A1E4D7057AE7CF4BD2A67B02141F98306D4A67C759414F03AE3A9D2C0F1090B29C8833E3500ED05FF6175D29408D8DB6D0651AFC77142FA7F44114274C0575B4F2EAF27714B56F450DE6F02423B4BEDC090E91ECD92F5DF5B9D053E095149B069FB60D51BB700A188EABD493773B7BEBA99CA21E981BF14188926E5F2DB6348B8E85AE4E2D498F116C9A240567F71B9D86B8173A42BA29100F02322DE24241DF8333F7A7A2A8C71513B734BC7E35D25F469B27F9B0883E1B62E1C4FC60FC6EB4A1E9B1AD1DD26A8D64D27944577E8ABE51EA225B0FFE27B5592D6EA5FBAA81BE6E3657FBBE67D359D0D18622545E8C1093D542F31FEBD00E0C687BB66D6F4E8F3FA0AD435F303F1108CE3604FF199E5DBF7E7309EBECA4ADB0F2AED26B87E7B50C23F0AA8370EEABFEEF273B64EFAD3167D78689907C500FAB9AC160968BA738AC40B23F50BEAD01C6343D7B7190034C79FFDD250938A84E499D5583F5213287F495DF9008DB8A9A51DFEA454A8215683A53A6A5CE5BFDA0D827704203B3A81A89B +20171227165129 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C3FF14E17B +20171227193939 2 6 100 8191 5 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C400F55F3F +20171228032103 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C4065CE64B +20171228115824 2 6 100 8191 5 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C40C43BAB7 +20171228124603 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C40CCD6483 +20171228164850 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C40F99437B +20171228210323 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C4126F1FDB +20171229030717 2 6 100 8191 5 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C4169A7847 +20171229061209 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C4189CEBF3 +20171229071940 2 6 100 8191 5 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C419560A6F +20171229082351 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C41A003293 +20171229091948 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C41A97B0B3 +20171229152509 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C41EA78513 +20171229193934 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C4216FDF1B +20171230082815 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C429E6D743 +20171230095722 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C42ADAFEC3 +20171231000503 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C4341E820B +20171231123324 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C43C20726B +20171231133810 2 6 100 8191 5 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C43CC9B38F +20180101034650 2 6 100 8191 5 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C445D1D6AF +20180102021859 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C453E3A923 +20180102095212 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C4589223B3 +20180102194603 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C45EA32E73 +20180102224522 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C4606F2AEB +20180103002357 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C4617220D3 +20180103011455 2 6 100 8191 5 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C461EEC227 +20180103044126 2 6 100 8191 5 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C4640ADAFF +20180103102958 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C4678F8743 +20180103153131 2 6 100 8191 5 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C46AA4F9DF +20180103175311 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C46C14249B +20180103210214 2 6 100 8191 5 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C46DF36E37 +20180103214256 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C46E5524BB +20180103224847 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C46EF5AD73 +20180104072036 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C473F7759B +20180104112937 2 6 100 8191 5 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C47658C257 +20180104122132 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C476D82313 +20180104192013 2 6 100 8191 5 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C47AEEE017 +20180104234458 2 6 100 8191 2 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C47D812CC3 +20180105001530 2 6 100 8191 5 F461D7B72CCE12BB489DFEBB0D3252492FB894ADE7EEFCA4FCEAE71B2078652882837E3DDE311BA08D03316DDE3C3C844C34F37E7536601A57C95E1D191CC3B603E15D0E27D99ECC6B7781424F1D40E39FFF25D3F99C207359AD00CB7A68DC0937FDC38F24EF6C095DA60D92F977FBE8674D9885C4F147D6B6114F1CAF9F56327EF2A9CF30C5A26F46E19FAFACF357EC4E9119FB4AC34FF97FE5CDA2D578E00DF294AC88305AA8C9CFA074F35A211DD176486BBFDF04269B47C1EECAA0FAD95F6A5D829770F73DE8AF9D45928E4BF4C71412821419E2AFB2DA29FAA42557CB595B75433FDF015E42853C784AC8A15857D494900319D36B3A6672B885B686D6498D50A7843D381D240A77C053853FBFC670687678EA7AA909F9D82D2363ABD4851E3D20CE16632E0B1522AAB5DB8BB53AA1EE8CDFE86A494D1C2405C5AAE058D1990C91607D8043A74453AFB650110CA784BA307E531B153537B2C0A888D75229CC1D3CD27B0D7A6BEE20E82B7EB912D9F36BC8630990003DE2494DE017CB9D0EDBA7F0785927E79A76DA00707ADA18B9EBC57930E36E76737A7BA31F8F36F11D8CEDDCE28A411EEB34CE5D5235E88F66089F59CD921A84789512947DFDC8247A68353D05BEAFA6E450D7211D8BABE3C4C63685E9FA7742BD6309F3D72B9BE5E1B84E534596A81DAF1F5483C001FED71A9C7E432A28E52E43D9A0D4D4607B5E3459C7D424925C34311958344EBB86AF4E02675F8701BD55AACE3DDF48980E1977EE44275BEEE341C090820A63FD317595D7A0CCD00609B49E4AAF8C744F2FEA35A806B9B79C519CCDCE59F225FA243FD1AD0C8DBAFA17291CCA0C0C4DAB68060205F72978A5879093A132BE80C061D33348D94A8C79AE86F637701FC44E795B0F15D4610E0B269DEC7B24F717A7284A521759894AE475E7E35472ABC8C82DADE518628FF0DD37B48D94D48C18BF686F509AE5A5C35CC7BC33861673166B743FE10EB6508D36B29D1C798210E3D1840418A67214F9DB6FAF60BB42329226517C202436F735C1D326B49E1A37FF80BA4599A55898A48A2967647EA5E48B88F8034C7BBE9AFC1CD8DCC986495AB7070346E83479BC23925D418A68C7D72B4BCC106FEE74532F70F3CA019C68D419E944C34A69DAC2CDA1155F4FCDEC53CFB3AED1FE07C58FD20D673CE274AC89AEB3D72C36C2D81B42A5F9A61A83FB748749FDA5598C5A519A3026B1475F61CA5DE7A77BE86C2DC6EBAA6F756D5C15AF0F0844C05F233A0468148956C0BA80ACDCB7850FE0CBE75DB675AB712ADBF0934765919A697F4C4345E2AD63B159664FE0DB201683C8DFBBDB1EFE3B580C11809AC815C1863929E60B7A0819D255C8EE7AA582C33E0153EB685E830627829C141DF8B5C599D9DDD25CB3EFAD7C4369A470D3AE3CF4CD0CDCB185A402F7C3E395C47DC6C2E7 diff --git a/moduli.0 b/moduli.0 index e319015b28a..59767da3831 100644 --- a/moduli.0 +++ b/moduli.0 @@ -71,4 +71,4 @@ STANDARDS the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006, 2006. -OpenBSD 6.2 September 26, 2012 OpenBSD 6.2 +OpenBSD 6.4 September 26, 2012 OpenBSD 6.4 diff --git a/monitor.c b/monitor.c index c68e1b0d912..d4b4b04719b 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.180 2018/03/03 03:15:51 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.186 2018/07/20 03:46:34 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -56,10 +56,6 @@ # endif #endif -#ifdef SKEY -#include -#endif - #ifdef WITH_OPENSSL #include #endif @@ -68,21 +64,14 @@ #include "atomicio.h" #include "xmalloc.h" #include "ssh.h" -#include "key.h" -#include "buffer.h" +#include "sshkey.h" +#include "sshbuf.h" #include "hostfile.h" #include "auth.h" #include "cipher.h" #include "kex.h" #include "dh.h" #include "auth-pam.h" -#ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ -#undef TARGET_OS_MAC -#include "zlib.h" -#define TARGET_OS_MAC 1 -#else -#include "zlib.h" -#endif #include "packet.h" #include "auth-options.h" #include "sshpty.h" @@ -113,9 +102,7 @@ static Gssctxt *gsscontext = NULL; extern ServerOptions options; extern u_int utmp_len; extern u_char session_id[]; -extern Buffer auth_debug; -extern int auth_debug_init; -extern Buffer loginmsg; +extern struct sshbuf *loginmsg; extern struct sshauthopt *auth_opts; /* XXX move to permanent ssh->authctxt? */ /* State exported from the child */ @@ -123,46 +110,44 @@ static struct sshbuf *child_state; /* Functions on the monitor that answer unprivileged requests */ -int mm_answer_moduli(int, Buffer *); -int mm_answer_sign(int, Buffer *); -int mm_answer_pwnamallow(int, Buffer *); -int mm_answer_auth2_read_banner(int, Buffer *); -int mm_answer_authserv(int, Buffer *); -int mm_answer_authpassword(int, Buffer *); -int mm_answer_bsdauthquery(int, Buffer *); -int mm_answer_bsdauthrespond(int, Buffer *); -int mm_answer_skeyquery(int, Buffer *); -int mm_answer_skeyrespond(int, Buffer *); -int mm_answer_keyallowed(int, Buffer *); -int mm_answer_keyverify(int, Buffer *); -int mm_answer_pty(int, Buffer *); -int mm_answer_pty_cleanup(int, Buffer *); -int mm_answer_term(int, Buffer *); -int mm_answer_rsa_keyallowed(int, Buffer *); -int mm_answer_rsa_challenge(int, Buffer *); -int mm_answer_rsa_response(int, Buffer *); -int mm_answer_sesskey(int, Buffer *); -int mm_answer_sessid(int, Buffer *); +int mm_answer_moduli(int, struct sshbuf *); +int mm_answer_sign(int, struct sshbuf *); +int mm_answer_pwnamallow(int, struct sshbuf *); +int mm_answer_auth2_read_banner(int, struct sshbuf *); +int mm_answer_authserv(int, struct sshbuf *); +int mm_answer_authpassword(int, struct sshbuf *); +int mm_answer_bsdauthquery(int, struct sshbuf *); +int mm_answer_bsdauthrespond(int, struct sshbuf *); +int mm_answer_keyallowed(int, struct sshbuf *); +int mm_answer_keyverify(int, struct sshbuf *); +int mm_answer_pty(int, struct sshbuf *); +int mm_answer_pty_cleanup(int, struct sshbuf *); +int mm_answer_term(int, struct sshbuf *); +int mm_answer_rsa_keyallowed(int, struct sshbuf *); +int mm_answer_rsa_challenge(int, struct sshbuf *); +int mm_answer_rsa_response(int, struct sshbuf *); +int mm_answer_sesskey(int, struct sshbuf *); +int mm_answer_sessid(int, struct sshbuf *); #ifdef USE_PAM -int mm_answer_pam_start(int, Buffer *); -int mm_answer_pam_account(int, Buffer *); -int mm_answer_pam_init_ctx(int, Buffer *); -int mm_answer_pam_query(int, Buffer *); -int mm_answer_pam_respond(int, Buffer *); -int mm_answer_pam_free_ctx(int, Buffer *); +int mm_answer_pam_start(int, struct sshbuf *); +int mm_answer_pam_account(int, struct sshbuf *); +int mm_answer_pam_init_ctx(int, struct sshbuf *); +int mm_answer_pam_query(int, struct sshbuf *); +int mm_answer_pam_respond(int, struct sshbuf *); +int mm_answer_pam_free_ctx(int, struct sshbuf *); #endif #ifdef GSSAPI -int mm_answer_gss_setup_ctx(int, Buffer *); -int mm_answer_gss_accept_ctx(int, Buffer *); -int mm_answer_gss_userok(int, Buffer *); -int mm_answer_gss_checkmic(int, Buffer *); +int mm_answer_gss_setup_ctx(int, struct sshbuf *); +int mm_answer_gss_accept_ctx(int, struct sshbuf *); +int mm_answer_gss_userok(int, struct sshbuf *); +int mm_answer_gss_checkmic(int, struct sshbuf *); #endif #ifdef SSH_AUDIT_EVENTS -int mm_answer_audit_event(int, Buffer *); -int mm_answer_audit_command(int, Buffer *); +int mm_answer_audit_event(int, struct sshbuf *); +int mm_answer_audit_command(int, struct sshbuf *); #endif static int monitor_read_log(struct monitor *); @@ -171,7 +156,7 @@ static Authctxt *authctxt; /* local state for key verify */ static u_char *key_blob = NULL; -static u_int key_bloblen = 0; +static size_t key_bloblen = 0; static int key_blobtype = MM_NOKEY; static struct sshauthopt *key_opts = NULL; static char *hostbased_cuser = NULL; @@ -185,7 +170,7 @@ static pid_t monitor_child_pid; struct mon_table { enum monitor_reqtype type; int flags; - int (*f)(int, Buffer *); + int (*f)(int, struct sshbuf *); }; #define MON_ISAUTH 0x0004 /* Required for Authentication */ @@ -220,10 +205,6 @@ struct mon_table mon_dispatch_proto20[] = { #ifdef BSD_AUTH {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond}, -#endif -#ifdef SKEY - {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery}, - {MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond}, #endif {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed}, {MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify}, @@ -300,7 +281,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) memset(authctxt, 0, sizeof(*authctxt)); ssh->authctxt = authctxt; - authctxt->loginmsg = &loginmsg; + authctxt->loginmsg = loginmsg; mon_dispatch = mon_dispatch_proto20; /* Permit requests for moduli and signatures */ @@ -338,13 +319,16 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) #ifdef USE_PAM /* PAM needs to perform account checks after auth */ if (options.use_pam && authenticated) { - Buffer m; + struct sshbuf *m; - buffer_init(&m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", + __func__); mm_request_receive_expect(pmonitor->m_sendfd, - MONITOR_REQ_PAM_ACCOUNT, &m); - authenticated = mm_answer_pam_account(pmonitor->m_sendfd, &m); - buffer_free(&m); + MONITOR_REQ_PAM_ACCOUNT, m); + authenticated = mm_answer_pam_account( + pmonitor->m_sendfd, m); + sshbuf_free(m); } #endif } @@ -428,18 +412,21 @@ monitor_child_postauth(struct monitor *pmonitor) static int monitor_read_log(struct monitor *pmonitor) { - Buffer logmsg; + struct sshbuf *logmsg; u_int len, level; char *msg; + u_char *p; + int r; - buffer_init(&logmsg); + if ((logmsg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); /* Read length */ - buffer_append_space(&logmsg, 4); - if (atomicio(read, pmonitor->m_log_recvfd, - buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) { + if ((r = sshbuf_reserve(logmsg, 4, &p)) != 0) + fatal("%s: reserve: %s", __func__, ssh_err(r)); + if (atomicio(read, pmonitor->m_log_recvfd, p, 4) != 4) { if (errno == EPIPE) { - buffer_free(&logmsg); + sshbuf_free(logmsg); debug("%s: child log fd closed", __func__); close(pmonitor->m_log_recvfd); pmonitor->m_log_recvfd = -1; @@ -447,26 +434,28 @@ monitor_read_log(struct monitor *pmonitor) } fatal("%s: log fd read: %s", __func__, strerror(errno)); } - len = buffer_get_int(&logmsg); + if ((r = sshbuf_get_u32(logmsg, &len)) != 0) + fatal("%s: get len: %s", __func__, ssh_err(r)); if (len <= 4 || len > 8192) fatal("%s: invalid log message length %u", __func__, len); /* Read severity, message */ - buffer_clear(&logmsg); - buffer_append_space(&logmsg, len); - if (atomicio(read, pmonitor->m_log_recvfd, - buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) + sshbuf_reset(logmsg); + if ((r = sshbuf_reserve(logmsg, len, &p)) != 0) + fatal("%s: reserve: %s", __func__, ssh_err(r)); + if (atomicio(read, pmonitor->m_log_recvfd, p, len) != len) fatal("%s: log fd read: %s", __func__, strerror(errno)); + if ((r = sshbuf_get_u32(logmsg, &level)) != 0 || + (r = sshbuf_get_cstring(logmsg, &msg, NULL)) != 0) + fatal("%s: decode: %s", __func__, ssh_err(r)); /* Log it */ - level = buffer_get_int(&logmsg); - msg = buffer_get_string(&logmsg, NULL); if (log_level_name(level) == NULL) fatal("%s: invalid log level %u (corrupted message?)", __func__, level); do_log2(level, "%s [preauth]", msg); - buffer_free(&logmsg); + sshbuf_free(logmsg); free(msg); return 0; @@ -476,8 +465,8 @@ int monitor_read(struct monitor *pmonitor, struct mon_table *ent, struct mon_table **pent) { - Buffer m; - int ret; + struct sshbuf *m; + int r, ret; u_char type; struct pollfd pfd[2]; @@ -504,10 +493,12 @@ monitor_read(struct monitor *pmonitor, struct mon_table *ent, break; /* Continues below */ } - buffer_init(&m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); - mm_request_receive(pmonitor->m_sendfd, &m); - type = buffer_get_char(&m); + mm_request_receive(pmonitor->m_sendfd, m); + if ((r = sshbuf_get_u8(m, &type)) != 0) + fatal("%s: decode: %s", __func__, ssh_err(r)); debug3("%s: checking request %d", __func__, type); @@ -521,8 +512,8 @@ monitor_read(struct monitor *pmonitor, struct mon_table *ent, if (!(ent->flags & MON_PERMIT)) fatal("%s: unpermitted request %d", __func__, type); - ret = (*ent->f)(pmonitor->m_sendfd, &m); - buffer_free(&m); + ret = (*ent->f)(pmonitor->m_sendfd, m); + sshbuf_free(m); /* The child may use this request only once, disable it */ if (ent->flags & MON_ONCE) { @@ -572,14 +563,16 @@ monitor_reset_key_state(void) #ifdef WITH_OPENSSL int -mm_answer_moduli(int sock, Buffer *m) +mm_answer_moduli(int sock, struct sshbuf *m) { DH *dh; - int min, want, max; + int r; + u_int min, want, max; - min = buffer_get_int(m); - want = buffer_get_int(m); - max = buffer_get_int(m); + if ((r = sshbuf_get_u32(m, &min)) != 0 || + (r = sshbuf_get_u32(m, &want)) != 0 || + (r = sshbuf_get_u32(m, &max)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug3("%s: got parameters: %d %d %d", __func__, min, want, max); @@ -588,17 +581,19 @@ mm_answer_moduli(int sock, Buffer *m) fatal("%s: bad parameters: %d %d %d", __func__, min, want, max); - buffer_clear(m); + sshbuf_reset(m); dh = choose_dh(min, want, max); if (dh == NULL) { - buffer_put_char(m, 0); + if ((r = sshbuf_put_u8(m, 0)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); return (0); } else { /* Send first bignum */ - buffer_put_char(m, 1); - buffer_put_bignum2(m, dh->p); - buffer_put_bignum2(m, dh->g); + if ((r = sshbuf_put_u8(m, 1)) != 0 || + (r = sshbuf_put_bignum2(m, dh->p)) != 0 || + (r = sshbuf_put_bignum2(m, dh->g)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); DH_free(dh); } @@ -608,7 +603,7 @@ mm_answer_moduli(int sock, Buffer *m) #endif int -mm_answer_sign(int sock, Buffer *m) +mm_answer_sign(int sock, struct sshbuf *m) { struct ssh *ssh = active_state; /* XXX */ extern int auth_sock; /* XXX move to state struct? */ @@ -618,14 +613,15 @@ mm_answer_sign(int sock, Buffer *m) char *alg = NULL; size_t datlen, siglen, alglen; int r, is_proof = 0; - u_int keyid; + u_int keyid, compat; const char proof_req[] = "hostkeys-prove-00@openssh.com"; debug3("%s", __func__); if ((r = sshbuf_get_u32(m, &keyid)) != 0 || (r = sshbuf_get_string(m, &p, &datlen)) != 0 || - (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0) + (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0 || + (r = sshbuf_get_u32(m, &compat)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (keyid > INT_MAX) fatal("%s: invalid key ID", __func__); @@ -675,13 +671,13 @@ mm_answer_sign(int sock, Buffer *m) if ((key = get_hostkey_by_index(keyid)) != NULL) { if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, - datafellows)) != 0) + compat)) != 0) fatal("%s: sshkey_sign failed: %s", __func__, ssh_err(r)); } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && auth_sock > 0) { if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen, - p, datlen, alg, datafellows)) != 0) { + p, datlen, alg, compat)) != 0) { fatal("%s: ssh_agent_sign failed: %s", __func__, ssh_err(r)); } @@ -710,12 +706,12 @@ mm_answer_sign(int sock, Buffer *m) /* Retrieves the password entry and also checks if the user is permitted */ int -mm_answer_pwnamallow(int sock, Buffer *m) +mm_answer_pwnamallow(int sock, struct sshbuf *m) { struct ssh *ssh = active_state; /* XXX */ char *username; struct passwd *pwent; - int allowed = 0; + int r, allowed = 0; u_int i; debug3("%s", __func__); @@ -723,7 +719,8 @@ mm_answer_pwnamallow(int sock, Buffer *m) if (authctxt->attempt++ != 0) fatal("%s: multiple attempts for getpwnam", __func__); - username = buffer_get_string(m, NULL); + if ((r = sshbuf_get_cstring(m, &username, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); pwent = getpwnamallow(username); @@ -731,10 +728,11 @@ mm_answer_pwnamallow(int sock, Buffer *m) setproctitle("%s [priv]", pwent ? username : "unknown"); free(username); - buffer_clear(m); + sshbuf_reset(m); if (pwent == NULL) { - buffer_put_char(m, 0); + if ((r = sshbuf_put_u8(m, 0)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); authctxt->pw = fakepw(); goto out; } @@ -743,31 +741,40 @@ mm_answer_pwnamallow(int sock, Buffer *m) authctxt->pw = pwent; authctxt->valid = 1; - buffer_put_char(m, 1); - buffer_put_string(m, pwent, sizeof(struct passwd)); - buffer_put_cstring(m, pwent->pw_name); - buffer_put_cstring(m, "*"); + /* XXX don't sent pwent to unpriv; send fake class/dir/shell too */ + if ((r = sshbuf_put_u8(m, 1)) != 0 || + (r = sshbuf_put_string(m, pwent, sizeof(*pwent))) != 0 || + (r = sshbuf_put_cstring(m, pwent->pw_name)) != 0 || + (r = sshbuf_put_cstring(m, "*")) != 0 || #ifdef HAVE_STRUCT_PASSWD_PW_GECOS - buffer_put_cstring(m, pwent->pw_gecos); + (r = sshbuf_put_cstring(m, pwent->pw_gecos)) != 0 || #endif #ifdef HAVE_STRUCT_PASSWD_PW_CLASS - buffer_put_cstring(m, pwent->pw_class); + (r = sshbuf_put_cstring(m, pwent->pw_class)) != 0 || #endif - buffer_put_cstring(m, pwent->pw_dir); - buffer_put_cstring(m, pwent->pw_shell); + (r = sshbuf_put_cstring(m, pwent->pw_dir)) != 0 || + (r = sshbuf_put_cstring(m, pwent->pw_shell)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); out: ssh_packet_set_log_preamble(ssh, "%suser %s", authctxt->valid ? "authenticating" : "invalid ", authctxt->user); - buffer_put_string(m, &options, sizeof(options)); + if ((r = sshbuf_put_string(m, &options, sizeof(options))) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); #define M_CP_STROPT(x) do { \ - if (options.x != NULL) \ - buffer_put_cstring(m, options.x); \ + if (options.x != NULL) { \ + if ((r = sshbuf_put_cstring(m, options.x)) != 0) \ + fatal("%s: buffer error: %s", \ + __func__, ssh_err(r)); \ + } \ } while (0) #define M_CP_STRARRAYOPT(x, nx) do { \ - for (i = 0; i < options.nx; i++) \ - buffer_put_cstring(m, options.x[i]); \ + for (i = 0; i < options.nx; i++) { \ + if ((r = sshbuf_put_cstring(m, options.x[i])) != 0) \ + fatal("%s: buffer error: %s", \ + __func__, ssh_err(r)); \ + } \ } while (0) /* See comment in servconf.h */ COPY_MATCH_STRING_OPTS(); @@ -799,13 +806,15 @@ mm_answer_pwnamallow(int sock, Buffer *m) return (0); } -int mm_answer_auth2_read_banner(int sock, Buffer *m) +int mm_answer_auth2_read_banner(int sock, struct sshbuf *m) { char *banner; + int r; - buffer_clear(m); + sshbuf_reset(m); banner = auth2_read_banner(); - buffer_put_cstring(m, banner != NULL ? banner : ""); + if ((r = sshbuf_put_cstring(m, banner != NULL ? banner : "")) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m); free(banner); @@ -813,12 +822,15 @@ int mm_answer_auth2_read_banner(int sock, Buffer *m) } int -mm_answer_authserv(int sock, Buffer *m) +mm_answer_authserv(int sock, struct sshbuf *m) { + int r; + monitor_permit_authentications(1); - authctxt->service = buffer_get_string(m, NULL); - authctxt->style = buffer_get_string(m, NULL); + if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 || + (r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug3("%s: service=%s, style=%s", __func__, authctxt->service, authctxt->style); @@ -831,27 +843,30 @@ mm_answer_authserv(int sock, Buffer *m) } int -mm_answer_authpassword(int sock, Buffer *m) +mm_answer_authpassword(int sock, struct sshbuf *m) { struct ssh *ssh = active_state; /* XXX */ static int call_count; char *passwd; - int authenticated; - u_int plen; + int r, authenticated; + size_t plen; if (!options.password_authentication) fatal("%s: password authentication not enabled", __func__); - passwd = buffer_get_string(m, &plen); + if ((r = sshbuf_get_cstring(m, &passwd, &plen)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); /* Only authenticate if the context is valid */ authenticated = options.password_authentication && auth_password(ssh, passwd); - explicit_bzero(passwd, strlen(passwd)); + explicit_bzero(passwd, plen); free(passwd); - buffer_clear(m); - buffer_put_int(m, authenticated); + sshbuf_reset(m); + if ((r = sshbuf_put_u32(m, authenticated)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); #ifdef USE_PAM - buffer_put_int(m, sshpam_get_maxtries_reached()); + if ((r = sshbuf_put_u32(m, sshpam_get_maxtries_reached())) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); #endif debug3("%s: sending result %d", __func__, authenticated); @@ -869,23 +884,25 @@ mm_answer_authpassword(int sock, Buffer *m) #ifdef BSD_AUTH int -mm_answer_bsdauthquery(int sock, Buffer *m) +mm_answer_bsdauthquery(int sock, struct sshbuf *m) { char *name, *infotxt; - u_int numprompts; - u_int *echo_on; + u_int numprompts, *echo_on, success; char **prompts; - u_int success; + int r; if (!options.kbd_interactive_authentication) fatal("%s: kbd-int authentication not enabled", __func__); success = bsdauth_query(authctxt, &name, &infotxt, &numprompts, &prompts, &echo_on) < 0 ? 0 : 1; - buffer_clear(m); - buffer_put_int(m, success); - if (success) - buffer_put_cstring(m, prompts[0]); + sshbuf_reset(m); + if ((r = sshbuf_put_u32(m, success)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (success) { + if ((r = sshbuf_put_cstring(m, prompts[0])) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + } debug3("%s: sending challenge success: %u", __func__, success); mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m); @@ -901,25 +918,27 @@ mm_answer_bsdauthquery(int sock, Buffer *m) } int -mm_answer_bsdauthrespond(int sock, Buffer *m) +mm_answer_bsdauthrespond(int sock, struct sshbuf *m) { char *response; - int authok; + int r, authok; if (!options.kbd_interactive_authentication) fatal("%s: kbd-int authentication not enabled", __func__); if (authctxt->as == NULL) fatal("%s: no bsd auth session", __func__); - response = buffer_get_string(m, NULL); + if ((r = sshbuf_get_cstring(m, &response, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); authok = options.challenge_response_authentication && auth_userresponse(authctxt->as, response, 0); authctxt->as = NULL; debug3("%s: <%s> = <%d>", __func__, response, authok); free(response); - buffer_clear(m); - buffer_put_int(m, authok); + sshbuf_reset(m); + if ((r = sshbuf_put_u32(m, authok)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug3("%s: sending authenticated: %d", __func__, authok); mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); @@ -931,59 +950,9 @@ mm_answer_bsdauthrespond(int sock, Buffer *m) } #endif -#ifdef SKEY -int -mm_answer_skeyquery(int sock, Buffer *m) -{ - struct skey skey; - char challenge[1024]; - u_int success; - - success = _compat_skeychallenge(&skey, authctxt->user, challenge, - sizeof(challenge)) < 0 ? 0 : 1; - - buffer_clear(m); - buffer_put_int(m, success); - if (success) - buffer_put_cstring(m, challenge); - - debug3("%s: sending challenge success: %u", __func__, success); - mm_request_send(sock, MONITOR_ANS_SKEYQUERY, m); - - return (0); -} - -int -mm_answer_skeyrespond(int sock, Buffer *m) -{ - char *response; - int authok; - - response = buffer_get_string(m, NULL); - - authok = (options.challenge_response_authentication && - authctxt->valid && - skey_haskey(authctxt->pw->pw_name) == 0 && - skey_passcheck(authctxt->pw->pw_name, response) != -1); - - free(response); - - buffer_clear(m); - buffer_put_int(m, authok); - - debug3("%s: sending authenticated: %d", __func__, authok); - mm_request_send(sock, MONITOR_ANS_SKEYRESPOND, m); - - auth_method = "keyboard-interactive"; - auth_submethod = "skey"; - - return (authok != 0); -} -#endif - #ifdef USE_PAM int -mm_answer_pam_start(int sock, Buffer *m) +mm_answer_pam_start(int sock, struct sshbuf *m) { if (!options.use_pam) fatal("UsePAM not set, but ended up in %s anyway", __func__); @@ -998,17 +967,19 @@ mm_answer_pam_start(int sock, Buffer *m) } int -mm_answer_pam_account(int sock, Buffer *m) +mm_answer_pam_account(int sock, struct sshbuf *m) { u_int ret; + int r; if (!options.use_pam) fatal("%s: PAM not enabled", __func__); ret = do_pam_account(); - buffer_put_int(m, ret); - buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg)); + if ((r = sshbuf_put_u32(m, ret)) != 0 || + (r = sshbuf_put_stringb(m, loginmsg)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); mm_request_send(sock, MONITOR_ANS_PAM_ACCOUNT, m); @@ -1019,8 +990,11 @@ static void *sshpam_ctxt, *sshpam_authok; extern KbdintDevice sshpam_device; int -mm_answer_pam_init_ctx(int sock, Buffer *m) +mm_answer_pam_init_ctx(int sock, struct sshbuf *m) { + u_int ok = 0; + int r; + debug3("%s", __func__); if (!options.kbd_interactive_authentication) fatal("%s: kbd-int authentication not enabled", __func__); @@ -1028,24 +1002,24 @@ mm_answer_pam_init_ctx(int sock, Buffer *m) fatal("%s: already called", __func__); sshpam_ctxt = (sshpam_device.init_ctx)(authctxt); sshpam_authok = NULL; - buffer_clear(m); + sshbuf_reset(m); if (sshpam_ctxt != NULL) { monitor_permit(mon_dispatch, MONITOR_REQ_PAM_FREE_CTX, 1); monitor_permit(mon_dispatch, MONITOR_REQ_PAM_QUERY, 1); - buffer_put_int(m, 1); - } else { - buffer_put_int(m, 0); + ok = 1; } + if ((r = sshbuf_put_u32(m, ok)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); mm_request_send(sock, MONITOR_ANS_PAM_INIT_CTX, m); return (0); } int -mm_answer_pam_query(int sock, Buffer *m) +mm_answer_pam_query(int sock, struct sshbuf *m) { char *name = NULL, *info = NULL, **prompts = NULL; u_int i, num = 0, *echo_on = 0; - int ret; + int r, ret; debug3("%s", __func__); sshpam_authok = NULL; @@ -1058,18 +1032,20 @@ mm_answer_pam_query(int sock, Buffer *m) if (num > 1 || name == NULL || info == NULL) fatal("sshpam_device.query failed"); monitor_permit(mon_dispatch, MONITOR_REQ_PAM_RESPOND, 1); - buffer_clear(m); - buffer_put_int(m, ret); - buffer_put_cstring(m, name); + sshbuf_reset(m); + if ((r = sshbuf_put_u32(m, ret)) != 0 || + (r = sshbuf_put_cstring(m, name)) != 0 || + (r = sshbuf_put_cstring(m, info)) != 0 || + (r = sshbuf_put_u32(m, sshpam_get_maxtries_reached())) != 0 || + (r = sshbuf_put_u32(m, num)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); free(name); - buffer_put_cstring(m, info); free(info); - buffer_put_int(m, sshpam_get_maxtries_reached()); - buffer_put_int(m, num); for (i = 0; i < num; ++i) { - buffer_put_cstring(m, prompts[i]); + if ((r = sshbuf_put_cstring(m, prompts[i])) != 0 || + (r = sshbuf_put_u32(m, echo_on[i])) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); free(prompts[i]); - buffer_put_int(m, echo_on[i]); } free(prompts); free(echo_on); @@ -1080,21 +1056,25 @@ mm_answer_pam_query(int sock, Buffer *m) } int -mm_answer_pam_respond(int sock, Buffer *m) +mm_answer_pam_respond(int sock, struct sshbuf *m) { char **resp; u_int i, num; - int ret; + int r, ret; debug3("%s", __func__); if (sshpam_ctxt == NULL) fatal("%s: no context", __func__); sshpam_authok = NULL; - num = buffer_get_int(m); + if ((r = sshbuf_get_u32(m, &num)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (num > 0) { resp = xcalloc(num, sizeof(char *)); - for (i = 0; i < num; ++i) - resp[i] = buffer_get_string(m, NULL); + for (i = 0; i < num; ++i) { + if ((r = sshbuf_get_cstring(m, &(resp[i]), NULL)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); + } ret = (sshpam_device.respond)(sshpam_ctxt, num, resp); for (i = 0; i < num; ++i) free(resp[i]); @@ -1102,8 +1082,9 @@ mm_answer_pam_respond(int sock, Buffer *m) } else { ret = (sshpam_device.respond)(sshpam_ctxt, num, NULL); } - buffer_clear(m); - buffer_put_int(m, ret); + sshbuf_reset(m); + if ((r = sshbuf_put_u32(m, ret)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); mm_request_send(sock, MONITOR_ANS_PAM_RESPOND, m); auth_method = "keyboard-interactive"; auth_submethod = "pam"; @@ -1113,7 +1094,7 @@ mm_answer_pam_respond(int sock, Buffer *m) } int -mm_answer_pam_free_ctx(int sock, Buffer *m) +mm_answer_pam_free_ctx(int sock, struct sshbuf *m) { int r = sshpam_authok != NULL && sshpam_authok == sshpam_ctxt; @@ -1122,7 +1103,7 @@ mm_answer_pam_free_ctx(int sock, Buffer *m) fatal("%s: no context", __func__); (sshpam_device.free_ctx)(sshpam_ctxt); sshpam_ctxt = sshpam_authok = NULL; - buffer_clear(m); + sshbuf_reset(m); mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); /* Allow another attempt */ monitor_permit(mon_dispatch, MONITOR_REQ_PAM_INIT_CTX, 1); @@ -1133,31 +1114,29 @@ mm_answer_pam_free_ctx(int sock, Buffer *m) #endif int -mm_answer_keyallowed(int sock, Buffer *m) +mm_answer_keyallowed(int sock, struct sshbuf *m) { struct ssh *ssh = active_state; /* XXX */ - struct sshkey *key; + struct sshkey *key = NULL; char *cuser, *chost; - u_char *blob; - u_int bloblen, pubkey_auth_attempt; + u_int pubkey_auth_attempt; enum mm_keytype type = 0; int r, allowed = 0; struct sshauthopt *opts = NULL; debug3("%s entering", __func__); - type = buffer_get_int(m); - cuser = buffer_get_string(m, NULL); - chost = buffer_get_string(m, NULL); - blob = buffer_get_string(m, &bloblen); - pubkey_auth_attempt = buffer_get_int(m); - - key = key_from_blob(blob, bloblen); + if ((r = sshbuf_get_u32(m, &type)) != 0 || + (r = sshbuf_get_cstring(m, &cuser, NULL)) != 0 || + (r = sshbuf_get_cstring(m, &chost, NULL)) != 0 || + (r = sshkey_froms(m, &key)) != 0 || + (r = sshbuf_get_u32(m, &pubkey_auth_attempt)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug3("%s: key_from_blob: %p", __func__, key); if (key != NULL && authctxt->valid) { /* These should not make it past the privsep child */ - if (key_type_plain(key->type) == KEY_RSA && + if (sshkey_type_plain(key->type) == KEY_RSA && (datafellows & SSH_BUG_RSASIGMD5) != 0) fatal("%s: passed a SSH_BUG_RSASIGMD5 key", __func__); @@ -1201,15 +1180,14 @@ mm_answer_keyallowed(int sock, Buffer *m) allowed ? "allowed" : "not allowed"); auth2_record_key(authctxt, 0, key); - sshkey_free(key); /* clear temporarily storage (used by verify) */ monitor_reset_key_state(); if (allowed) { /* Save temporarily for comparison in verify */ - key_blob = blob; - key_bloblen = bloblen; + if ((r = sshkey_to_blob(key, &key_blob, &key_bloblen)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); key_blobtype = type; key_opts = opts; hostbased_cuser = cuser; @@ -1217,13 +1195,14 @@ mm_answer_keyallowed(int sock, Buffer *m) } else { /* Log failed attempt */ auth_log(authctxt, 0, 0, auth_method, NULL); - free(blob); free(cuser); free(chost); } + sshkey_free(key); - buffer_clear(m); - buffer_put_int(m, allowed); + sshbuf_reset(m); + if ((r = sshbuf_put_u32(m, allowed)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (opts != NULL && (r = sshauthopt_serialise(opts, m, 1)) != 0) fatal("%s: sshauthopt_serialise: %s", __func__, ssh_err(r)); mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m); @@ -1237,34 +1216,41 @@ mm_answer_keyallowed(int sock, Buffer *m) static int monitor_valid_userblob(u_char *data, u_int datalen) { - Buffer b; - u_char *p; + struct sshbuf *b; + const u_char *p; char *userstyle, *cp; - u_int len; - int fail = 0; + size_t len; + u_char type; + int r, fail = 0; - buffer_init(&b); - buffer_append(&b, data, datalen); + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); + if ((r = sshbuf_put(b, data, datalen)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (datafellows & SSH_OLD_SESSIONID) { - p = buffer_ptr(&b); - len = buffer_len(&b); + p = sshbuf_ptr(b); + len = sshbuf_len(b); if ((session_id2 == NULL) || (len < session_id2_len) || (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) fail++; - buffer_consume(&b, session_id2_len); + if ((r = sshbuf_consume(b, session_id2_len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } else { - p = buffer_get_string(&b, &len); + if ((r = sshbuf_get_string_direct(b, &p, &len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if ((session_id2 == NULL) || (len != session_id2_len) || (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) fail++; - free(p); } - if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) + if ((r = sshbuf_get_u8(b, &type)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (type != SSH2_MSG_USERAUTH_REQUEST) fail++; - cp = buffer_get_cstring(&b, NULL); + if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); xasprintf(&userstyle, "%s%s%s", authctxt->user, authctxt->style ? ":" : "", authctxt->style ? authctxt->style : ""); @@ -1275,18 +1261,22 @@ monitor_valid_userblob(u_char *data, u_int datalen) } free(userstyle); free(cp); - buffer_skip_string(&b); - cp = buffer_get_cstring(&b, NULL); + if ((r = sshbuf_skip_string(b)) != 0 || /* service */ + (r = sshbuf_get_cstring(b, &cp, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (strcmp("publickey", cp) != 0) fail++; free(cp); - if (!buffer_get_char(&b)) + if ((r = sshbuf_get_u8(b, &type)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (type == 0) fail++; - buffer_skip_string(&b); - buffer_skip_string(&b); - if (buffer_len(&b) != 0) + if ((r = sshbuf_skip_string(b)) != 0 || /* pkalg */ + (r = sshbuf_skip_string(b)) != 0) /* pkblob */ + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (sshbuf_len(b) != 0) fail++; - buffer_free(&b); + sshbuf_free(b); return (fail == 0); } @@ -1294,59 +1284,69 @@ static int monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, char *chost) { - Buffer b; - char *p, *userstyle; - u_int len; - int fail = 0; + struct sshbuf *b; + const u_char *p; + char *cp, *userstyle; + size_t len; + int r, fail = 0; + u_char type; - buffer_init(&b); - buffer_append(&b, data, datalen); + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); + if ((r = sshbuf_put(b, data, datalen)) != 0 || + (r = sshbuf_get_string_direct(b, &p, &len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - p = buffer_get_string(&b, &len); if ((session_id2 == NULL) || (len != session_id2_len) || (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) fail++; - free(p); - if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) + if ((r = sshbuf_get_u8(b, &type)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (type != SSH2_MSG_USERAUTH_REQUEST) fail++; - p = buffer_get_cstring(&b, NULL); + if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); xasprintf(&userstyle, "%s%s%s", authctxt->user, authctxt->style ? ":" : "", authctxt->style ? authctxt->style : ""); - if (strcmp(userstyle, p) != 0) { - logit("wrong user name passed to monitor: expected %s != %.100s", - userstyle, p); + if (strcmp(userstyle, cp) != 0) { + logit("wrong user name passed to monitor: " + "expected %s != %.100s", userstyle, cp); fail++; } free(userstyle); - free(p); - buffer_skip_string(&b); /* service */ - p = buffer_get_cstring(&b, NULL); - if (strcmp(p, "hostbased") != 0) + free(cp); + if ((r = sshbuf_skip_string(b)) != 0 || /* service */ + (r = sshbuf_get_cstring(b, &cp, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (strcmp(cp, "hostbased") != 0) fail++; - free(p); - buffer_skip_string(&b); /* pkalg */ - buffer_skip_string(&b); /* pkblob */ + free(cp); + if ((r = sshbuf_skip_string(b)) != 0 || /* pkalg */ + (r = sshbuf_skip_string(b)) != 0) /* pkblob */ + fatal("%s: buffer error: %s", __func__, ssh_err(r)); /* verify client host, strip trailing dot if necessary */ - p = buffer_get_string(&b, NULL); - if (((len = strlen(p)) > 0) && p[len - 1] == '.') - p[len - 1] = '\0'; - if (strcmp(p, chost) != 0) + if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (((len = strlen(cp)) > 0) && cp[len - 1] == '.') + cp[len - 1] = '\0'; + if (strcmp(cp, chost) != 0) fail++; - free(p); + free(cp); /* verify client user */ - p = buffer_get_string(&b, NULL); - if (strcmp(p, cuser) != 0) + if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (strcmp(cp, cuser) != 0) fail++; - free(p); + free(cp); - if (buffer_len(&b) != 0) + if (sshbuf_len(b) != 0) fail++; - buffer_free(&b); + sshbuf_free(b); return (fail == 0); } @@ -1462,15 +1462,15 @@ mm_session_close(Session *s) } int -mm_answer_pty(int sock, Buffer *m) +mm_answer_pty(int sock, struct sshbuf *m) { extern struct monitor *pmonitor; Session *s; - int res, fd0; + int r, res, fd0; debug3("%s entering", __func__); - buffer_clear(m); + sshbuf_reset(m); s = session_new(); if (s == NULL) goto error; @@ -1482,8 +1482,9 @@ mm_answer_pty(int sock, Buffer *m) goto error; pty_setowner(authctxt->pw, s->tty); - buffer_put_int(m, 1); - buffer_put_cstring(m, s->tty); + if ((r = sshbuf_put_u32(m, 1)) != 0 || + (r = sshbuf_put_cstring(m, s->tty)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); /* We need to trick ttyslot */ if (dup2(s->ttyfd, 0) == -1) @@ -1495,8 +1496,9 @@ mm_answer_pty(int sock, Buffer *m) close(0); /* send messages generated by record_login */ - buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg)); - buffer_clear(&loginmsg); + if ((r = sshbuf_put_stringb(m, loginmsg)) != 0) + fatal("%s: put login message: %s", __func__, ssh_err(r)); + sshbuf_reset(loginmsg); mm_request_send(sock, MONITOR_ANS_PTY, m); @@ -1523,29 +1525,32 @@ mm_answer_pty(int sock, Buffer *m) error: if (s != NULL) mm_session_close(s); - buffer_put_int(m, 0); + if ((r = sshbuf_put_u32(m, 0)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); mm_request_send(sock, MONITOR_ANS_PTY, m); return (0); } int -mm_answer_pty_cleanup(int sock, Buffer *m) +mm_answer_pty_cleanup(int sock, struct sshbuf *m) { Session *s; char *tty; + int r; debug3("%s entering", __func__); - tty = buffer_get_string(m, NULL); + if ((r = sshbuf_get_cstring(m, &tty, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if ((s = session_by_tty(tty)) != NULL) mm_session_close(s); - buffer_clear(m); + sshbuf_reset(m); free(tty); return (0); } int -mm_answer_term(int sock, Buffer *req) +mm_answer_term(int sock, struct sshbuf *req) { struct ssh *ssh = active_state; /* XXX */ extern struct monitor *pmonitor; @@ -1574,14 +1579,18 @@ mm_answer_term(int sock, Buffer *req) #ifdef SSH_AUDIT_EVENTS /* Report that an audit event occurred */ int -mm_answer_audit_event(int socket, Buffer *m) +mm_answer_audit_event(int socket, struct sshbuf *m) { + u_int n; ssh_audit_event_t event; + int r; debug3("%s entering", __func__); - event = buffer_get_int(m); - switch(event) { + if ((r = sshbuf_get_u32(m, &n)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + event = (ssh_audit_event_t)n; + switch (event) { case SSH_AUTH_FAIL_PUBKEY: case SSH_AUTH_FAIL_HOSTBASED: case SSH_AUTH_FAIL_GSSAPI: @@ -1599,13 +1608,14 @@ mm_answer_audit_event(int socket, Buffer *m) } int -mm_answer_audit_command(int socket, Buffer *m) +mm_answer_audit_command(int socket, struct sshbuf *m) { - u_int len; char *cmd; + int r; debug3("%s entering", __func__); - cmd = buffer_get_string(m, &len); + if ((r = sshbuf_get_cstring(m, &cmd, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); /* sanity check command, if so how? */ audit_run_command(cmd); free(cmd); @@ -1734,24 +1744,29 @@ monitor_reinit(struct monitor *mon) #ifdef GSSAPI int -mm_answer_gss_setup_ctx(int sock, Buffer *m) +mm_answer_gss_setup_ctx(int sock, struct sshbuf *m) { gss_OID_desc goid; OM_uint32 major; - u_int len; + size_t len; + u_char *p; + int r; if (!options.gss_authentication) fatal("%s: GSSAPI authentication not enabled", __func__); - goid.elements = buffer_get_string(m, &len); + if ((r = sshbuf_get_string(m, &p, &len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + goid.elements = p; goid.length = len; major = ssh_gssapi_server_ctx(&gsscontext, &goid); free(goid.elements); - buffer_clear(m); - buffer_put_int(m, major); + sshbuf_reset(m); + if ((r = sshbuf_put_u32(m, major)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); mm_request_send(sock, MONITOR_ANS_GSSSETUP, m); @@ -1762,26 +1777,27 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m) } int -mm_answer_gss_accept_ctx(int sock, Buffer *m) +mm_answer_gss_accept_ctx(int sock, struct sshbuf *m) { gss_buffer_desc in; gss_buffer_desc out = GSS_C_EMPTY_BUFFER; OM_uint32 major, minor; OM_uint32 flags = 0; /* GSI needs this */ - u_int len; + int r; if (!options.gss_authentication) fatal("%s: GSSAPI authentication not enabled", __func__); - in.value = buffer_get_string(m, &len); - in.length = len; + if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); free(in.value); - buffer_clear(m); - buffer_put_int(m, major); - buffer_put_string(m, out.value, out.length); - buffer_put_int(m, flags); + sshbuf_reset(m); + if ((r = sshbuf_put_u32(m, major)) != 0 || + (r = sshbuf_put_string(m, out.value, out.length)) != 0 || + (r = sshbuf_put_u32(m, flags)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); mm_request_send(sock, MONITOR_ANS_GSSSTEP, m); gss_release_buffer(&minor, &out); @@ -1795,27 +1811,27 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) } int -mm_answer_gss_checkmic(int sock, Buffer *m) +mm_answer_gss_checkmic(int sock, struct sshbuf *m) { gss_buffer_desc gssbuf, mic; OM_uint32 ret; - u_int len; + int r; if (!options.gss_authentication) fatal("%s: GSSAPI authentication not enabled", __func__); - gssbuf.value = buffer_get_string(m, &len); - gssbuf.length = len; - mic.value = buffer_get_string(m, &len); - mic.length = len; + if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 || + (r = ssh_gssapi_get_buffer_desc(m, &mic)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); free(gssbuf.value); free(mic.value); - buffer_clear(m); - buffer_put_int(m, ret); + sshbuf_reset(m); + if ((r = sshbuf_put_u32(m, ret)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); mm_request_send(sock, MONITOR_ANS_GSSCHECKMIC, m); @@ -1826,9 +1842,9 @@ mm_answer_gss_checkmic(int sock, Buffer *m) } int -mm_answer_gss_userok(int sock, Buffer *m) +mm_answer_gss_userok(int sock, struct sshbuf *m) { - int authenticated; + int r, authenticated; const char *displayname; if (!options.gss_authentication) @@ -1836,8 +1852,9 @@ mm_answer_gss_userok(int sock, Buffer *m) authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user); - buffer_clear(m); - buffer_put_int(m, authenticated); + sshbuf_reset(m); + if ((r = sshbuf_put_u32(m, authenticated)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug3("%s: sending result %d", __func__, authenticated); mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m); diff --git a/monitor.h b/monitor.h index d68f6745889..16047299f88 100644 --- a/monitor.h +++ b/monitor.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.h,v 1.20 2016/09/28 16:33:07 djm Exp $ */ +/* $OpenBSD: monitor.h,v 1.21 2018/07/09 21:53:45 markus Exp $ */ /* * Copyright 2002 Niels Provos @@ -39,8 +39,6 @@ enum monitor_reqtype { MONITOR_REQ_AUTHPASSWORD = 12, MONITOR_ANS_AUTHPASSWORD = 13, MONITOR_REQ_BSDAUTHQUERY = 14, MONITOR_ANS_BSDAUTHQUERY = 15, MONITOR_REQ_BSDAUTHRESPOND = 16, MONITOR_ANS_BSDAUTHRESPOND = 17, - MONITOR_REQ_SKEYQUERY = 18, MONITOR_ANS_SKEYQUERY = 19, - MONITOR_REQ_SKEYRESPOND = 20, MONITOR_ANS_SKEYRESPOND = 21, MONITOR_REQ_KEYALLOWED = 22, MONITOR_ANS_KEYALLOWED = 23, MONITOR_REQ_KEYVERIFY = 24, MONITOR_ANS_KEYVERIFY = 25, MONITOR_REQ_KEYEXPORT = 26, @@ -87,8 +85,8 @@ struct mon_table; int monitor_read(struct monitor*, struct mon_table *, struct mon_table **); /* Prototypes for request sending and receiving */ -void mm_request_send(int, enum monitor_reqtype, Buffer *); -void mm_request_receive(int, Buffer *); -void mm_request_receive_expect(int, enum monitor_reqtype, Buffer *); +void mm_request_send(int, enum monitor_reqtype, struct sshbuf *); +void mm_request_receive(int, struct sshbuf *); +void mm_request_receive_expect(int, enum monitor_reqtype, struct sshbuf *); #endif /* _MONITOR_H_ */ diff --git a/monitor_wrap.c b/monitor_wrap.c index 9666bda4ba8..732fb3476bf 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.99 2018/03/03 03:15:51 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.107 2018/07/20 03:46:34 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -50,8 +50,8 @@ #ifdef WITH_OPENSSL #include "dh.h" #endif -#include "buffer.h" -#include "key.h" +#include "sshbuf.h" +#include "sshkey.h" #include "cipher.h" #include "kex.h" #include "hostfile.h" @@ -61,13 +61,6 @@ #include "mac.h" #include "log.h" #include "auth-pam.h" -#ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ -#undef TARGET_OS_MAC -#include "zlib.h" -#define TARGET_OS_MAC 1 -#else -#include "zlib.h" -#endif #include "monitor.h" #ifdef GSSAPI #include "ssh-gss.h" @@ -84,36 +77,35 @@ #include "ssherr.h" /* Imports */ -extern z_stream incoming_stream; -extern z_stream outgoing_stream; extern struct monitor *pmonitor; -extern Buffer loginmsg; +extern struct sshbuf *loginmsg; extern ServerOptions options; void mm_log_handler(LogLevel level, const char *msg, void *ctx) { - Buffer log_msg; + struct sshbuf *log_msg; struct monitor *mon = (struct monitor *)ctx; + int r; + size_t len; if (mon->m_log_sendfd == -1) fatal("%s: no log channel", __func__); - buffer_init(&log_msg); - /* - * Placeholder for packet length. Will be filled in with the actual - * packet length once the packet has been constucted. This saves - * fragile math. - */ - buffer_put_int(&log_msg, 0); + if ((log_msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); - buffer_put_int(&log_msg, level); - buffer_put_cstring(&log_msg, msg); - put_u32(buffer_ptr(&log_msg), buffer_len(&log_msg) - 4); - if (atomicio(vwrite, mon->m_log_sendfd, buffer_ptr(&log_msg), - buffer_len(&log_msg)) != buffer_len(&log_msg)) + if ((r = sshbuf_put_u32(log_msg, 0)) != 0 || /* length; filled below */ + (r = sshbuf_put_u32(log_msg, level)) != 0 || + (r = sshbuf_put_cstring(log_msg, msg)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if ((len = sshbuf_len(log_msg)) < 4 || len > 0xffffffff) + fatal("%s: bad length %zu", __func__, len); + POKE_U32(sshbuf_mutable_ptr(log_msg), len - 4); + if (atomicio(vwrite, mon->m_log_sendfd, + sshbuf_mutable_ptr(log_msg), len) != len) fatal("%s: write: %s", __func__, strerror(errno)); - buffer_free(&log_msg); + sshbuf_free(log_msg); } int @@ -127,26 +119,29 @@ mm_is_monitor(void) } void -mm_request_send(int sock, enum monitor_reqtype type, Buffer *m) +mm_request_send(int sock, enum monitor_reqtype type, struct sshbuf *m) { - u_int mlen = buffer_len(m); + size_t mlen = sshbuf_len(m); u_char buf[5]; debug3("%s entering: type %d", __func__, type); - put_u32(buf, mlen + 1); + if (mlen >= 0xffffffff) + fatal("%s: bad length %zu", __func__, mlen); + POKE_U32(buf, mlen + 1); buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */ if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf)) fatal("%s: write: %s", __func__, strerror(errno)); - if (atomicio(vwrite, sock, buffer_ptr(m), mlen) != mlen) + if (atomicio(vwrite, sock, sshbuf_mutable_ptr(m), mlen) != mlen) fatal("%s: write: %s", __func__, strerror(errno)); } void -mm_request_receive(int sock, Buffer *m) +mm_request_receive(int sock, struct sshbuf *m) { - u_char buf[4]; + u_char buf[4], *p = NULL; u_int msg_len; + int r; debug3("%s entering", __func__); @@ -155,24 +150,27 @@ mm_request_receive(int sock, Buffer *m) cleanup_exit(255); fatal("%s: read: %s", __func__, strerror(errno)); } - msg_len = get_u32(buf); + msg_len = PEEK_U32(buf); if (msg_len > 256 * 1024) fatal("%s: read: bad msg_len %d", __func__, msg_len); - buffer_clear(m); - buffer_append_space(m, msg_len); - if (atomicio(read, sock, buffer_ptr(m), msg_len) != msg_len) + sshbuf_reset(m); + if ((r = sshbuf_reserve(m, msg_len, &p)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (atomicio(read, sock, p, msg_len) != msg_len) fatal("%s: read: %s", __func__, strerror(errno)); } void -mm_request_receive_expect(int sock, enum monitor_reqtype type, Buffer *m) +mm_request_receive_expect(int sock, enum monitor_reqtype type, struct sshbuf *m) { u_char rtype; + int r; debug3("%s entering: type %d", __func__, type); mm_request_receive(sock, m); - rtype = buffer_get_char(m); + if ((r = sshbuf_get_u8(m, &rtype)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (rtype != type) fatal("%s: read: rtype %d != type %d", __func__, rtype, type); @@ -183,20 +181,24 @@ DH * mm_choose_dh(int min, int nbits, int max) { BIGNUM *p, *g; - int success = 0; - Buffer m; + int r; + u_char success = 0; + struct sshbuf *m; - buffer_init(&m); - buffer_put_int(&m, min); - buffer_put_int(&m, nbits); - buffer_put_int(&m, max); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u32(m, min)) != 0 || + (r = sshbuf_put_u32(m, nbits)) != 0 || + (r = sshbuf_put_u32(m, max)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, m); debug3("%s: waiting for MONITOR_ANS_MODULI", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, m); - success = buffer_get_char(&m); + if ((r = sshbuf_get_u8(m, &success)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (success == 0) fatal("%s: MONITOR_ANS_MODULI failed", __func__); @@ -204,36 +206,43 @@ mm_choose_dh(int min, int nbits, int max) fatal("%s: BN_new failed", __func__); if ((g = BN_new()) == NULL) fatal("%s: BN_new failed", __func__); - buffer_get_bignum2(&m, p); - buffer_get_bignum2(&m, g); + if ((r = sshbuf_get_bignum2(m, p)) != 0 || + (r = sshbuf_get_bignum2(m, g)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - debug3("%s: remaining %d", __func__, buffer_len(&m)); - buffer_free(&m); + debug3("%s: remaining %zu", __func__, sshbuf_len(m)); + sshbuf_free(m); return (dh_new_group(g, p)); } #endif int -mm_key_sign(struct sshkey *key, u_char **sigp, u_int *lenp, - const u_char *data, u_int datalen, const char *hostkey_alg) +mm_sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, const char *hostkey_alg, u_int compat) { struct kex *kex = *pmonitor->m_pkex; - Buffer m; + struct sshbuf *m; + u_int ndx = kex->host_key_index(key, 0, active_state); + int r; debug3("%s entering", __func__); - buffer_init(&m); - buffer_put_int(&m, kex->host_key_index(key, 0, active_state)); - buffer_put_string(&m, data, datalen); - buffer_put_cstring(&m, hostkey_alg); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u32(m, ndx)) != 0 || + (r = sshbuf_put_string(m, data, datalen)) != 0 || + (r = sshbuf_put_cstring(m, hostkey_alg)) != 0 || + (r = sshbuf_put_u32(m, compat)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, m); debug3("%s: waiting for MONITOR_ANS_SIGN", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, &m); - *sigp = buffer_get_string(&m, lenp); - buffer_free(&m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, m); + if ((r = sshbuf_get_string(m, sigp, lenp)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + sshbuf_free(m); return (0); } @@ -242,54 +251,80 @@ struct passwd * mm_getpwnamallow(const char *username) { struct ssh *ssh = active_state; /* XXX */ - Buffer m; + struct sshbuf *m; struct passwd *pw; - u_int len, i; + size_t len; + u_int i; ServerOptions *newopts; + int r; + u_char ok; + const u_char *p; debug3("%s entering", __func__); - buffer_init(&m); - buffer_put_cstring(&m, username); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_cstring(m, username)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, m); debug3("%s: waiting for MONITOR_ANS_PWNAM", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, m); - if (buffer_get_char(&m) == 0) { + if ((r = sshbuf_get_u8(m, &ok)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (ok == 0) { pw = NULL; goto out; } - pw = buffer_get_string(&m, &len); - if (len != sizeof(struct passwd)) + + /* XXX don't like passing struct passwd like this */ + pw = xcalloc(sizeof(*pw), 1); + if ((r = sshbuf_get_string_direct(m, &p, &len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (len != sizeof(*pw)) fatal("%s: struct passwd size mismatch", __func__); - pw->pw_name = buffer_get_string(&m, NULL); - pw->pw_passwd = buffer_get_string(&m, NULL); + memcpy(pw, p, sizeof(*pw)); + + if ((r = sshbuf_get_cstring(m, &pw->pw_name, NULL)) != 0 || + (r = sshbuf_get_cstring(m, &pw->pw_passwd, NULL)) != 0 || #ifdef HAVE_STRUCT_PASSWD_PW_GECOS - pw->pw_gecos = buffer_get_string(&m, NULL); + (r = sshbuf_get_cstring(m, &pw->pw_gecos, NULL)) != 0 || #endif #ifdef HAVE_STRUCT_PASSWD_PW_CLASS - pw->pw_class = buffer_get_string(&m, NULL); + (r = sshbuf_get_cstring(m, &pw->pw_class, NULL)) != 0 || #endif - pw->pw_dir = buffer_get_string(&m, NULL); - pw->pw_shell = buffer_get_string(&m, NULL); + (r = sshbuf_get_cstring(m, &pw->pw_dir, NULL)) != 0 || + (r = sshbuf_get_cstring(m, &pw->pw_shell, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); out: /* copy options block as a Match directive may have changed some */ - newopts = buffer_get_string(&m, &len); + if ((r = sshbuf_get_string_direct(m, &p, &len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (len != sizeof(*newopts)) fatal("%s: option block size mismatch", __func__); + newopts = xcalloc(sizeof(*newopts), 1); + memcpy(newopts, p, sizeof(*newopts)); #define M_CP_STROPT(x) do { \ - if (newopts->x != NULL) \ - newopts->x = buffer_get_string(&m, NULL); \ + if (newopts->x != NULL) { \ + if ((r = sshbuf_get_cstring(m, \ + &newopts->x, NULL)) != 0) \ + fatal("%s: buffer error: %s", \ + __func__, ssh_err(r)); \ + } \ } while (0) #define M_CP_STRARRAYOPT(x, nx) do { \ newopts->x = newopts->nx == 0 ? \ NULL : xcalloc(newopts->nx, sizeof(*newopts->x)); \ - for (i = 0; i < newopts->nx; i++) \ - newopts->x[i] = buffer_get_string(&m, NULL); \ + for (i = 0; i < newopts->nx; i++) { \ + if ((r = sshbuf_get_cstring(m, \ + &newopts->x[i], NULL)) != 0) \ + fatal("%s: buffer error: %s", \ + __func__, ssh_err(r)); \ + } \ } while (0) /* See comment in servconf.h */ COPY_MATCH_STRING_OPTS(); @@ -301,7 +336,7 @@ mm_getpwnamallow(const char *username) process_permitopen(ssh, &options); free(newopts); - buffer_free(&m); + sshbuf_free(m); return (pw); } @@ -309,19 +344,22 @@ mm_getpwnamallow(const char *username) char * mm_auth2_read_banner(void) { - Buffer m; + struct sshbuf *m; char *banner; + int r; debug3("%s entering", __func__); - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m); - buffer_clear(&m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, m); + sshbuf_reset(m); mm_request_receive_expect(pmonitor->m_recvfd, - MONITOR_ANS_AUTH2_READ_BANNER, &m); - banner = buffer_get_string(&m, NULL); - buffer_free(&m); + MONITOR_ANS_AUTH2_READ_BANNER, m); + if ((r = sshbuf_get_cstring(m, &banner, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + sshbuf_free(m); /* treat empty banner as missing banner */ if (strlen(banner) == 0) { @@ -336,41 +374,55 @@ mm_auth2_read_banner(void) void mm_inform_authserv(char *service, char *style) { - Buffer m; + struct sshbuf *m; + int r; debug3("%s entering", __func__); - buffer_init(&m); - buffer_put_cstring(&m, service); - buffer_put_cstring(&m, style ? style : ""); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_cstring(m, service)) != 0 || + (r = sshbuf_put_cstring(m, style ? style : "")) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, m); - buffer_free(&m); + sshbuf_free(m); } /* Do the password authentication */ int mm_auth_password(struct ssh *ssh, char *password) { - Buffer m; - int authenticated = 0; + struct sshbuf *m; + int r, authenticated = 0; +#ifdef USE_PAM + u_int maxtries = 0; +#endif debug3("%s entering", __func__); - buffer_init(&m); - buffer_put_cstring(&m, password); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, &m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_cstring(m, password)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, m); debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m); + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_AUTHPASSWORD, m); - authenticated = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &authenticated)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); #ifdef USE_PAM - sshpam_set_maxtries_reached(buffer_get_int(&m)); + if ((r = sshbuf_get_u32(m, &maxtries)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (maxtries > INT_MAX) + fatal("%s: bad maxtries %u", __func__, maxtries); + sshpam_set_maxtries_reached(maxtries); #endif - buffer_free(&m); + sshbuf_free(m); debug3("%s: user %sauthenticated", __func__, authenticated ? "" : "not "); @@ -396,9 +448,7 @@ int mm_key_allowed(enum mm_keytype type, const char *user, const char *host, struct sshkey *key, int pubkey_auth_attempt, struct sshauthopt **authoptp) { - Buffer m; - u_char *blob; - u_int len; + struct sshbuf *m; int r, allowed = 0; struct sshauthopt *opts = NULL; @@ -407,31 +457,29 @@ mm_key_allowed(enum mm_keytype type, const char *user, const char *host, if (authoptp != NULL) *authoptp = NULL; - /* Convert the key to a blob and the pass it over */ - if (!key_to_blob(key, &blob, &len)) - return 0; - - buffer_init(&m); - buffer_put_int(&m, type); - buffer_put_cstring(&m, user ? user : ""); - buffer_put_cstring(&m, host ? host : ""); - buffer_put_string(&m, blob, len); - buffer_put_int(&m, pubkey_auth_attempt); - free(blob); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u32(m, type)) != 0 || + (r = sshbuf_put_cstring(m, user ? user : "")) != 0 || + (r = sshbuf_put_cstring(m, host ? host : "")) != 0 || + (r = sshkey_puts(key, m)) != 0 || + (r = sshbuf_put_u32(m, pubkey_auth_attempt)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, m); debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__); mm_request_receive_expect(pmonitor->m_recvfd, - MONITOR_ANS_KEYALLOWED, &m); + MONITOR_ANS_KEYALLOWED, m); - allowed = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &allowed)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (allowed && type == MM_USERKEY) { - if ((r = sshauthopt_deserialise(&m, &opts)) != 0) + if ((r = sshauthopt_deserialise(m, &opts)) != 0) fatal("%s: sshauthopt_deserialise: %s", __func__, ssh_err(r)); } - buffer_free(&m); + sshbuf_free(m); if (authoptp != NULL) { *authoptp = opts; @@ -452,32 +500,31 @@ int mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen, const u_char *data, size_t datalen, const char *sigalg, u_int compat) { - Buffer m; - u_char *blob; - u_int len; + struct sshbuf *m; u_int encoded_ret = 0; + int r; debug3("%s entering", __func__); - /* Convert the key to a blob and the pass it over */ - if (!key_to_blob(key, &blob, &len)) - return (0); - buffer_init(&m); - buffer_put_string(&m, blob, len); - buffer_put_string(&m, sig, siglen); - buffer_put_string(&m, data, datalen); - buffer_put_cstring(&m, sigalg == NULL ? "" : sigalg); - free(blob); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshkey_puts(key, m)) != 0 || + (r = sshbuf_put_string(m, sig, siglen)) != 0 || + (r = sshbuf_put_string(m, data, datalen)) != 0 || + (r = sshbuf_put_cstring(m, sigalg == NULL ? "" : sigalg)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, m); debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KEYVERIFY, &m); + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_KEYVERIFY, m); - encoded_ret = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &encoded_ret)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - buffer_free(&m); + sshbuf_free(m); if (encoded_ret != 0) return SSH_ERR_SIGNATURE_INVALID; @@ -504,9 +551,9 @@ mm_send_keystate(struct monitor *monitor) int mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) { - Buffer m; + struct sshbuf *m; char *p, *msg; - int success = 0, tmp1 = -1, tmp2 = -1; + int success = 0, tmp1 = -1, tmp2 = -1, r; /* Kludge: ensure there are fds free to receive the pty/tty */ if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 || @@ -521,26 +568,30 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) close(tmp1); close(tmp2); - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, &m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, m); debug3("%s: waiting for MONITOR_ANS_PTY", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, m); - success = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &success)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (success == 0) { debug3("%s: pty alloc failed", __func__); - buffer_free(&m); + sshbuf_free(m); return (0); } - p = buffer_get_string(&m, NULL); - msg = buffer_get_string(&m, NULL); - buffer_free(&m); + if ((r = sshbuf_get_cstring(m, &p, NULL)) != 0 || + (r = sshbuf_get_cstring(m, &msg, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + sshbuf_free(m); strlcpy(namebuf, p, namebuflen); /* Possible truncation */ free(p); - buffer_append(&loginmsg, msg, strlen(msg)); + if ((r = sshbuf_put(loginmsg, msg, strlen(msg))) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); free(msg); if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 || @@ -554,14 +605,17 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) void mm_session_pty_cleanup2(Session *s) { - Buffer m; + struct sshbuf *m; + int r; if (s->ttyfd == -1) return; - buffer_init(&m); - buffer_put_cstring(&m, s->tty); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, &m); - buffer_free(&m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_cstring(m, s->tty)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, m); + sshbuf_free(m); /* closed dup'ed master */ if (s->ptymaster != -1 && close(s->ptymaster) < 0) @@ -576,40 +630,44 @@ mm_session_pty_cleanup2(Session *s) void mm_start_pam(Authctxt *authctxt) { - Buffer m; + struct sshbuf *m; debug3("%s entering", __func__); if (!options.use_pam) fatal("UsePAM=no, but ended up in %s anyway", __func__); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, m); - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, &m); - - buffer_free(&m); + sshbuf_free(m); } u_int mm_do_pam_account(void) { - Buffer m; + struct sshbuf *m; u_int ret; char *msg; + size_t msglen; + int r; debug3("%s entering", __func__); if (!options.use_pam) fatal("UsePAM=no, but ended up in %s anyway", __func__); - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, &m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, m); mm_request_receive_expect(pmonitor->m_recvfd, - MONITOR_ANS_PAM_ACCOUNT, &m); - ret = buffer_get_int(&m); - msg = buffer_get_string(&m, NULL); - buffer_append(&loginmsg, msg, strlen(msg)); - free(msg); + MONITOR_ANS_PAM_ACCOUNT, m); + if ((r = sshbuf_get_u32(m, &ret)) != 0 || + (r = sshbuf_get_cstring(m, &msg, &msglen)) != 0 || + (r = sshbuf_put(loginmsg, msg, msglen)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - buffer_free(&m); + free(msg); + sshbuf_free(m); debug3("%s returning %d", __func__, ret); @@ -619,21 +677,24 @@ mm_do_pam_account(void) void * mm_sshpam_init_ctx(Authctxt *authctxt) { - Buffer m; - int success; + struct sshbuf *m; + int r, success; debug3("%s", __func__); - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, m); debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m); - success = buffer_get_int(&m); + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_PAM_INIT_CTX, m); + if ((r = sshbuf_get_u32(m, &success)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (success == 0) { debug3("%s: pam_init_ctx failed", __func__); - buffer_free(&m); + sshbuf_free(m); return (NULL); } - buffer_free(&m); + sshbuf_free(m); return (authctxt); } @@ -641,66 +702,79 @@ int mm_sshpam_query(void *ctx, char **name, char **info, u_int *num, char ***prompts, u_int **echo_on) { - Buffer m; - u_int i; - int ret; + struct sshbuf *m; + u_int i, n; + int r, ret; debug3("%s", __func__); - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, &m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, m); debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, &m); - ret = buffer_get_int(&m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, m); + if ((r = sshbuf_get_u32(m, &ret)) != 0 || + (r = sshbuf_get_cstring(m, name, NULL)) != 0 || + (r = sshbuf_get_cstring(m, info, NULL)) != 0 || + (r = sshbuf_get_u32(m, &n)) != 0 || + (r = sshbuf_get_u32(m, num)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug3("%s: pam_query returned %d", __func__, ret); - *name = buffer_get_string(&m, NULL); - *info = buffer_get_string(&m, NULL); - sshpam_set_maxtries_reached(buffer_get_int(&m)); - *num = buffer_get_int(&m); + sshpam_set_maxtries_reached(n); if (*num > PAM_MAX_NUM_MSG) - fatal("%s: recieved %u PAM messages, expected <= %u", + fatal("%s: received %u PAM messages, expected <= %u", __func__, *num, PAM_MAX_NUM_MSG); *prompts = xcalloc((*num + 1), sizeof(char *)); *echo_on = xcalloc((*num + 1), sizeof(u_int)); for (i = 0; i < *num; ++i) { - (*prompts)[i] = buffer_get_string(&m, NULL); - (*echo_on)[i] = buffer_get_int(&m); + if ((r = sshbuf_get_cstring(m, &((*prompts)[i]), NULL)) != 0 || + (r = sshbuf_get_u32(m, &((*echo_on)[i]))) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } - buffer_free(&m); + sshbuf_free(m); return (ret); } int mm_sshpam_respond(void *ctx, u_int num, char **resp) { - Buffer m; - u_int i; - int ret; + struct sshbuf *m; + u_int n, i; + int r, ret; debug3("%s", __func__); - buffer_init(&m); - buffer_put_int(&m, num); - for (i = 0; i < num; ++i) - buffer_put_cstring(&m, resp[i]); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, &m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u32(m, num)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + for (i = 0; i < num; ++i) { + if ((r = sshbuf_put_cstring(m, resp[i])) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + } + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, m); debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_RESPOND, &m); - ret = buffer_get_int(&m); + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_PAM_RESPOND, m); + if ((r = sshbuf_get_u32(m, &n)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + ret = (int)n; /* XXX */ debug3("%s: pam_respond returned %d", __func__, ret); - buffer_free(&m); + sshbuf_free(m); return (ret); } void mm_sshpam_free_ctx(void *ctxtp) { - Buffer m; + struct sshbuf *m; debug3("%s", __func__); - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, &m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, m); debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_FREE_CTX, &m); - buffer_free(&m); + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_PAM_FREE_CTX, m); + sshbuf_free(m); } #endif /* USE_PAM */ @@ -709,11 +783,12 @@ mm_sshpam_free_ctx(void *ctxtp) void mm_terminate(void) { - Buffer m; + struct sshbuf *m; - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, &m); - buffer_free(&m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, m); + sshbuf_free(m); } static void @@ -732,27 +807,31 @@ int mm_bsdauth_query(void *ctx, char **name, char **infotxt, u_int *numprompts, char ***prompts, u_int **echo_on) { - Buffer m; + struct sshbuf *m; u_int success; char *challenge; + int r; debug3("%s: entering", __func__); - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY, - &m); - success = buffer_get_int(&m); + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_BSDAUTHQUERY, m); + if ((r = sshbuf_get_u32(m, &success)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (success == 0) { debug3("%s: no challenge", __func__); - buffer_free(&m); + sshbuf_free(m); return (-1); } /* Get the challenge, and format the response */ - challenge = buffer_get_string(&m, NULL); - buffer_free(&m); + if ((r = sshbuf_get_cstring(m, &challenge, NULL)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + sshbuf_free(m); mm_chall_setup(name, infotxt, numprompts, prompts, echo_on); (*prompts)[0] = challenge; @@ -765,114 +844,62 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt, int mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses) { - Buffer m; - int authok; - - debug3("%s: entering", __func__); - if (numresponses != 1) - return (-1); - - buffer_init(&m); - buffer_put_cstring(&m, responses[0]); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, &m); - - mm_request_receive_expect(pmonitor->m_recvfd, - MONITOR_ANS_BSDAUTHRESPOND, &m); - - authok = buffer_get_int(&m); - buffer_free(&m); - - return ((authok == 0) ? -1 : 0); -} - -#ifdef SKEY -int -mm_skey_query(void *ctx, char **name, char **infotxt, - u_int *numprompts, char ***prompts, u_int **echo_on) -{ - Buffer m; - u_int success; - char *challenge; - - debug3("%s: entering", __func__); - - buffer_init(&m); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m); - - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY, - &m); - success = buffer_get_int(&m); - if (success == 0) { - debug3("%s: no challenge", __func__); - buffer_free(&m); - return (-1); - } - - /* Get the challenge, and format the response */ - challenge = buffer_get_string(&m, NULL); - buffer_free(&m); - - debug3("%s: received challenge: %s", __func__, challenge); - - mm_chall_setup(name, infotxt, numprompts, prompts, echo_on); - - xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT); - free(challenge); - - return (0); -} - -int -mm_skey_respond(void *ctx, u_int numresponses, char **responses) -{ - Buffer m; - int authok; + struct sshbuf *m; + int r, authok; debug3("%s: entering", __func__); if (numresponses != 1) return (-1); - buffer_init(&m); - buffer_put_cstring(&m, responses[0]); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, &m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_cstring(m, responses[0])) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, m); mm_request_receive_expect(pmonitor->m_recvfd, - MONITOR_ANS_SKEYRESPOND, &m); + MONITOR_ANS_BSDAUTHRESPOND, m); - authok = buffer_get_int(&m); - buffer_free(&m); + if ((r = sshbuf_get_u32(m, &authok)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + sshbuf_free(m); return ((authok == 0) ? -1 : 0); } -#endif /* SKEY */ #ifdef SSH_AUDIT_EVENTS void mm_audit_event(ssh_audit_event_t event) { - Buffer m; + struct sshbuf *m; + int r; debug3("%s entering", __func__); - buffer_init(&m); - buffer_put_int(&m, event); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u32(m, event)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, &m); - buffer_free(&m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, m); + sshbuf_free(m); } void mm_audit_run_command(const char *command) { - Buffer m; + struct sshbuf *m; + int r; debug3("%s entering command %s", __func__, command); - buffer_init(&m); - buffer_put_cstring(&m, command); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_cstring(m, command)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); - buffer_free(&m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, m); + sshbuf_free(m); } #endif /* SSH_AUDIT_EVENTS */ @@ -880,45 +907,55 @@ mm_audit_run_command(const char *command) OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid) { - Buffer m; + struct sshbuf *m; OM_uint32 major; + int r; /* Client doesn't get to see the context */ *ctx = NULL; - buffer_init(&m); - buffer_put_string(&m, goid->elements, goid->length); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_string(m, goid->elements, goid->length)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, m); - major = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &major)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - buffer_free(&m); + sshbuf_free(m); return (major); } OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in, - gss_buffer_desc *out, OM_uint32 *flags) + gss_buffer_desc *out, OM_uint32 *flagsp) { - Buffer m; + struct sshbuf *m; OM_uint32 major; - u_int len; - - buffer_init(&m); - buffer_put_string(&m, in->value, in->length); - - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, &m); + u_int flags; + int r; - major = buffer_get_int(&m); - out->value = buffer_get_string(&m, &len); - out->length = len; - if (flags) - *flags = buffer_get_int(&m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_string(m, in->value, in->length)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, m); + + if ((r = sshbuf_get_u32(m, &major)) != 0 || + (r = ssh_gssapi_get_buffer_desc(m, out)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (flagsp != NULL) { + if ((r = sshbuf_get_u32(m, &flags)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + *flagsp = flags; + } - buffer_free(&m); + sshbuf_free(m); return (major); } @@ -926,39 +963,44 @@ mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in, OM_uint32 mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) { - Buffer m; + struct sshbuf *m; OM_uint32 major; + int r; - buffer_init(&m); - buffer_put_string(&m, gssbuf->value, gssbuf->length); - buffer_put_string(&m, gssmic->value, gssmic->length); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_string(m, gssbuf->value, gssbuf->length)) != 0 || + (r = sshbuf_put_string(m, gssmic->value, gssmic->length)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSCHECKMIC, - &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, m); + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_GSSCHECKMIC, m); - major = buffer_get_int(&m); - buffer_free(&m); + if ((r = sshbuf_get_u32(m, &major)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + sshbuf_free(m); return(major); } int mm_ssh_gssapi_userok(char *user) { - Buffer m; - int authenticated = 0; + struct sshbuf *m; + int r, authenticated = 0; - buffer_init(&m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK, - &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m); + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_GSSUSEROK, m); - authenticated = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &authenticated)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); - buffer_free(&m); + sshbuf_free(m); debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); return (authenticated); } #endif /* GSSAPI */ - diff --git a/monitor_wrap.h b/monitor_wrap.h index 76233270476..644da081db8 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.37 2018/03/03 03:15:51 djm Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.38 2018/07/11 18:53:29 markus Exp $ */ /* * Copyright 2002 Niels Provos @@ -41,8 +41,8 @@ struct sshauthopt; void mm_log_handler(LogLevel, const char *, void *); int mm_is_monitor(void); DH *mm_choose_dh(int, int, int); -int mm_key_sign(struct sshkey *, u_char **, u_int *, const u_char *, u_int, - const char *); +int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t, + const char *, u_int compat); void mm_inform_authserv(char *, char *); struct passwd *mm_getpwnamallow(const char *); char *mm_auth2_read_banner(void); @@ -97,8 +97,4 @@ void mm_send_keystate(struct monitor*); int mm_bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **); int mm_bsdauth_respond(void *, u_int, char **); -/* skey */ -int mm_skey_query(void *, char **, char **, u_int *, char ***, u_int **); -int mm_skey_respond(void *, u_int, char **); - #endif /* _MM_WRAP_H_ */ diff --git a/msg.c b/msg.c index 5a7b8ca9129..1bd20f3d305 100644 --- a/msg.c +++ b/msg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: msg.c,v 1.16 2015/01/15 09:40:00 djm Exp $ */ +/* $OpenBSD: msg.c,v 1.17 2018/07/09 21:59:10 markus Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -55,7 +55,7 @@ ssh_msg_send(int fd, u_char type, struct sshbuf *m) error("ssh_msg_send: write"); return (-1); } - if (atomicio(vwrite, fd, (u_char *)sshbuf_ptr(m), mlen) != mlen) { + if (atomicio(vwrite, fd, sshbuf_mutable_ptr(m), mlen) != mlen) { error("ssh_msg_send: write"); return (-1); } diff --git a/mux.c b/mux.c index 5ae4544100e..e607acd0842 100644 --- a/mux.c +++ b/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.69 2017/09/20 05:19:00 dtucker Exp $ */ +/* $OpenBSD: mux.c,v 1.75 2018/07/31 03:07:24 djm Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller * @@ -70,13 +70,13 @@ #include "pathnames.h" #include "misc.h" #include "match.h" -#include "buffer.h" +#include "sshbuf.h" #include "channels.h" #include "msg.h" #include "packet.h" #include "monitor_fdpass.h" #include "sshpty.h" -#include "key.h" +#include "sshkey.h" #include "readconf.h" #include "clientloop.h" #include "ssherr.h" @@ -87,7 +87,7 @@ extern Options options; extern int stdin_null_flag; extern char *host; extern int subsystem_flag; -extern Buffer command; +extern struct sshbuf *command; extern volatile sig_atomic_t quit_pending; /* Context for session open confirmation callback */ @@ -96,7 +96,7 @@ struct mux_session_confirm_ctx { u_int want_subsys; u_int want_x_fwd; u_int want_agent_fwd; - Buffer cmd; + struct sshbuf *cmd; char *term; struct termios tio; char **env; @@ -279,10 +279,11 @@ env_permitted(char *env) static int process_mux_master_hello(struct ssh *ssh, u_int rid, - Channel *c, Buffer *m, Buffer *r) + Channel *c, struct sshbuf *m, struct sshbuf *reply) { u_int ver; struct mux_master_state *state = (struct mux_master_state *)c->mux_ctx; + int r; if (state == NULL) fatal("%s: channel %d: c->mux_ctx == NULL", __func__, c->self); @@ -290,9 +291,8 @@ process_mux_master_hello(struct ssh *ssh, u_int rid, error("%s: HELLO received twice", __func__); return -1; } - if (buffer_get_int_ret(&ver, m) != 0) { - malf: - error("%s: malformed message", __func__); + if ((r = sshbuf_get_u32(m, &ver)) != 0) { + error("%s: malformed message: %s", __func__, ssh_err(r)); return -1; } if (ver != SSHMUX_VER) { @@ -303,51 +303,72 @@ process_mux_master_hello(struct ssh *ssh, u_int rid, debug2("%s: channel %d slave version %u", __func__, c->self, ver); /* No extensions are presently defined */ - while (buffer_len(m) > 0) { - char *name = buffer_get_string_ret(m, NULL); - char *value = buffer_get_string_ret(m, NULL); + while (sshbuf_len(m) > 0) { + char *name = NULL; - if (name == NULL || value == NULL) { - free(name); - free(value); - goto malf; + if ((r = sshbuf_get_cstring(m, &name, NULL)) != 0 || + (r = sshbuf_skip_string(m)) != 0) { /* value */ + error("%s: malformed extension: %s", + __func__, ssh_err(r)); + return -1; } debug2("Unrecognised slave extension \"%s\"", name); free(name); - free(value); } state->hello_rcvd = 1; return 0; } +/* Enqueue a "ok" response to the reply buffer */ +static void +reply_ok(struct sshbuf *reply, u_int rid) +{ + int r; + + if ((r = sshbuf_put_u32(reply, MUX_S_OK)) != 0 || + (r = sshbuf_put_u32(reply, rid)) != 0) + fatal("%s: reply: %s", __func__, ssh_err(r)); +} + +/* Enqueue an error response to the reply buffer */ +static void +reply_error(struct sshbuf *reply, u_int type, u_int rid, const char *msg) +{ + int r; + + if ((r = sshbuf_put_u32(reply, type)) != 0 || + (r = sshbuf_put_u32(reply, rid)) != 0 || + (r = sshbuf_put_cstring(reply, msg)) != 0) + fatal("%s: reply: %s", __func__, ssh_err(r)); +} + static int process_mux_new_session(struct ssh *ssh, u_int rid, - Channel *c, Buffer *m, Buffer *r) + Channel *c, struct sshbuf *m, struct sshbuf *reply) { Channel *nc; struct mux_session_confirm_ctx *cctx; - char *reserved, *cmd, *cp; - u_int i, j, len, env_len, escape_char, window, packetmax; - int new_fd[3]; + char *cmd, *cp; + u_int i, j, env_len, escape_char, window, packetmax; + int r, new_fd[3]; /* Reply for SSHMUX_COMMAND_OPEN */ cctx = xcalloc(1, sizeof(*cctx)); cctx->term = NULL; cctx->rid = rid; - cmd = reserved = NULL; + cmd = NULL; cctx->env = NULL; env_len = 0; - if ((reserved = buffer_get_string_ret(m, NULL)) == NULL || - buffer_get_int_ret(&cctx->want_tty, m) != 0 || - buffer_get_int_ret(&cctx->want_x_fwd, m) != 0 || - buffer_get_int_ret(&cctx->want_agent_fwd, m) != 0 || - buffer_get_int_ret(&cctx->want_subsys, m) != 0 || - buffer_get_int_ret(&escape_char, m) != 0 || - (cctx->term = buffer_get_string_ret(m, &len)) == NULL || - (cmd = buffer_get_string_ret(m, &len)) == NULL) { + if ((r = sshbuf_skip_string(m)) != 0 || /* reserved */ + (r = sshbuf_get_u32(m, &cctx->want_tty)) != 0 || + (r = sshbuf_get_u32(m, &cctx->want_x_fwd)) != 0 || + (r = sshbuf_get_u32(m, &cctx->want_agent_fwd)) != 0 || + (r = sshbuf_get_u32(m, &cctx->want_subsys)) != 0 || + (r = sshbuf_get_u32(m, &escape_char)) != 0 || + (r = sshbuf_get_cstring(m, &cctx->term, NULL)) != 0 || + (r = sshbuf_get_cstring(m, &cmd, NULL)) != 0) { malf: free(cmd); - free(reserved); for (j = 0; j < env_len; j++) free(cctx->env[j]); free(cctx->env); @@ -356,12 +377,10 @@ process_mux_new_session(struct ssh *ssh, u_int rid, error("%s: malformed message", __func__); return -1; } - free(reserved); - reserved = NULL; - while (buffer_len(m) > 0) { #define MUX_MAX_ENV_VARS 4096 - if ((cp = buffer_get_string_ret(m, &len)) == NULL) + while (sshbuf_len(m) > 0) { + if ((r = sshbuf_get_cstring(m, &cp, NULL)) != 0) goto malf; if (!env_permitted(cp)) { free(cp); @@ -383,8 +402,10 @@ process_mux_new_session(struct ssh *ssh, u_int rid, cctx->want_tty, cctx->want_x_fwd, cctx->want_agent_fwd, cctx->want_subsys, cctx->term, cmd, env_len); - buffer_init(&cctx->cmd); - buffer_append(&cctx->cmd, cmd, strlen(cmd)); + if ((cctx->cmd = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); + if ((r = sshbuf_put(cctx->cmd, cmd, strlen(cmd))) != 0) + fatal("%s: sshbuf_put: %s", __func__, ssh_err(r)); free(cmd); cmd = NULL; @@ -399,13 +420,9 @@ process_mux_new_session(struct ssh *ssh, u_int rid, free(cctx->env[j]); free(cctx->env); free(cctx->term); - buffer_free(&cctx->cmd); + sshbuf_free(cctx->cmd); free(cctx); - - /* prepare reply */ - buffer_put_int(r, MUX_S_FAILURE); - buffer_put_int(r, rid); - buffer_put_cstring(r, + reply_error(reply, MUX_S_FAILURE, rid, "did not receive file descriptors"); return -1; } @@ -417,10 +434,8 @@ process_mux_new_session(struct ssh *ssh, u_int rid, /* XXX support multiple child sessions in future */ if (c->have_remote_id) { debug2("%s: session already open", __func__); - /* prepare reply */ - buffer_put_int(r, MUX_S_FAILURE); - buffer_put_int(r, rid); - buffer_put_cstring(r, "Multiple sessions not supported"); + reply_error(reply, MUX_S_FAILURE, rid, + "Multiple sessions not supported"); cleanup: close(new_fd[0]); close(new_fd[1]); @@ -431,7 +446,7 @@ process_mux_new_session(struct ssh *ssh, u_int rid, free(cctx->env[i]); free(cctx->env); } - buffer_free(&cctx->cmd); + sshbuf_free(cctx->cmd); free(cctx); return 0; } @@ -440,10 +455,8 @@ process_mux_new_session(struct ssh *ssh, u_int rid, options.control_master == SSHCTL_MASTER_AUTO_ASK) { if (!ask_permission("Allow shared connection to %s? ", host)) { debug2("%s: session refused by user", __func__); - /* prepare reply */ - buffer_put_int(r, MUX_S_PERMISSION_DENIED); - buffer_put_int(r, rid); - buffer_put_cstring(r, "Permission denied"); + reply_error(reply, MUX_S_PERMISSION_DENIED, rid, + "Permission denied"); goto cleanup; } } @@ -497,21 +510,24 @@ process_mux_new_session(struct ssh *ssh, u_int rid, static int process_mux_alive_check(struct ssh *ssh, u_int rid, - Channel *c, Buffer *m, Buffer *r) + Channel *c, struct sshbuf *m, struct sshbuf *reply) { + int r; + debug2("%s: channel %d: alive check", __func__, c->self); /* prepare reply */ - buffer_put_int(r, MUX_S_ALIVE); - buffer_put_int(r, rid); - buffer_put_int(r, (u_int)getpid()); + if ((r = sshbuf_put_u32(reply, MUX_S_ALIVE)) != 0 || + (r = sshbuf_put_u32(reply, rid)) != 0 || + (r = sshbuf_put_u32(reply, (u_int)getpid())) != 0) + fatal("%s: reply: %s", __func__, ssh_err(r)); return 0; } static int process_mux_terminate(struct ssh *ssh, u_int rid, - Channel *c, Buffer *m, Buffer *r) + Channel *c, struct sshbuf *m, struct sshbuf *reply) { debug2("%s: channel %d: terminate request", __func__, c->self); @@ -520,16 +536,14 @@ process_mux_terminate(struct ssh *ssh, u_int rid, if (!ask_permission("Terminate shared connection to %s? ", host)) { debug2("%s: termination refused by user", __func__); - buffer_put_int(r, MUX_S_PERMISSION_DENIED); - buffer_put_int(r, rid); - buffer_put_cstring(r, "Permission denied"); + reply_error(reply, MUX_S_PERMISSION_DENIED, rid, + "Permission denied"); return 0; } } quit_pending = 1; - buffer_put_int(r, MUX_S_OK); - buffer_put_int(r, rid); + reply_ok(reply, rid); /* XXX exit happens too soon - message never makes it to client */ return 0; } @@ -606,14 +620,16 @@ mux_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt) char *failmsg = NULL; struct Forward *rfwd; Channel *c; - Buffer out; + struct sshbuf *out; + int r; if ((c = channel_by_id(ssh, fctx->cid)) == NULL) { /* no channel for reply */ error("%s: unknown channel", __func__); return; } - buffer_init(&out); + if ((out = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); if (fctx->fid >= options.num_remote_forwards || (options.remote_forwards[fctx->fid].connect_path == NULL && options.remote_forwards[fctx->fid].connect_host == NULL)) { @@ -631,19 +647,21 @@ mux_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt) debug("Allocated port %u for mux remote forward" " to %s:%d", rfwd->allocated_port, rfwd->connect_host, rfwd->connect_port); - buffer_put_int(&out, MUX_S_REMOTE_PORT); - buffer_put_int(&out, fctx->rid); - buffer_put_int(&out, rfwd->allocated_port); - channel_update_permitted_opens(ssh, rfwd->handle, + if ((r = sshbuf_put_u32(out, + MUX_S_REMOTE_PORT)) != 0 || + (r = sshbuf_put_u32(out, fctx->rid)) != 0 || + (r = sshbuf_put_u32(out, + rfwd->allocated_port)) != 0) + fatal("%s: reply: %s", __func__, ssh_err(r)); + channel_update_permission(ssh, rfwd->handle, rfwd->allocated_port); } else { - buffer_put_int(&out, MUX_S_OK); - buffer_put_int(&out, fctx->rid); + reply_ok(out, fctx->rid); } goto out; } else { if (rfwd->listen_port == 0) - channel_update_permitted_opens(ssh, rfwd->handle, -1); + channel_update_permission(ssh, rfwd->handle, -1); if (rfwd->listen_path != NULL) xasprintf(&failmsg, "remote port forwarding failed for " "listen path %s", rfwd->listen_path); @@ -664,13 +682,12 @@ mux_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt) } fail: error("%s: %s", __func__, failmsg); - buffer_put_int(&out, MUX_S_FAILURE); - buffer_put_int(&out, fctx->rid); - buffer_put_cstring(&out, failmsg); + reply_error(out, MUX_S_FAILURE, fctx->rid, failmsg); free(failmsg); out: - buffer_put_string(c->output, buffer_ptr(&out), buffer_len(&out)); - buffer_free(&out); + if ((r = sshbuf_put_stringb(c->output, out)) != 0) + fatal("%s: sshbuf_put_stringb: %s", __func__, ssh_err(r)); + sshbuf_free(out); if (c->mux_pause <= 0) fatal("%s: mux_pause %d", __func__, c->mux_pause); c->mux_pause = 0; /* start processing messages again */ @@ -678,23 +695,23 @@ mux_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt) static int process_mux_open_fwd(struct ssh *ssh, u_int rid, - Channel *c, Buffer *m, Buffer *r) + Channel *c, struct sshbuf *m, struct sshbuf *reply) { struct Forward fwd; char *fwd_desc = NULL; char *listen_addr, *connect_addr; u_int ftype; u_int lport, cport; - int i, ret = 0, freefwd = 1; + int r, i, ret = 0, freefwd = 1; memset(&fwd, 0, sizeof(fwd)); /* XXX - lport/cport check redundant */ - if (buffer_get_int_ret(&ftype, m) != 0 || - (listen_addr = buffer_get_string_ret(m, NULL)) == NULL || - buffer_get_int_ret(&lport, m) != 0 || - (connect_addr = buffer_get_string_ret(m, NULL)) == NULL || - buffer_get_int_ret(&cport, m) != 0 || + if ((r = sshbuf_get_u32(m, &ftype)) != 0 || + (r = sshbuf_get_cstring(m, &listen_addr, NULL)) != 0 || + (r = sshbuf_get_u32(m, &lport)) != 0 || + (r = sshbuf_get_cstring(m, &connect_addr, NULL)) != 0 || + (r = sshbuf_get_u32(m, &cport)) != 0 || (lport != (u_int)PORT_STREAMLOCAL && lport > 65535) || (cport != (u_int)PORT_STREAMLOCAL && cport > 65535)) { error("%s: malformed message", __func__); @@ -731,9 +748,8 @@ process_mux_open_fwd(struct ssh *ssh, u_int rid, invalid: free(listen_addr); free(connect_addr); - buffer_put_int(r, MUX_S_FAILURE); - buffer_put_int(r, rid); - buffer_put_cstring(r, "Invalid forwarding request"); + reply_error(reply, MUX_S_FAILURE, rid, + "Invalid forwarding request"); return 0; } if (ftype == MUX_FWD_DYNAMIC && fwd.listen_path) { @@ -770,26 +786,25 @@ process_mux_open_fwd(struct ssh *ssh, u_int rid, exists: debug2("%s: found existing forwarding", __func__); - buffer_put_int(r, MUX_S_OK); - buffer_put_int(r, rid); + reply_ok(reply, rid); goto out; } } break; case MUX_FWD_REMOTE: for (i = 0; i < options.num_remote_forwards; i++) { - if (compare_forward(&fwd, - options.remote_forwards + i)) { - if (fwd.listen_port != 0) - goto exists; - debug2("%s: found allocated port", - __func__); - buffer_put_int(r, MUX_S_REMOTE_PORT); - buffer_put_int(r, rid); - buffer_put_int(r, - options.remote_forwards[i].allocated_port); - goto out; - } + if (!compare_forward(&fwd, options.remote_forwards + i)) + continue; + if (fwd.listen_port != 0) + goto exists; + debug2("%s: found allocated port", __func__); + if ((r = sshbuf_put_u32(reply, + MUX_S_REMOTE_PORT)) != 0 || + (r = sshbuf_put_u32(reply, rid)) != 0 || + (r = sshbuf_put_u32(reply, + options.remote_forwards[i].allocated_port)) != 0) + fatal("%s: reply: %s", __func__, ssh_err(r)); + goto out; } break; } @@ -798,9 +813,8 @@ process_mux_open_fwd(struct ssh *ssh, u_int rid, options.control_master == SSHCTL_MASTER_AUTO_ASK) { if (!ask_permission("Open %s on %s?", fwd_desc, host)) { debug2("%s: forwarding refused by user", __func__); - buffer_put_int(r, MUX_S_PERMISSION_DENIED); - buffer_put_int(r, rid); - buffer_put_cstring(r, "Permission denied"); + reply_error(reply, MUX_S_PERMISSION_DENIED, rid, + "Permission denied"); goto out; } } @@ -810,9 +824,8 @@ process_mux_open_fwd(struct ssh *ssh, u_int rid, &options.fwd_opts)) { fail: logit("slave-requested %s failed", fwd_desc); - buffer_put_int(r, MUX_S_FAILURE); - buffer_put_int(r, rid); - buffer_put_cstring(r, "Port forwarding failed"); + reply_error(reply, MUX_S_FAILURE, rid, + "Port forwarding failed"); goto out; } add_local_forward(&options, &fwd); @@ -835,8 +848,7 @@ process_mux_open_fwd(struct ssh *ssh, u_int rid, /* delayed reply in mux_confirm_remote_forward */ goto out; } - buffer_put_int(r, MUX_S_OK); - buffer_put_int(r, rid); + reply_ok(reply, rid); out: free(fwd_desc); if (freefwd) { @@ -850,23 +862,23 @@ process_mux_open_fwd(struct ssh *ssh, u_int rid, static int process_mux_close_fwd(struct ssh *ssh, u_int rid, - Channel *c, Buffer *m, Buffer *r) + Channel *c, struct sshbuf *m, struct sshbuf *reply) { struct Forward fwd, *found_fwd; char *fwd_desc = NULL; const char *error_reason = NULL; char *listen_addr = NULL, *connect_addr = NULL; u_int ftype; - int i, ret = 0; + int r, i, ret = 0; u_int lport, cport; memset(&fwd, 0, sizeof(fwd)); - if (buffer_get_int_ret(&ftype, m) != 0 || - (listen_addr = buffer_get_string_ret(m, NULL)) == NULL || - buffer_get_int_ret(&lport, m) != 0 || - (connect_addr = buffer_get_string_ret(m, NULL)) == NULL || - buffer_get_int_ret(&cport, m) != 0 || + if ((r = sshbuf_get_u32(m, &ftype)) != 0 || + (r = sshbuf_get_cstring(m, &listen_addr, NULL)) != 0 || + (r = sshbuf_get_u32(m, &lport)) != 0 || + (r = sshbuf_get_cstring(m, &connect_addr, NULL)) != 0 || + (r = sshbuf_get_u32(m, &cport)) != 0 || (lport != (u_int)PORT_STREAMLOCAL && lport > 65535) || (cport != (u_int)PORT_STREAMLOCAL && cport > 65535)) { error("%s: malformed message", __func__); @@ -940,10 +952,10 @@ process_mux_close_fwd(struct ssh *ssh, u_int rid, error_reason = "port not found"; } - if (error_reason == NULL) { - buffer_put_int(r, MUX_S_OK); - buffer_put_int(r, rid); - + if (error_reason != NULL) + reply_error(reply, MUX_S_FAILURE, rid, error_reason); + else { + reply_ok(reply, rid); free(found_fwd->listen_host); free(found_fwd->listen_path); free(found_fwd->connect_host); @@ -951,10 +963,6 @@ process_mux_close_fwd(struct ssh *ssh, u_int rid, found_fwd->listen_host = found_fwd->connect_host = NULL; found_fwd->listen_path = found_fwd->connect_path = NULL; found_fwd->listen_port = found_fwd->connect_port = 0; - } else { - buffer_put_int(r, MUX_S_FAILURE); - buffer_put_int(r, rid); - buffer_put_cstring(r, error_reason); } out: free(fwd_desc); @@ -966,24 +974,21 @@ process_mux_close_fwd(struct ssh *ssh, u_int rid, static int process_mux_stdio_fwd(struct ssh *ssh, u_int rid, - Channel *c, Buffer *m, Buffer *r) + Channel *c, struct sshbuf *m, struct sshbuf *reply) { Channel *nc; - char *reserved, *chost; + char *chost = NULL; u_int cport, i, j; - int new_fd[2]; + int r, new_fd[2]; struct mux_stdio_confirm_ctx *cctx; - chost = reserved = NULL; - if ((reserved = buffer_get_string_ret(m, NULL)) == NULL || - (chost = buffer_get_string_ret(m, NULL)) == NULL || - buffer_get_int_ret(&cport, m) != 0) { - free(reserved); + if ((r = sshbuf_skip_string(m)) != 0 || /* reserved */ + (r = sshbuf_get_cstring(m, &chost, NULL)) != 0 || + (r = sshbuf_get_u32(m, &cport)) != 0) { free(chost); error("%s: malformed message", __func__); return -1; } - free(reserved); debug2("%s: channel %d: request stdio fwd to %s:%u", __func__, c->self, chost, cport); @@ -998,9 +1003,7 @@ process_mux_stdio_fwd(struct ssh *ssh, u_int rid, free(chost); /* prepare reply */ - buffer_put_int(r, MUX_S_FAILURE); - buffer_put_int(r, rid); - buffer_put_cstring(r, + reply_error(reply, MUX_S_FAILURE, rid, "did not receive file descriptors"); return -1; } @@ -1012,10 +1015,8 @@ process_mux_stdio_fwd(struct ssh *ssh, u_int rid, /* XXX support multiple child sessions in future */ if (c->have_remote_id) { debug2("%s: session already open", __func__); - /* prepare reply */ - buffer_put_int(r, MUX_S_FAILURE); - buffer_put_int(r, rid); - buffer_put_cstring(r, "Multiple sessions not supported"); + reply_error(reply, MUX_S_FAILURE, rid, + "Multiple sessions not supported"); cleanup: close(new_fd[0]); close(new_fd[1]); @@ -1028,10 +1029,8 @@ process_mux_stdio_fwd(struct ssh *ssh, u_int rid, if (!ask_permission("Allow forward to %s:%u? ", chost, cport)) { debug2("%s: stdio fwd refused by user", __func__); - /* prepare reply */ - buffer_put_int(r, MUX_S_PERMISSION_DENIED); - buffer_put_int(r, rid); - buffer_put_cstring(r, "Permission denied"); + reply_error(reply, MUX_S_PERMISSION_DENIED, rid, + "Permission denied"); goto cleanup; } } @@ -1043,6 +1042,7 @@ process_mux_stdio_fwd(struct ssh *ssh, u_int rid, set_nonblock(new_fd[1]); nc = channel_connect_stdio_fwd(ssh, chost, cport, new_fd[0], new_fd[1]); + free(chost); nc->ctl_chan = c->self; /* link session -> control channel */ c->remote_id = nc->self; /* link control -> session channel */ @@ -1069,7 +1069,8 @@ mux_stdio_confirm(struct ssh *ssh, int id, int success, void *arg) { struct mux_stdio_confirm_ctx *cctx = arg; Channel *c, *cc; - Buffer reply; + struct sshbuf *reply; + int r; if (cctx == NULL) fatal("%s: cctx == NULL", __func__); @@ -1078,28 +1079,29 @@ mux_stdio_confirm(struct ssh *ssh, int id, int success, void *arg) if ((cc = channel_by_id(ssh, c->ctl_chan)) == NULL) fatal("%s: channel %d lacks control channel %d", __func__, id, c->ctl_chan); + if ((reply = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); if (!success) { debug3("%s: sending failure reply", __func__); + reply_error(reply, MUX_S_FAILURE, cctx->rid, + "Session open refused by peer"); /* prepare reply */ - buffer_init(&reply); - buffer_put_int(&reply, MUX_S_FAILURE); - buffer_put_int(&reply, cctx->rid); - buffer_put_cstring(&reply, "Session open refused by peer"); goto done; } debug3("%s: sending success reply", __func__); /* prepare reply */ - buffer_init(&reply); - buffer_put_int(&reply, MUX_S_SESSION_OPENED); - buffer_put_int(&reply, cctx->rid); - buffer_put_int(&reply, c->self); + if ((r = sshbuf_put_u32(reply, MUX_S_SESSION_OPENED)) != 0 || + (r = sshbuf_put_u32(reply, cctx->rid)) != 0 || + (r = sshbuf_put_u32(reply, c->self)) != 0) + fatal("%s: reply: %s", __func__, ssh_err(r)); done: /* Send reply */ - buffer_put_string(cc->output, buffer_ptr(&reply), buffer_len(&reply)); - buffer_free(&reply); + if ((r = sshbuf_put_stringb(cc->output, reply)) != 0) + fatal("%s: sshbuf_put_stringb: %s", __func__, ssh_err(r)); + sshbuf_free(reply); if (cc->mux_pause <= 0) fatal("%s: mux_pause %d", __func__, cc->mux_pause); @@ -1110,7 +1112,7 @@ mux_stdio_confirm(struct ssh *ssh, int id, int success, void *arg) static int process_mux_stop_listening(struct ssh *ssh, u_int rid, - Channel *c, Buffer *m, Buffer *r) + Channel *c, struct sshbuf *m, struct sshbuf *reply) { debug("%s: channel %d: stop listening", __func__, c->self); @@ -1119,9 +1121,8 @@ process_mux_stop_listening(struct ssh *ssh, u_int rid, if (!ask_permission("Disable further multiplexing on shared " "connection to %s? ", host)) { debug2("%s: stop listen refused by user", __func__); - buffer_put_int(r, MUX_S_PERMISSION_DENIED); - buffer_put_int(r, rid); - buffer_put_cstring(r, "Permission denied"); + reply_error(reply, MUX_S_PERMISSION_DENIED, rid, + "Permission denied"); return 0; } } @@ -1135,22 +1136,22 @@ process_mux_stop_listening(struct ssh *ssh, u_int rid, muxserver_sock = -1; } - /* prepare reply */ - buffer_put_int(r, MUX_S_OK); - buffer_put_int(r, rid); - + reply_ok(reply, rid); return 0; } static int process_mux_proxy(struct ssh *ssh, u_int rid, - Channel *c, Buffer *m, Buffer *r) + Channel *c, struct sshbuf *m, struct sshbuf *reply) { + int r; + debug("%s: channel %d: proxy request", __func__, c->self); c->mux_rcb = channel_proxy_downstream; - buffer_put_int(r, MUX_S_PROXY); - buffer_put_int(r, rid); + if ((r = sshbuf_put_u32(reply, MUX_S_PROXY)) != 0 || + (r = sshbuf_put_u32(reply, rid)) != 0) + fatal("%s: reply: %s", __func__, ssh_err(r)); return 0; } @@ -1160,10 +1161,12 @@ static int mux_master_read_cb(struct ssh *ssh, Channel *c) { struct mux_master_state *state = (struct mux_master_state *)c->mux_ctx; - Buffer in, out; - const u_char *ptr; - u_int type, rid, have, i; - int ret = -1; + struct sshbuf *in = NULL, *out = NULL; + u_int type, rid, i; + int r, ret = -1; + + if ((out = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); /* Setup ctx and */ if (c->mux_ctx == NULL) { @@ -1173,32 +1176,29 @@ mux_master_read_cb(struct ssh *ssh, Channel *c) mux_master_control_cleanup_cb, 0); /* Send hello */ - buffer_init(&out); - buffer_put_int(&out, MUX_MSG_HELLO); - buffer_put_int(&out, SSHMUX_VER); + if ((r = sshbuf_put_u32(out, MUX_MSG_HELLO)) != 0 || + (r = sshbuf_put_u32(out, SSHMUX_VER)) != 0) + fatal("%s: reply: %s", __func__, ssh_err(r)); /* no extensions */ - buffer_put_string(c->output, buffer_ptr(&out), - buffer_len(&out)); - buffer_free(&out); + if ((r = sshbuf_put_stringb(c->output, out)) != 0) + fatal("%s: sshbuf_put_stringb: %s", + __func__, ssh_err(r)); debug3("%s: channel %d: hello sent", __func__, c->self); - return 0; + ret = 0; + goto out; } - buffer_init(&in); - buffer_init(&out); - /* Channel code ensures that we receive whole packets */ - if ((ptr = buffer_get_string_ptr_ret(c->input, &have)) == NULL) { + if ((r = sshbuf_froms(c->input, &in)) != 0) { malf: error("%s: malformed message", __func__); goto out; } - buffer_append(&in, ptr, have); - if (buffer_get_int_ret(&type, &in) != 0) + if ((r = sshbuf_get_u32(in, &type)) != 0) goto malf; - debug3("%s: channel %d packet type 0x%08x len %u", - __func__, c->self, type, buffer_len(&in)); + debug3("%s: channel %d packet type 0x%08x len %zu", + __func__, c->self, type, sshbuf_len(in)); if (type == MUX_MSG_HELLO) rid = 0; @@ -1208,40 +1208,40 @@ mux_master_read_cb(struct ssh *ssh, Channel *c) "received 0x%08x", __func__, MUX_MSG_HELLO, type); goto out; } - if (buffer_get_int_ret(&rid, &in) != 0) + if ((r = sshbuf_get_u32(in, &rid)) != 0) goto malf; } for (i = 0; mux_master_handlers[i].handler != NULL; i++) { if (type == mux_master_handlers[i].type) { ret = mux_master_handlers[i].handler(ssh, rid, - c, &in, &out); + c, in, out); break; } } if (mux_master_handlers[i].handler == NULL) { error("%s: unsupported mux message 0x%08x", __func__, type); - buffer_put_int(&out, MUX_S_FAILURE); - buffer_put_int(&out, rid); - buffer_put_cstring(&out, "unsupported request"); + reply_error(out, MUX_S_FAILURE, rid, "unsupported request"); ret = 0; } /* Enqueue reply packet */ - if (buffer_len(&out) != 0) { - buffer_put_string(c->output, buffer_ptr(&out), - buffer_len(&out)); + if (sshbuf_len(out) != 0) { + if ((r = sshbuf_put_stringb(c->output, out)) != 0) + fatal("%s: sshbuf_put_stringb: %s", + __func__, ssh_err(r)); } out: - buffer_free(&in); - buffer_free(&out); + sshbuf_free(in); + sshbuf_free(out); return ret; } void mux_exit_message(struct ssh *ssh, Channel *c, int exitval) { - Buffer m; + struct sshbuf *m; Channel *mux_chan; + int r; debug3("%s: channel %d: exit message, exitval %d", __func__, c->self, exitval); @@ -1251,20 +1251,22 @@ mux_exit_message(struct ssh *ssh, Channel *c, int exitval) __func__, c->self, c->ctl_chan); /* Append exit message packet to control socket output queue */ - buffer_init(&m); - buffer_put_int(&m, MUX_S_EXIT_MESSAGE); - buffer_put_int(&m, c->self); - buffer_put_int(&m, exitval); - - buffer_put_string(mux_chan->output, buffer_ptr(&m), buffer_len(&m)); - buffer_free(&m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); + if ((r = sshbuf_put_u32(m, MUX_S_EXIT_MESSAGE)) != 0 || + (r = sshbuf_put_u32(m, c->self)) != 0 || + (r = sshbuf_put_u32(m, exitval)) != 0 || + (r = sshbuf_put_stringb(mux_chan->output, m)) != 0) + fatal("%s: reply: %s", __func__, ssh_err(r)); + sshbuf_free(m); } void mux_tty_alloc_failed(struct ssh *ssh, Channel *c) { - Buffer m; + struct sshbuf *m; Channel *mux_chan; + int r; debug3("%s: channel %d: TTY alloc failed", __func__, c->self); @@ -1273,12 +1275,13 @@ mux_tty_alloc_failed(struct ssh *ssh, Channel *c) __func__, c->self, c->ctl_chan); /* Append exit message packet to control socket output queue */ - buffer_init(&m); - buffer_put_int(&m, MUX_S_TTY_ALLOC_FAIL); - buffer_put_int(&m, c->self); - - buffer_put_string(mux_chan->output, buffer_ptr(&m), buffer_len(&m)); - buffer_free(&m); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); + if ((r = sshbuf_put_u32(m, MUX_S_TTY_ALLOC_FAIL)) != 0 || + (r = sshbuf_put_u32(m, c->self)) != 0 || + (r = sshbuf_put_stringb(mux_chan->output, m)) != 0) + fatal("%s: reply: %s", __func__, ssh_err(r)); + sshbuf_free(m); } /* Prepare a mux master to listen on a Unix domain socket. */ @@ -1372,8 +1375,8 @@ mux_session_confirm(struct ssh *ssh, int id, int success, void *arg) struct mux_session_confirm_ctx *cctx = arg; const char *display; Channel *c, *cc; - int i; - Buffer reply; + int i, r; + struct sshbuf *reply; if (cctx == NULL) fatal("%s: cctx == NULL", __func__); @@ -1382,14 +1385,13 @@ mux_session_confirm(struct ssh *ssh, int id, int success, void *arg) if ((cc = channel_by_id(ssh, c->ctl_chan)) == NULL) fatal("%s: channel %d lacks control channel %d", __func__, id, c->ctl_chan); + if ((reply = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); if (!success) { debug3("%s: sending failure reply", __func__); - /* prepare reply */ - buffer_init(&reply); - buffer_put_int(&reply, MUX_S_FAILURE); - buffer_put_int(&reply, cctx->rid); - buffer_put_cstring(&reply, "Session open refused by peer"); + reply_error(reply, MUX_S_FAILURE, cctx->rid, + "Session open refused by peer"); goto done; } @@ -1419,25 +1421,26 @@ mux_session_confirm(struct ssh *ssh, int id, int success, void *arg) } client_session2_setup(ssh, id, cctx->want_tty, cctx->want_subsys, - cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env); + cctx->term, &cctx->tio, c->rfd, cctx->cmd, cctx->env); debug3("%s: sending success reply", __func__); /* prepare reply */ - buffer_init(&reply); - buffer_put_int(&reply, MUX_S_SESSION_OPENED); - buffer_put_int(&reply, cctx->rid); - buffer_put_int(&reply, c->self); + if ((r = sshbuf_put_u32(reply, MUX_S_SESSION_OPENED)) != 0 || + (r = sshbuf_put_u32(reply, cctx->rid)) != 0 || + (r = sshbuf_put_u32(reply, c->self)) != 0) + fatal("%s: reply: %s", __func__, ssh_err(r)); done: /* Send reply */ - buffer_put_string(cc->output, buffer_ptr(&reply), buffer_len(&reply)); - buffer_free(&reply); + if ((r = sshbuf_put_stringb(cc->output, reply)) != 0) + fatal("%s: sshbuf_put_stringb: %s", __func__, ssh_err(r)); + sshbuf_free(reply); if (cc->mux_pause <= 0) fatal("%s: mux_pause %d", __func__, cc->mux_pause); cc->mux_pause = 0; /* start processing messages again */ c->open_confirm_ctx = NULL; - buffer_free(&cctx->cmd); + sshbuf_free(cctx->cmd); free(cctx->term); if (cctx->env != NULL) { for (i = 0; cctx->env[i] != NULL; i++) @@ -1472,16 +1475,18 @@ control_client_sigrelay(int signo) } static int -mux_client_read(int fd, Buffer *b, u_int need) +mux_client_read(int fd, struct sshbuf *b, size_t need) { - u_int have; + size_t have; ssize_t len; u_char *p; struct pollfd pfd; + int r; pfd.fd = fd; pfd.events = POLLIN; - p = buffer_append_space(b, need); + if ((r = sshbuf_reserve(b, need, &p)) != 0) + fatal("%s: reserve: %s", __func__, ssh_err(r)); for (have = 0; have < need; ) { if (muxclient_terminate) { errno = EINTR; @@ -1506,31 +1511,33 @@ mux_client_read(int fd, Buffer *b, u_int need) errno = EPIPE; return -1; } - have += (u_int)len; + have += (size_t)len; } return 0; } static int -mux_client_write_packet(int fd, Buffer *m) +mux_client_write_packet(int fd, struct sshbuf *m) { - Buffer queue; + struct sshbuf *queue; u_int have, need; - int oerrno, len; - u_char *ptr; + int r, oerrno, len; + const u_char *ptr; struct pollfd pfd; pfd.fd = fd; pfd.events = POLLOUT; - buffer_init(&queue); - buffer_put_string(&queue, buffer_ptr(m), buffer_len(m)); + if ((queue = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); + if ((r = sshbuf_put_stringb(queue, m)) != 0) + fatal("%s: sshbuf_put_stringb: %s", __func__, ssh_err(r)); - need = buffer_len(&queue); - ptr = buffer_ptr(&queue); + need = sshbuf_len(queue); + ptr = sshbuf_ptr(queue); for (have = 0; have < need; ) { if (muxclient_terminate) { - buffer_free(&queue); + sshbuf_free(queue); errno = EINTR; return -1; } @@ -1547,85 +1554,91 @@ mux_client_write_packet(int fd, Buffer *m) continue; default: oerrno = errno; - buffer_free(&queue); + sshbuf_free(queue); errno = oerrno; return -1; } } if (len == 0) { - buffer_free(&queue); + sshbuf_free(queue); errno = EPIPE; return -1; } have += (u_int)len; } - buffer_free(&queue); + sshbuf_free(queue); return 0; } static int -mux_client_read_packet(int fd, Buffer *m) +mux_client_read_packet(int fd, struct sshbuf *m) { - Buffer queue; - u_int need, have; + struct sshbuf *queue; + size_t need, have; const u_char *ptr; - int oerrno; + int r, oerrno; - buffer_init(&queue); - if (mux_client_read(fd, &queue, 4) != 0) { + if ((queue = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); + if (mux_client_read(fd, queue, 4) != 0) { if ((oerrno = errno) == EPIPE) debug3("%s: read header failed: %s", __func__, strerror(errno)); - buffer_free(&queue); + sshbuf_free(queue); errno = oerrno; return -1; } - need = get_u32(buffer_ptr(&queue)); - if (mux_client_read(fd, &queue, need) != 0) { + need = PEEK_U32(sshbuf_ptr(queue)); + if (mux_client_read(fd, queue, need) != 0) { oerrno = errno; debug3("%s: read body failed: %s", __func__, strerror(errno)); - buffer_free(&queue); + sshbuf_free(queue); errno = oerrno; return -1; } - ptr = buffer_get_string_ptr(&queue, &have); - buffer_append(m, ptr, have); - buffer_free(&queue); + if ((r = sshbuf_get_string_direct(queue, &ptr, &have)) != 0 || + (r = sshbuf_put(m, ptr, have)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + sshbuf_free(queue); return 0; } static int mux_client_hello_exchange(int fd) { - Buffer m; + struct sshbuf *m; u_int type, ver; - int ret = -1; + int r, ret = -1; - buffer_init(&m); - buffer_put_int(&m, MUX_MSG_HELLO); - buffer_put_int(&m, SSHMUX_VER); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); + if ((r = sshbuf_put_u32(m, MUX_MSG_HELLO)) != 0 || + (r = sshbuf_put_u32(m, SSHMUX_VER)) != 0) + fatal("%s: hello: %s", __func__, ssh_err(r)); /* no extensions */ - if (mux_client_write_packet(fd, &m) != 0) { + if (mux_client_write_packet(fd, m) != 0) { debug("%s: write packet: %s", __func__, strerror(errno)); goto out; } - buffer_clear(&m); + sshbuf_reset(m); /* Read their HELLO */ - if (mux_client_read_packet(fd, &m) != 0) { + if (mux_client_read_packet(fd, m) != 0) { debug("%s: read packet failed", __func__); goto out; } - type = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &type)) != 0) + fatal("%s: decode type: %s", __func__, ssh_err(r)); if (type != MUX_MSG_HELLO) { error("%s: expected HELLO (%u) received %u", __func__, MUX_MSG_HELLO, type); goto out; } - ver = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &ver)) != 0) + fatal("%s: decode version: %s", __func__, ssh_err(r)); if (ver != SSHMUX_VER) { error("Unsupported multiplexing protocol version %d " "(expected %d)", ver, SSHMUX_VER); @@ -1633,56 +1646,68 @@ mux_client_hello_exchange(int fd) } debug2("%s: master version %u", __func__, ver); /* No extensions are presently defined */ - while (buffer_len(&m) > 0) { - char *name = buffer_get_string(&m, NULL); - char *value = buffer_get_string(&m, NULL); + while (sshbuf_len(m) > 0) { + char *name = NULL; + if ((r = sshbuf_get_cstring(m, &name, NULL)) != 0 || + (r = sshbuf_skip_string(m)) != 0) { /* value */ + error("%s: malformed extension: %s", + __func__, ssh_err(r)); + goto out; + } debug2("Unrecognised master extension \"%s\"", name); free(name); - free(value); } /* success */ ret = 0; out: - buffer_free(&m); + sshbuf_free(m); return ret; } static u_int mux_client_request_alive(int fd) { - Buffer m; + struct sshbuf *m; char *e; u_int pid, type, rid; + int r; debug3("%s: entering", __func__); - buffer_init(&m); - buffer_put_int(&m, MUX_C_ALIVE_CHECK); - buffer_put_int(&m, muxclient_request_id); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); + if ((r = sshbuf_put_u32(m, MUX_C_ALIVE_CHECK)) != 0 || + (r = sshbuf_put_u32(m, muxclient_request_id)) != 0) + fatal("%s: request: %s", __func__, ssh_err(r)); - if (mux_client_write_packet(fd, &m) != 0) + if (mux_client_write_packet(fd, m) != 0) fatal("%s: write packet: %s", __func__, strerror(errno)); - buffer_clear(&m); + sshbuf_reset(m); /* Read their reply */ - if (mux_client_read_packet(fd, &m) != 0) { - buffer_free(&m); + if (mux_client_read_packet(fd, m) != 0) { + sshbuf_free(m); return 0; } - type = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &type)) != 0) + fatal("%s: decode type: %s", __func__, ssh_err(r)); if (type != MUX_S_ALIVE) { - e = buffer_get_string(&m, NULL); + if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) + fatal("%s: decode error: %s", __func__, ssh_err(r)); fatal("%s: master returned error: %s", __func__, e); } - if ((rid = buffer_get_int(&m)) != muxclient_request_id) + if ((r = sshbuf_get_u32(m, &rid)) != 0) + fatal("%s: decode remote ID: %s", __func__, ssh_err(r)); + if (rid != muxclient_request_id) fatal("%s: out of sequence reply: my id %u theirs %u", __func__, muxclient_request_id, rid); - pid = buffer_get_int(&m); - buffer_free(&m); + if ((r = sshbuf_get_u32(m, &pid)) != 0) + fatal("%s: decode PID: %s", __func__, ssh_err(r)); + sshbuf_free(m); debug3("%s: done pid = %u", __func__, pid); @@ -1694,107 +1719,128 @@ mux_client_request_alive(int fd) static void mux_client_request_terminate(int fd) { - Buffer m; + struct sshbuf *m; char *e; u_int type, rid; + int r; debug3("%s: entering", __func__); - buffer_init(&m); - buffer_put_int(&m, MUX_C_TERMINATE); - buffer_put_int(&m, muxclient_request_id); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); + if ((r = sshbuf_put_u32(m, MUX_C_TERMINATE)) != 0 || + (r = sshbuf_put_u32(m, muxclient_request_id)) != 0) + fatal("%s: request: %s", __func__, ssh_err(r)); - if (mux_client_write_packet(fd, &m) != 0) + if (mux_client_write_packet(fd, m) != 0) fatal("%s: write packet: %s", __func__, strerror(errno)); - buffer_clear(&m); + sshbuf_reset(m); /* Read their reply */ - if (mux_client_read_packet(fd, &m) != 0) { + if (mux_client_read_packet(fd, m) != 0) { /* Remote end exited already */ if (errno == EPIPE) { - buffer_free(&m); + sshbuf_free(m); return; } fatal("%s: read from master failed: %s", __func__, strerror(errno)); } - type = buffer_get_int(&m); - if ((rid = buffer_get_int(&m)) != muxclient_request_id) + if ((r = sshbuf_get_u32(m, &type)) != 0 || + (r = sshbuf_get_u32(m, &rid)) != 0) + fatal("%s: decode: %s", __func__, ssh_err(r)); + if (rid != muxclient_request_id) fatal("%s: out of sequence reply: my id %u theirs %u", __func__, muxclient_request_id, rid); switch (type) { case MUX_S_OK: break; case MUX_S_PERMISSION_DENIED: - e = buffer_get_string(&m, NULL); + if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) + fatal("%s: decode error: %s", __func__, ssh_err(r)); fatal("Master refused termination request: %s", e); case MUX_S_FAILURE: - e = buffer_get_string(&m, NULL); + if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) + fatal("%s: decode error: %s", __func__, ssh_err(r)); fatal("%s: termination request failed: %s", __func__, e); default: fatal("%s: unexpected response from master 0x%08x", __func__, type); } - buffer_free(&m); + sshbuf_free(m); muxclient_request_id++; } static int mux_client_forward(int fd, int cancel_flag, u_int ftype, struct Forward *fwd) { - Buffer m; + struct sshbuf *m; char *e, *fwd_desc; + const char *lhost, *chost; u_int type, rid; + int r; fwd_desc = format_forward(ftype, fwd); debug("Requesting %s %s", cancel_flag ? "cancellation of" : "forwarding of", fwd_desc); free(fwd_desc); - buffer_init(&m); - buffer_put_int(&m, cancel_flag ? MUX_C_CLOSE_FWD : MUX_C_OPEN_FWD); - buffer_put_int(&m, muxclient_request_id); - buffer_put_int(&m, ftype); - if (fwd->listen_path != NULL) { - buffer_put_cstring(&m, fwd->listen_path); - } else { - buffer_put_cstring(&m, - fwd->listen_host == NULL ? "" : - (*fwd->listen_host == '\0' ? "*" : fwd->listen_host)); - } - buffer_put_int(&m, fwd->listen_port); - if (fwd->connect_path != NULL) { - buffer_put_cstring(&m, fwd->connect_path); - } else { - buffer_put_cstring(&m, - fwd->connect_host == NULL ? "" : fwd->connect_host); - } - buffer_put_int(&m, fwd->connect_port); + type = cancel_flag ? MUX_C_CLOSE_FWD : MUX_C_OPEN_FWD; + if (fwd->listen_path != NULL) + lhost = fwd->listen_path; + else if (fwd->listen_host == NULL) + lhost = ""; + else if (*fwd->listen_host == '\0') + lhost = "*"; + else + lhost = fwd->listen_host; - if (mux_client_write_packet(fd, &m) != 0) + if (fwd->connect_path != NULL) + chost = fwd->connect_path; + else if (fwd->connect_host == NULL) + chost = ""; + else + chost = fwd->connect_host; + + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); + if ((r = sshbuf_put_u32(m, type)) != 0 || + (r = sshbuf_put_u32(m, muxclient_request_id)) != 0 || + (r = sshbuf_put_u32(m, ftype)) != 0 || + (r = sshbuf_put_cstring(m, lhost)) != 0 || + (r = sshbuf_put_u32(m, fwd->listen_port)) != 0 || + (r = sshbuf_put_cstring(m, chost)) != 0 || + (r = sshbuf_put_u32(m, fwd->connect_port)) != 0) + fatal("%s: request: %s", __func__, ssh_err(r)); + + if (mux_client_write_packet(fd, m) != 0) fatal("%s: write packet: %s", __func__, strerror(errno)); - buffer_clear(&m); + sshbuf_reset(m); /* Read their reply */ - if (mux_client_read_packet(fd, &m) != 0) { - buffer_free(&m); + if (mux_client_read_packet(fd, m) != 0) { + sshbuf_free(m); return -1; } - type = buffer_get_int(&m); - if ((rid = buffer_get_int(&m)) != muxclient_request_id) + if ((r = sshbuf_get_u32(m, &type)) != 0 || + (r = sshbuf_get_u32(m, &rid)) != 0) + fatal("%s: decode: %s", __func__, ssh_err(r)); + if (rid != muxclient_request_id) fatal("%s: out of sequence reply: my id %u theirs %u", __func__, muxclient_request_id, rid); + switch (type) { case MUX_S_OK: break; case MUX_S_REMOTE_PORT: if (cancel_flag) fatal("%s: got MUX_S_REMOTE_PORT for cancel", __func__); - fwd->allocated_port = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &fwd->allocated_port)) != 0) + fatal("%s: decode port: %s", __func__, ssh_err(r)); verbose("Allocated port %u for remote forward to %s:%d", fwd->allocated_port, fwd->connect_host ? fwd->connect_host : "", @@ -1803,20 +1849,22 @@ mux_client_forward(int fd, int cancel_flag, u_int ftype, struct Forward *fwd) fprintf(stdout, "%i\n", fwd->allocated_port); break; case MUX_S_PERMISSION_DENIED: - e = buffer_get_string(&m, NULL); - buffer_free(&m); + if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) + fatal("%s: decode error: %s", __func__, ssh_err(r)); + sshbuf_free(m); error("Master refused forwarding request: %s", e); return -1; case MUX_S_FAILURE: - e = buffer_get_string(&m, NULL); - buffer_free(&m); + if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) + fatal("%s: decode error: %s", __func__, ssh_err(r)); + sshbuf_free(m); error("%s: forwarding request failed: %s", __func__, e); return -1; default: fatal("%s: unexpected response from master 0x%08x", __func__, type); } - buffer_free(&m); + sshbuf_free(m); muxclient_request_id++; return 0; @@ -1850,11 +1898,12 @@ mux_client_forwards(int fd, int cancel_flag) static int mux_client_request_session(int fd) { - Buffer m; - char *e, *term; - u_int i, rid, sid, esid, exitval, type, exitval_seen; + struct sshbuf *m; + char *e; + const char *term; + u_int echar, rid, sid, esid, exitval, type, exitval_seen; extern char **environ; - int devnull, rawmode; + int r, i, devnull, rawmode; debug3("%s: entering", __func__); @@ -1874,31 +1923,41 @@ mux_client_request_session(int fd) close(devnull); } - term = getenv("TERM"); - - buffer_init(&m); - buffer_put_int(&m, MUX_C_NEW_SESSION); - buffer_put_int(&m, muxclient_request_id); - buffer_put_cstring(&m, ""); /* reserved */ - buffer_put_int(&m, tty_flag); - buffer_put_int(&m, options.forward_x11); - buffer_put_int(&m, options.forward_agent); - buffer_put_int(&m, subsystem_flag); - buffer_put_int(&m, options.escape_char == SSH_ESCAPECHAR_NONE ? - 0xffffffff : (u_int)options.escape_char); - buffer_put_cstring(&m, term == NULL ? "" : term); - buffer_put_string(&m, buffer_ptr(&command), buffer_len(&command)); - + if ((term = getenv("TERM")) == NULL) + term = ""; + echar = 0xffffffff; + if (options.escape_char != SSH_ESCAPECHAR_NONE) + echar = (u_int)options.escape_char; + + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); + if ((r = sshbuf_put_u32(m, MUX_C_NEW_SESSION)) != 0 || + (r = sshbuf_put_u32(m, muxclient_request_id)) != 0 || + (r = sshbuf_put_string(m, NULL, 0)) != 0 || /* reserved */ + (r = sshbuf_put_u32(m, tty_flag)) != 0 || + (r = sshbuf_put_u32(m, options.forward_x11)) != 0 || + (r = sshbuf_put_u32(m, options.forward_agent)) != 0 || + (r = sshbuf_put_u32(m, subsystem_flag)) != 0 || + (r = sshbuf_put_u32(m, echar)) != 0 || + (r = sshbuf_put_cstring(m, term)) != 0 || + (r = sshbuf_put_stringb(m, command)) != 0) + fatal("%s: request: %s", __func__, ssh_err(r)); + + /* Pass environment */ if (options.num_send_env > 0 && environ != NULL) { - /* Pass environment */ for (i = 0; environ[i] != NULL; i++) { - if (env_permitted(environ[i])) { - buffer_put_cstring(&m, environ[i]); - } + if (!env_permitted(environ[i])) + continue; + if ((r = sshbuf_put_cstring(m, environ[i])) != 0) + fatal("%s: request: %s", __func__, ssh_err(r)); } } + for (i = 0; i < options.num_setenv; i++) { + if ((r = sshbuf_put_cstring(m, options.setenv[i])) != 0) + fatal("%s: request: %s", __func__, ssh_err(r)); + } - if (mux_client_write_packet(fd, &m) != 0) + if (mux_client_write_packet(fd, m) != 0) fatal("%s: write packet: %s", __func__, strerror(errno)); /* Send the stdio file descriptors */ @@ -1910,35 +1969,40 @@ mux_client_request_session(int fd) debug3("%s: session request sent", __func__); /* Read their reply */ - buffer_clear(&m); - if (mux_client_read_packet(fd, &m) != 0) { + sshbuf_reset(m); + if (mux_client_read_packet(fd, m) != 0) { error("%s: read from master failed: %s", __func__, strerror(errno)); - buffer_free(&m); + sshbuf_free(m); return -1; } - type = buffer_get_int(&m); - if ((rid = buffer_get_int(&m)) != muxclient_request_id) + if ((r = sshbuf_get_u32(m, &type)) != 0 || + (r = sshbuf_get_u32(m, &rid)) != 0) + fatal("%s: decode: %s", __func__, ssh_err(r)); + if (rid != muxclient_request_id) fatal("%s: out of sequence reply: my id %u theirs %u", __func__, muxclient_request_id, rid); + switch (type) { case MUX_S_SESSION_OPENED: - sid = buffer_get_int(&m); - debug("%s: master session id: %u", __func__, sid); + if ((r = sshbuf_get_u32(m, &sid)) != 0) + fatal("%s: decode ID: %s", __func__, ssh_err(r)); break; case MUX_S_PERMISSION_DENIED: - e = buffer_get_string(&m, NULL); - buffer_free(&m); + if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) + fatal("%s: decode error: %s", __func__, ssh_err(r)); error("Master refused session request: %s", e); + sshbuf_free(m); return -1; case MUX_S_FAILURE: - e = buffer_get_string(&m, NULL); - buffer_free(&m); + if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) + fatal("%s: decode error: %s", __func__, ssh_err(r)); error("%s: session request failed: %s", __func__, e); + sshbuf_free(m); return -1; default: - buffer_free(&m); + sshbuf_free(m); error("%s: unexpected response from master 0x%08x", __func__, type); return -1; @@ -1966,13 +2030,17 @@ mux_client_request_session(int fd) * terminate early too (possibly losing data). */ for (exitval = 255, exitval_seen = 0;;) { - buffer_clear(&m); - if (mux_client_read_packet(fd, &m) != 0) + sshbuf_reset(m); + if (mux_client_read_packet(fd, m) != 0) break; - type = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &type)) != 0) + fatal("%s: decode type: %s", __func__, ssh_err(r)); switch (type) { case MUX_S_TTY_ALLOC_FAIL: - if ((esid = buffer_get_int(&m)) != sid) + if ((r = sshbuf_get_u32(m, &esid)) != 0) + fatal("%s: decode ID: %s", + __func__, ssh_err(r)); + if (esid != sid) fatal("%s: tty alloc fail on unknown session: " "my id %u theirs %u", __func__, sid, esid); @@ -1981,17 +2049,24 @@ mux_client_request_session(int fd) rawmode = 0; continue; case MUX_S_EXIT_MESSAGE: - if ((esid = buffer_get_int(&m)) != sid) + if ((r = sshbuf_get_u32(m, &esid)) != 0) + fatal("%s: decode ID: %s", + __func__, ssh_err(r)); + if (esid != sid) fatal("%s: exit on unknown session: " "my id %u theirs %u", __func__, sid, esid); if (exitval_seen) fatal("%s: exitval sent twice", __func__); - exitval = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &exitval)) != 0) + fatal("%s: decode exit value: %s", + __func__, ssh_err(r)); exitval_seen = 1; continue; default: - e = buffer_get_string(&m, NULL); + if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) + fatal("%s: decode error: %s", + __func__, ssh_err(r)); fatal("%s: master returned error: %s", __func__, e); } } @@ -2018,32 +2093,38 @@ mux_client_request_session(int fd) static int mux_client_proxy(int fd) { - Buffer m; + struct sshbuf *m; char *e; u_int type, rid; - - buffer_init(&m); - buffer_put_int(&m, MUX_C_PROXY); - buffer_put_int(&m, muxclient_request_id); - if (mux_client_write_packet(fd, &m) != 0) + int r; + + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); + if ((r = sshbuf_put_u32(m, MUX_C_PROXY)) != 0 || + (r = sshbuf_put_u32(m, muxclient_request_id)) != 0) + fatal("%s: request: %s", __func__, ssh_err(r)); + if (mux_client_write_packet(fd, m) != 0) fatal("%s: write packet: %s", __func__, strerror(errno)); - buffer_clear(&m); + sshbuf_reset(m); /* Read their reply */ - if (mux_client_read_packet(fd, &m) != 0) { - buffer_free(&m); + if (mux_client_read_packet(fd, m) != 0) { + sshbuf_free(m); return 0; } - type = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &type)) != 0 || + (r = sshbuf_get_u32(m, &rid)) != 0) + fatal("%s: decode: %s", __func__, ssh_err(r)); + if (rid != muxclient_request_id) + fatal("%s: out of sequence reply: my id %u theirs %u", + __func__, muxclient_request_id, rid); if (type != MUX_S_PROXY) { - e = buffer_get_string(&m, NULL); + if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) + fatal("%s: decode error: %s", __func__, ssh_err(r)); fatal("%s: master returned error: %s", __func__, e); } - if ((rid = buffer_get_int(&m)) != muxclient_request_id) - fatal("%s: out of sequence reply: my id %u theirs %u", - __func__, muxclient_request_id, rid); - buffer_free(&m); + sshbuf_free(m); debug3("%s: done", __func__); muxclient_request_id++; @@ -2053,10 +2134,10 @@ mux_client_proxy(int fd) static int mux_client_request_stdio_fwd(int fd) { - Buffer m; + struct sshbuf *m; char *e; u_int type, rid, sid; - int devnull; + int r, devnull; debug3("%s: entering", __func__); @@ -2076,14 +2157,16 @@ mux_client_request_stdio_fwd(int fd) close(devnull); } - buffer_init(&m); - buffer_put_int(&m, MUX_C_NEW_STDIO_FWD); - buffer_put_int(&m, muxclient_request_id); - buffer_put_cstring(&m, ""); /* reserved */ - buffer_put_cstring(&m, options.stdio_forward_host); - buffer_put_int(&m, options.stdio_forward_port); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); + if ((r = sshbuf_put_u32(m, MUX_C_NEW_STDIO_FWD)) != 0 || + (r = sshbuf_put_u32(m, muxclient_request_id)) != 0 || + (r = sshbuf_put_string(m, NULL, 0)) != 0 || /* reserved */ + (r = sshbuf_put_cstring(m, options.stdio_forward_host)) != 0 || + (r = sshbuf_put_u32(m, options.stdio_forward_port)) != 0) + fatal("%s: request: %s", __func__, ssh_err(r)); - if (mux_client_write_packet(fd, &m) != 0) + if (mux_client_write_packet(fd, m) != 0) fatal("%s: write packet: %s", __func__, strerror(errno)); /* Send the stdio file descriptors */ @@ -2098,34 +2181,39 @@ mux_client_request_stdio_fwd(int fd) debug3("%s: stdio forward request sent", __func__); /* Read their reply */ - buffer_clear(&m); + sshbuf_reset(m); - if (mux_client_read_packet(fd, &m) != 0) { + if (mux_client_read_packet(fd, m) != 0) { error("%s: read from master failed: %s", __func__, strerror(errno)); - buffer_free(&m); + sshbuf_free(m); return -1; } - type = buffer_get_int(&m); - if ((rid = buffer_get_int(&m)) != muxclient_request_id) + if ((r = sshbuf_get_u32(m, &type)) != 0 || + (r = sshbuf_get_u32(m, &rid)) != 0) + fatal("%s: decode: %s", __func__, ssh_err(r)); + if (rid != muxclient_request_id) fatal("%s: out of sequence reply: my id %u theirs %u", __func__, muxclient_request_id, rid); switch (type) { case MUX_S_SESSION_OPENED: - sid = buffer_get_int(&m); + if ((r = sshbuf_get_u32(m, &sid)) != 0) + fatal("%s: decode ID: %s", __func__, ssh_err(r)); debug("%s: master session id: %u", __func__, sid); break; case MUX_S_PERMISSION_DENIED: - e = buffer_get_string(&m, NULL); - buffer_free(&m); + if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) + fatal("%s: decode error: %s", __func__, ssh_err(r)); + sshbuf_free(m); fatal("Master refused stdio forwarding request: %s", e); case MUX_S_FAILURE: - e = buffer_get_string(&m, NULL); - buffer_free(&m); + if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) + fatal("%s: decode error: %s", __func__, ssh_err(r)); + sshbuf_free(m); fatal("Stdio forwarding request failed: %s", e); default: - buffer_free(&m); + sshbuf_free(m); error("%s: unexpected response from master 0x%08x", __func__, type); return -1; @@ -2140,8 +2228,8 @@ mux_client_request_stdio_fwd(int fd) /* * Stick around until the controlee closes the client_fd. */ - buffer_clear(&m); - if (mux_client_read_packet(fd, &m) != 0) { + sshbuf_reset(m); + if (mux_client_read_packet(fd, m) != 0) { if (errno == EPIPE || (errno == EINTR && muxclient_terminate != 0)) return 0; @@ -2154,44 +2242,52 @@ mux_client_request_stdio_fwd(int fd) static void mux_client_request_stop_listening(int fd) { - Buffer m; + struct sshbuf *m; char *e; u_int type, rid; + int r; debug3("%s: entering", __func__); - buffer_init(&m); - buffer_put_int(&m, MUX_C_STOP_LISTENING); - buffer_put_int(&m, muxclient_request_id); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); + if ((r = sshbuf_put_u32(m, MUX_C_STOP_LISTENING)) != 0 || + (r = sshbuf_put_u32(m, muxclient_request_id)) != 0) + fatal("%s: request: %s", __func__, ssh_err(r)); - if (mux_client_write_packet(fd, &m) != 0) + if (mux_client_write_packet(fd, m) != 0) fatal("%s: write packet: %s", __func__, strerror(errno)); - buffer_clear(&m); + sshbuf_reset(m); /* Read their reply */ - if (mux_client_read_packet(fd, &m) != 0) + if (mux_client_read_packet(fd, m) != 0) fatal("%s: read from master failed: %s", __func__, strerror(errno)); - type = buffer_get_int(&m); - if ((rid = buffer_get_int(&m)) != muxclient_request_id) + if ((r = sshbuf_get_u32(m, &type)) != 0 || + (r = sshbuf_get_u32(m, &rid)) != 0) + fatal("%s: decode: %s", __func__, ssh_err(r)); + if (rid != muxclient_request_id) fatal("%s: out of sequence reply: my id %u theirs %u", __func__, muxclient_request_id, rid); + switch (type) { case MUX_S_OK: break; case MUX_S_PERMISSION_DENIED: - e = buffer_get_string(&m, NULL); + if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) + fatal("%s: decode error: %s", __func__, ssh_err(r)); fatal("Master refused stop listening request: %s", e); case MUX_S_FAILURE: - e = buffer_get_string(&m, NULL); + if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0) + fatal("%s: decode error: %s", __func__, ssh_err(r)); fatal("%s: stop listening request failed: %s", __func__, e); default: fatal("%s: unexpected response from master 0x%08x", __func__, type); } - buffer_free(&m); + sshbuf_free(m); muxclient_request_id++; } diff --git a/myproposal.h b/myproposal.h index c255147aa03..08782dd30db 100644 --- a/myproposal.h +++ b/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.55 2017/05/07 23:13:42 djm Exp $ */ +/* $OpenBSD: myproposal.h,v 1.56 2018/07/03 11:39:54 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -107,6 +107,8 @@ #define KEX_DEFAULT_PK_ALG \ HOSTKEY_ECDSA_CERT_METHODS \ "ssh-ed25519-cert-v01@openssh.com," \ + "rsa-sha2-512-cert-v01@openssh.com," \ + "rsa-sha2-256-cert-v01@openssh.com," \ "ssh-rsa-cert-v01@openssh.com," \ HOSTKEY_ECDSA_METHODS \ "ssh-ed25519," \ diff --git a/opacket.c b/opacket.c index fca48e5f519..e637d7a71b5 100644 --- a/opacket.c +++ b/opacket.c @@ -3,6 +3,8 @@ #include "includes.h" +#include + #include "ssherr.h" #include "packet.h" #include "log.h" diff --git a/opacket.h b/opacket.h index b2c2e7f6a28..f92fe586efb 100644 --- a/opacket.h +++ b/opacket.h @@ -1,4 +1,4 @@ -/* $OpenBSD: opacket.h,v 1.12 2017/10/20 01:56:39 djm Exp $ */ +/* $OpenBSD: opacket.h,v 1.13 2018/07/06 09:03:02 sf Exp $ */ #ifndef _OPACKET_H /* Written by Markus Friedl. Placed in the public domain. */ @@ -59,8 +59,6 @@ void packet_read_expect(int expected_type); ssh_packet_set_protocol_flags(active_state, (protocol_flags)) #define packet_get_protocol_flags() \ ssh_packet_get_protocol_flags(active_state) -#define packet_start_compression(level) \ - ssh_packet_start_compression(active_state, (level)) #define packet_start(type) \ ssh_packet_start(active_state, (type)) #define packet_put_char(value) \ diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 8e3b4299138..2fd9b952bbe 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -68,6 +68,7 @@ COMPAT= arc4random.o \ bsd-cygwin_util.o \ bsd-err.o \ bsd-flock.o \ + bsd-getline.o \ bsd-getpagesize.o \ bsd-getpeereid.o \ bsd-malloc.o \ diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c index b6256b4f883..578f69f4f74 100644 --- a/openbsd-compat/arc4random.c +++ b/openbsd-compat/arc4random.c @@ -33,6 +33,10 @@ #include #include +#ifdef HAVE_SYS_RANDOM_H +# include +#endif + #ifndef HAVE_ARC4RANDOM #ifdef WITH_OPENSSL @@ -78,8 +82,9 @@ _rs_init(u_char *buf, size_t n) } #ifndef WITH_OPENSSL -#define SSH_RANDOM_DEV "/dev/urandom" -/* XXX use getrandom() if supported on Linux */ +# ifndef SSH_RANDOM_DEV +# define SSH_RANDOM_DEV "/dev/urandom" +# endif /* SSH_RANDOM_DEV */ static void getrnd(u_char *s, size_t len) { @@ -87,6 +92,11 @@ getrnd(u_char *s, size_t len) ssize_t r; size_t o = 0; +#ifdef HAVE_GETRANDOM + if ((r = getrandom(s, len, 0)) > 0 && (size_t)r == len) + return; +#endif /* HAVE_GETRANDOM */ + if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1) fatal("Couldn't open %s: %s", SSH_RANDOM_DEV, strerror(errno)); while (o < len) { @@ -101,7 +111,7 @@ getrnd(u_char *s, size_t len) } close(fd); } -#endif +#endif /* WITH_OPENSSL */ static void _rs_stir(void) diff --git a/openbsd-compat/bcrypt_pbkdf.c b/openbsd-compat/bcrypt_pbkdf.c index 0a07f9a0f8f..78523456387 100644 --- a/openbsd-compat/bcrypt_pbkdf.c +++ b/openbsd-compat/bcrypt_pbkdf.c @@ -46,7 +46,7 @@ * function with the following modifications: * 1. The input password and salt are preprocessed with SHA512. * 2. The output length is expanded to 256 bits. - * 3. Subsequently the magic string to be encrypted is lengthened and modifed + * 3. Subsequently the magic string to be encrypted is lengthened and modified * to "OxychromaticBlowfishSwatDynamite" * 4. The hash function is defined to perform 64 rounds of initial state * expansion. (More rounds are performed by iterating the hash.) diff --git a/openbsd-compat/bsd-closefrom.c b/openbsd-compat/bsd-closefrom.c index 9380b33a724..b56476a2d85 100644 --- a/openbsd-compat/bsd-closefrom.c +++ b/openbsd-compat/bsd-closefrom.c @@ -77,7 +77,7 @@ closefrom(int lowfd) /* Check for a /proc/$$/fd directory. */ len = snprintf(fdpath, sizeof(fdpath), "/proc/%ld/fd", (long)getpid()); - if (len > 0 && (size_t)len <= sizeof(fdpath) && (dirp = opendir(fdpath))) { + if (len > 0 && (size_t)len < sizeof(fdpath) && (dirp = opendir(fdpath))) { while ((dent = readdir(dirp)) != NULL) { fd = strtol(dent->d_name, &endp, 10); if (dent->d_name != endp && *endp == '\0' && diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index 398a5f617af..fb49e30f598 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c @@ -36,6 +36,7 @@ #include #include #include +#include #include "xmalloc.h" diff --git a/openbsd-compat/bsd-cygwin_util.h b/openbsd-compat/bsd-cygwin_util.h index 9cef694b9a7..202c055dbae 100644 --- a/openbsd-compat/bsd-cygwin_util.h +++ b/openbsd-compat/bsd-cygwin_util.h @@ -41,7 +41,7 @@ typedef void *HANDLE; #define UNLEN 256 /* Cygwin functions for which declarations are only available when including - windows headers, so we have to define them here explicitely. */ + windows headers, so we have to define them here explicitly. */ extern HANDLE cygwin_logon_user (const struct passwd *, const char *); extern void cygwin_set_impersonation_token (const HANDLE); diff --git a/openbsd-compat/bsd-getline.c b/openbsd-compat/bsd-getline.c new file mode 100644 index 00000000000..d676f4cefa7 --- /dev/null +++ b/openbsd-compat/bsd-getline.c @@ -0,0 +1,113 @@ +/* $NetBSD: getline.c,v 1.1.1.6 2015/01/02 20:34:27 christos Exp $ */ + +/* NetBSD: getline.c,v 1.2 2014/09/16 17:23:50 christos Exp */ + +/*- + * Copyright (c) 2011 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +/* NETBSD ORIGINAL: external/bsd/file/dist/src/getline.c */ + +#include "includes.h" + +#if 0 +#include "file.h" +#endif + +#if !HAVE_GETLINE +#include +#include +#include +#include +#include + +static ssize_t +getdelim(char **buf, size_t *bufsiz, int delimiter, FILE *fp) +{ + char *ptr, *eptr; + + + if (*buf == NULL || *bufsiz == 0) { + if ((*buf = malloc(BUFSIZ)) == NULL) + return -1; + *bufsiz = BUFSIZ; + } + + for (ptr = *buf, eptr = *buf + *bufsiz;;) { + int c = fgetc(fp); + if (c == -1) { + if (feof(fp)) { + ssize_t diff = (ssize_t)(ptr - *buf); + if (diff != 0) { + *ptr = '\0'; + return diff; + } + } + return -1; + } + *ptr++ = c; + if (c == delimiter) { + *ptr = '\0'; + return ptr - *buf; + } + if (ptr + 2 >= eptr) { + char *nbuf; + size_t nbufsiz = *bufsiz * 2; + ssize_t d = ptr - *buf; + if ((nbuf = realloc(*buf, nbufsiz)) == NULL) + return -1; + *buf = nbuf; + *bufsiz = nbufsiz; + eptr = nbuf + nbufsiz; + ptr = nbuf + d; + } + } +} + +ssize_t +getline(char **buf, size_t *bufsiz, FILE *fp) +{ + return getdelim(buf, bufsiz, '\n', fp); +} + +#endif + +#ifdef TEST +int +main(int argc, char *argv[]) +{ + char *p = NULL; + ssize_t len; + size_t n = 0; + + while ((len = getline(&p, &n, stdin)) != -1) + (void)printf("%" SIZE_T_FORMAT "d %s", len, p); + free(p); + return 0; +} +#endif diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index 3daf610711a..b6893e1711f 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -28,6 +28,7 @@ #include #include #include +#include #include #include diff --git a/openbsd-compat/bsd-nextstep.h b/openbsd-compat/bsd-nextstep.h index 610f9e381f3..4a45b15af0e 100644 --- a/openbsd-compat/bsd-nextstep.h +++ b/openbsd-compat/bsd-nextstep.h @@ -36,7 +36,7 @@ /* NeXT's readdir() is BSD (struct direct) not POSIX (struct dirent) */ #define dirent direct -/* Swap out NeXT's BSD wait() for a more POSIX complient one */ +/* Swap out NeXT's BSD wait() for a more POSIX compliant one */ pid_t posix_wait(int *); #define wait(a) posix_wait(a) diff --git a/openbsd-compat/bsd-snprintf.c b/openbsd-compat/bsd-snprintf.c index d95b6a40158..f27b9d808a2 100644 --- a/openbsd-compat/bsd-snprintf.c +++ b/openbsd-compat/bsd-snprintf.c @@ -30,7 +30,7 @@ * probably requires libm on most operating systems. Don't yet * support the exponent (e,E) and sigfig (g,G). Also, fmtint() * was pretty badly broken, it just wasn't being exercised in ways - * which showed it, so that's been fixed. Also, formated the code + * which showed it, so that's been fixed. Also, formatted the code * to mutt conventions, and removed dead code left over from the * original. Also, there is now a builtin-test, just compile with: * gcc -DTEST_SNPRINTF -o snprintf snprintf.c -lm diff --git a/openbsd-compat/bsd-waitpid.h b/openbsd-compat/bsd-waitpid.h index 5ce3ee4b530..b551268ab06 100644 --- a/openbsd-compat/bsd-waitpid.h +++ b/openbsd-compat/bsd-waitpid.h @@ -27,7 +27,7 @@ #define _BSD_WAITPID_H #ifndef HAVE_WAITPID -/* Clean out any potental issues */ +/* Clean out any potential issues */ #undef WIFEXITED #undef WIFSTOPPED #undef WIFSIGNALED diff --git a/openbsd-compat/explicit_bzero.c b/openbsd-compat/explicit_bzero.c index 53a00347272..6ef9825a9ad 100644 --- a/openbsd-compat/explicit_bzero.c +++ b/openbsd-compat/explicit_bzero.c @@ -41,7 +41,7 @@ explicit_bzero(void *p, size_t n) /* * clang -fsanitize=memory needs to intercept memset-like functions * to correctly detect memory initialisation. Make sure one is called - * directly since our indirection trick above sucessfully confuses it. + * directly since our indirection trick above successfully confuses it. */ #if defined(__has_feature) # if __has_feature(memory_sanitizer) diff --git a/openbsd-compat/fmt_scaled.c b/openbsd-compat/fmt_scaled.c index 7c5193e26d9..2f76ef931bb 100644 --- a/openbsd-compat/fmt_scaled.c +++ b/openbsd-compat/fmt_scaled.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fmt_scaled.c,v 1.16 2017/03/16 02:40:46 dtucker Exp $ */ +/* $OpenBSD: fmt_scaled.c,v 1.17 2018/05/14 04:39:04 djm Exp $ */ /* * Copyright (c) 2001, 2002, 2003 Ian F. Darwin. All rights reserved. @@ -188,7 +188,7 @@ scan_scaled(char *scaled, long long *result) /* scale whole part */ whole *= scale_fact; - /* truncate fpart so it does't overflow. + /* truncate fpart so it doesn't overflow. * then scale fractional part. */ while (fpart >= LLONG_MAX / scale_fact) { @@ -246,12 +246,15 @@ fmt_scaled(long long number, char *result) fract = (10 * fract + 512) / 1024; /* if the result would be >= 10, round main number */ - if (fract == 10) { + if (fract >= 10) { if (number >= 0) number++; else number--; fract = 0; + } else if (fract < 0) { + /* shouldn't happen */ + fract = 0; } if (number == 0) diff --git a/openbsd-compat/freezero.c b/openbsd-compat/freezero.c index 90b9d381356..bad018ff032 100644 --- a/openbsd-compat/freezero.c +++ b/openbsd-compat/freezero.c @@ -16,6 +16,7 @@ #include "includes.h" +#include #include #ifndef HAVE_FREEZERO diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index b48fb9342d1..f5c833bf271 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -60,6 +60,10 @@ int bindresvport_sa(int sd, struct sockaddr *sa); void closefrom(int); #endif +#ifndef HAVE_GETLINE +ssize_t getline(char **, size_t *, FILE *); +#endif + #ifndef HAVE_GETPAGESIZE int getpagesize(void); #endif diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 79c86896699..943177c708c 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -27,8 +27,9 @@ #include "includes.h" #include "xmalloc.h" -#include "buffer.h" -#include "key.h" +#include "sshbuf.h" +#include "ssherr.h" +#include "sshkey.h" #include "hostfile.h" #include "auth.h" #include "ssh.h" @@ -176,7 +177,7 @@ sys_auth_passwd(struct ssh *ssh, const char *password) { Authctxt *ctxt = ssh->authctxt; char *authmsg = NULL, *msg = NULL, *name = ctxt->pw->pw_name; - int authsuccess = 0, expired, reenter, result; + int r, authsuccess = 0, expired, reenter, result; do { result = authenticate((char *)name, (char *)password, &reenter, @@ -203,7 +204,10 @@ sys_auth_passwd(struct ssh *ssh, const char *password) */ expired = passwdexpired(name, &msg); if (msg && *msg) { - buffer_append(ctxt->loginmsg, msg, strlen(msg)); + if ((r = sshbuf_put(ctxt->loginmsg, + msg, strlen(msg))) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); aix_remove_embedded_newlines(msg); } debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg); @@ -234,10 +238,10 @@ sys_auth_passwd(struct ssh *ssh, const char *password) * Returns 1 if login is allowed, 0 if not allowed. */ int -sys_auth_allowed_user(struct passwd *pw, Buffer *loginmsg) +sys_auth_allowed_user(struct passwd *pw, struct sshbuf *loginmsg) { char *msg = NULL; - int result, permitted = 0; + int r, result, permitted = 0; struct stat st; /* @@ -260,8 +264,10 @@ sys_auth_allowed_user(struct passwd *pw, Buffer *loginmsg) */ if (result == -1 && errno == EPERM && stat(_PATH_NOLOGIN, &st) == 0) permitted = 1; - else if (msg != NULL) - buffer_append(loginmsg, msg, strlen(msg)); + else if (msg != NULL) { + if ((r = sshbuf_put(loginmsg, msg, strlen(msg))) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + } if (msg == NULL) msg = xstrdup("(none)"); aix_remove_embedded_newlines(msg); @@ -275,7 +281,7 @@ sys_auth_allowed_user(struct passwd *pw, Buffer *loginmsg) int sys_auth_record_login(const char *user, const char *host, const char *ttynm, - Buffer *loginmsg) + struct sshbuf *loginmsg) { char *msg = NULL; int success = 0; diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 9c0a4dd3ea6..748c0e4e310 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -30,7 +30,7 @@ # include #endif -#include "buffer.h" +struct sshbuf; /* These should be in the system headers but are not. */ int usrinfo(int, char *, int); @@ -87,9 +87,10 @@ void aix_usrinfo(struct passwd *); #ifdef WITH_AIXAUTHENTICATE # define CUSTOM_SYS_AUTH_PASSWD 1 # define CUSTOM_SYS_AUTH_ALLOWED_USER 1 -int sys_auth_allowed_user(struct passwd *, Buffer *); +int sys_auth_allowed_user(struct passwd *, struct sshbuf *); # define CUSTOM_SYS_AUTH_RECORD_LOGIN 1 -int sys_auth_record_login(const char *, const char *, const char *, Buffer *); +int sys_auth_record_login(const char *, const char *, + const char *, struct sshbuf *); # define CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG char *sys_auth_get_lastlogin_msg(const char *, uid_t); # define CUSTOM_FAILED_LOGIN 1 diff --git a/openbsd-compat/port-uw.c b/openbsd-compat/port-uw.c index 014cac264b1..9edb1b48115 100644 --- a/openbsd-compat/port-uw.c +++ b/openbsd-compat/port-uw.c @@ -38,8 +38,6 @@ #include "xmalloc.h" #include "packet.h" -#include "buffer.h" -#include "key.h" #include "auth-options.h" #include "log.h" #include "misc.h" /* servconf.h needs misc.h for struct ForwardOptions */ @@ -99,7 +97,7 @@ nischeck(char *namep) if ((fd = fopen (password_file, "r")) == NULL) { /* - * If the passwd file has dissapeared we are in a bad state. + * If the passwd file has disappeared we are in a bad state. * However, returning 0 will send us back through the * authentication scheme that has checked the ia database for * passwords earlier. diff --git a/openbsd-compat/sha2.c b/openbsd-compat/sha2.c index a22099bbe97..b55ea30ac74 100644 --- a/openbsd-compat/sha2.c +++ b/openbsd-compat/sha2.c @@ -72,7 +72,7 @@ * Please make sure that your system defines BYTE_ORDER. If your * architecture is little-endian, make sure it also defines * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are - * equivilent. + * equivalent. * * If your system does not define the above, then you can do so by * hand like this: diff --git a/openbsd-compat/strndup.c b/openbsd-compat/strndup.c index ebb4eccfb81..30ac6f04622 100644 --- a/openbsd-compat/strndup.c +++ b/openbsd-compat/strndup.c @@ -16,7 +16,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include "config.h" +#include "includes.h" #if !defined(HAVE_STRNDUP) || defined(BROKEN_STRNDUP) #include diff --git a/openbsd-compat/strnlen.c b/openbsd-compat/strnlen.c index 8cc6b96b59c..7ad3573a627 100644 --- a/openbsd-compat/strnlen.c +++ b/openbsd-compat/strnlen.c @@ -18,7 +18,7 @@ /* OPENBSD ORIGINAL: lib/libc/string/strnlen.c */ -#include "config.h" +#include "includes.h" #if !defined(HAVE_STRNLEN) || defined(BROKEN_STRNLEN) #include diff --git a/openbsd-compat/sys-queue.h b/openbsd-compat/sys-queue.h index 28aaaa37a8c..af93d681402 100644 --- a/openbsd-compat/sys-queue.h +++ b/openbsd-compat/sys-queue.h @@ -45,6 +45,7 @@ #undef SLIST_HEAD_INITIALIZER #undef SLIST_ENTRY #undef SLIST_FOREACH_PREVPTR +#undef SLIST_FOREACH_SAFE #undef SLIST_FIRST #undef SLIST_END #undef SLIST_EMPTY @@ -54,6 +55,7 @@ #undef SLIST_INSERT_AFTER #undef SLIST_INSERT_HEAD #undef SLIST_REMOVE_HEAD +#undef SLIST_REMOVE_AFTER #undef SLIST_REMOVE #undef SLIST_REMOVE_NEXT #undef LIST_HEAD @@ -64,6 +66,7 @@ #undef LIST_EMPTY #undef LIST_NEXT #undef LIST_FOREACH +#undef LIST_FOREACH_SAFE #undef LIST_INIT #undef LIST_INSERT_AFTER #undef LIST_INSERT_BEFORE @@ -94,6 +97,8 @@ #undef TAILQ_EMPTY #undef TAILQ_FOREACH #undef TAILQ_FOREACH_REVERSE +#undef TAILQ_FOREACH_SAFE +#undef TAILQ_FOREACH_REVERSE_SAFE #undef TAILQ_INIT #undef TAILQ_INSERT_HEAD #undef TAILQ_INSERT_TAIL diff --git a/packet.c b/packet.c index 4bfb507261a..dcf35e6e626 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.269 2017/12/18 23:13:42 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.277 2018/07/16 03:09:13 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -61,10 +61,19 @@ #include #include -#include +/* + * Explicitly include OpenSSL before zlib as some versions of OpenSSL have + * "free_func" in their headers, which zlib typedefs. + */ +#ifdef WITH_OPENSSL +# include +# include +# ifdef OPENSSL_HAS_ECC +# include +# endif +#endif -#include "buffer.h" /* typedefs XXX */ -#include "key.h" /* typedefs XXX */ +#include #include "xmalloc.h" #include "crc32.h" @@ -147,12 +156,6 @@ struct session_state { int compression_in_failures; int compression_out_failures; - /* - * Flag indicating whether packet compression/decompression is - * enabled. - */ - int packet_compression; - /* default maximum packet size */ u_int max_packet_size; @@ -418,13 +421,16 @@ ssh_packet_start_discard(struct ssh *ssh, struct sshenc *enc, int ssh_packet_connection_is_on_socket(struct ssh *ssh) { - struct session_state *state = ssh->state; + struct session_state *state; struct sockaddr_storage from, to; socklen_t fromlen, tolen; - if (state->connection_in == -1 || state->connection_out == -1) + if (ssh == NULL || ssh->state == NULL) return 0; + state = ssh->state; + if (state->connection_in == -1 || state->connection_out == -1) + return 0; /* filedescriptors in and out are the same, so it's a socket */ if (state->connection_in == state->connection_out) return 1; @@ -508,11 +514,12 @@ ssh_packet_get_connection_out(struct ssh *ssh) const char * ssh_remote_ipaddr(struct ssh *ssh) { - const int sock = ssh->state->connection_in; + int sock; /* Check whether we have cached the ipaddr. */ if (ssh->remote_ipaddr == NULL) { if (ssh_packet_connection_is_on_socket(ssh)) { + sock = ssh->state->connection_in; ssh->remote_ipaddr = get_peer_ipaddr(sock); ssh->remote_port = get_peer_port(sock); ssh->local_ipaddr = get_local_ipaddr(sock); @@ -597,7 +604,7 @@ ssh_packet_close_internal(struct ssh *ssh, int do_close) state->newkeys[mode] = NULL; ssh_clear_newkeys(ssh, mode); /* next keys */ } - /* comression state is in shared mem, so we can only release it once */ + /* compression state is in shared mem, so we can only release it once */ if (do_close && state->compression_buffer) { sshbuf_free(state->compression_buffer); if (state->compression_out_started) { @@ -627,6 +634,8 @@ ssh_packet_close_internal(struct ssh *ssh, int do_close) cipher_free(state->receive_context); state->send_context = state->receive_context = NULL; if (do_close) { + free(ssh->local_ipaddr); + ssh->local_ipaddr = NULL; free(ssh->remote_ipaddr); ssh->remote_ipaddr = NULL; free(ssh->state); @@ -713,21 +722,6 @@ start_compression_in(struct ssh *ssh) return 0; } -int -ssh_packet_start_compression(struct ssh *ssh, int level) -{ - int r; - - if (ssh->state->packet_compression) - return SSH_ERR_INTERNAL_ERROR; - ssh->state->packet_compression = 1; - if ((r = ssh_packet_init_compression(ssh)) != 0 || - (r = start_compression_in(ssh)) != 0 || - (r = start_compression_out(ssh, level)) != 0) - return r; - return 0; -} - /* XXX remove need for separate compression buffer */ static int compress_buffer(struct ssh *ssh, struct sshbuf *in, struct sshbuf *out) @@ -965,7 +959,7 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) state->p_read.packets > MAX_PACKETS) return 1; - /* Rekey after (cipher-specific) maxiumum blocks */ + /* Rekey after (cipher-specific) maximum blocks */ out_blocks = ROUNDUP(outbound_packet_len, state->newkeys[MODE_OUT]->enc.block_size); return (state->max_blocks_out && @@ -1338,8 +1332,10 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) NULL, NULL, timeoutp)) >= 0) break; if (errno != EAGAIN && errno != EINTR && - errno != EWOULDBLOCK) - break; + errno != EWOULDBLOCK) { + r = SSH_ERR_SYSTEM_ERROR; + goto out; + } if (state->packet_timeout_ms == -1) continue; ms_subtract_diff(&start, &ms_remain); diff --git a/packet.h b/packet.h index a2ece67863a..170203cabeb 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.84 2017/12/10 05:55:29 dtucker Exp $ */ +/* $OpenBSD: packet.h,v 1.86 2018/07/09 21:20:26 markus Exp $ */ /* * Author: Tatu Ylonen @@ -107,7 +107,6 @@ void ssh_clear_newkeys(struct ssh *, int); int ssh_packet_is_rekeying(struct ssh *); void ssh_packet_set_protocol_flags(struct ssh *, u_int); u_int ssh_packet_get_protocol_flags(struct ssh *); -int ssh_packet_start_compression(struct ssh *, int); void ssh_packet_set_tos(struct ssh *, int); void ssh_packet_set_interactive(struct ssh *, int, int, int); int ssh_packet_is_interactive(struct ssh *); @@ -148,8 +147,8 @@ int ssh_packet_not_very_much_data_to_write(struct ssh *); int ssh_packet_connection_is_on_socket(struct ssh *); int ssh_packet_remaining(struct ssh *); -void tty_make_modes(int, struct termios *); -void tty_parse_modes(int, int *); +void ssh_tty_make_modes(struct ssh *, int, struct termios *); +void ssh_tty_parse_modes(struct ssh *, int); void ssh_packet_set_alive_timeouts(struct ssh *, int); int ssh_packet_inc_alive_timeouts(struct ssh *); diff --git a/platform.c b/platform.c index 18c7751de9a..41acc9370d5 100644 --- a/platform.c +++ b/platform.c @@ -20,10 +20,9 @@ #include #include "log.h" -#include "buffer.h" #include "misc.h" #include "servconf.h" -#include "key.h" +#include "sshkey.h" #include "hostfile.h" #include "auth.h" #include "auth-pam.h" diff --git a/readconf.c b/readconf.c index 88051db5789..db5f2d5476a 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.283 2018/02/23 15:58:37 markus Exp $ */ +/* $OpenBSD: readconf.c,v 1.297 2018/08/12 20:19:13 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -53,6 +53,7 @@ #include "xmalloc.h" #include "ssh.h" +#include "ssherr.h" #include "compat.h" #include "cipher.h" #include "pathnames.h" @@ -161,7 +162,7 @@ typedef enum { oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, oAddressFamily, oGssAuthentication, oGssDelegateCreds, oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, - oSendEnv, oControlPath, oControlMaster, oControlPersist, + oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist, oHashKnownHosts, oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, oRemoteCommand, @@ -190,6 +191,7 @@ static struct { { "userknownhostsfile2", oDeprecated }, { "useroaming", oDeprecated }, { "usersh", oDeprecated }, + { "useprivilegedport", oDeprecated }, /* Unsupported options */ { "afstokenpassing", oUnsupported }, @@ -222,7 +224,6 @@ static struct { { "exitonforwardfailure", oExitOnForwardFailure }, { "xauthlocation", oXAuthLocation }, { "gatewayports", oGatewayPorts }, - { "useprivilegedport", oUsePrivilegedPort }, { "passwordauthentication", oPasswordAuthentication }, { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, { "kbdinteractivedevices", oKbdInteractiveDevices }, @@ -230,7 +231,7 @@ static struct { { "dsaauthentication", oPubkeyAuthentication }, /* alias */ { "hostbasedauthentication", oHostbasedAuthentication }, { "challengeresponseauthentication", oChallengeResponseAuthentication }, - { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */ + { "skeyauthentication", oUnsupported }, { "tisauthentication", oChallengeResponseAuthentication }, /* alias */ { "identityfile", oIdentityFile }, { "identityfile2", oIdentityFile }, /* obsolete */ @@ -277,6 +278,7 @@ static struct { { "serveraliveinterval", oServerAliveInterval }, { "serveralivecountmax", oServerAliveCountMax }, { "sendenv", oSendEnv }, + { "setenv", oSetEnv }, { "controlpath", oControlPath }, { "controlmaster", oControlMaster }, { "controlpersist", oControlPersist }, @@ -319,12 +321,8 @@ void add_local_forward(Options *options, const struct Forward *newfwd) { struct Forward *fwd; - extern uid_t original_real_uid; int i; - if (!bind_permitted(newfwd->listen_port, original_real_uid) && - newfwd->listen_path == NULL) - fatal("Privileged ports can only be forwarded by root."); /* Don't add duplicates */ for (i = 0; i < options->num_local_forwards; i++) { if (forward_equals(newfwd, options->local_forwards + i)) @@ -482,7 +480,6 @@ execute_in_shell(const char *cmd) char *shell; pid_t pid; int devnull, status; - extern uid_t original_real_uid; if ((shell = getenv("SHELL")) == NULL) shell = _PATH_BSHELL; @@ -497,9 +494,6 @@ execute_in_shell(const char *cmd) if ((pid = fork()) == 0) { char *argv[4]; - /* Child. Permanently give up superuser privileges. */ - permanently_drop_suid(original_real_uid); - /* Redirect child stdin and stdout. Leave stderr */ if (dup2(devnull, STDIN_FILENO) == -1) fatal("dup2: %s", strerror(errno)); @@ -551,6 +545,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, const char *ruser; int r, port, this_result, result = 1, attributes = 0, negate; char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; + char uidstr[32]; /* * Configuration is likely to be incomplete at this point so we @@ -631,6 +626,8 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, strlcpy(shorthost, thishost, sizeof(shorthost)); shorthost[strcspn(thishost, ".")] = '\0'; snprintf(portstr, sizeof(portstr), "%d", port); + snprintf(uidstr, sizeof(uidstr), "%llu", + (unsigned long long)pw->pw_uid); cmd = percent_expand(arg, "L", shorthost, @@ -641,6 +638,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, "p", portstr, "r", ruser, "u", pw->pw_name, + "i", uidstr, (char *)NULL); if (result != 1) { /* skip execution if prior predicate failed */ @@ -684,6 +682,35 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, return result; } +/* Remove environment variable by pattern */ +static void +rm_env(Options *options, const char *arg, const char *filename, int linenum) +{ + int i, j; + char *cp; + + /* Remove an environment variable */ + for (i = 0; i < options->num_send_env; ) { + cp = xstrdup(options->send_env[i]); + if (!match_pattern(cp, arg + 1)) { + free(cp); + i++; + continue; + } + debug3("%s line %d: removing environment %s", + filename, linenum, cp); + free(cp); + free(options->send_env[i]); + options->send_env[i] = NULL; + for (j = i; j < options->num_send_env - 1; j++) { + options->send_env[j] = options->send_env[j + 1]; + options->send_env[j + 1] = NULL; + } + options->num_send_env--; + /* NB. don't increment i */ + } +} + /* * Returns the number of the token pointed to by cp or oBadOption. */ @@ -918,10 +945,6 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host, intptr = &options->exit_on_forward_failure; goto parse_flag; - case oUsePrivilegedPort: - intptr = &options->use_privileged_port; - goto parse_flag; - case oPasswordAuthentication: intptr = &options->password_authentication; goto parse_flag; @@ -1359,11 +1382,41 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host, filename, linenum); if (!*activep) continue; - if (options->num_send_env >= MAX_SEND_ENV) - fatal("%s line %d: too many send env.", + if (*arg == '-') { + /* Removing an env var */ + rm_env(options, arg, filename, linenum); + continue; + } else { + /* Adding an env var */ + if (options->num_send_env >= INT_MAX) + fatal("%s line %d: too many send env.", + filename, linenum); + options->send_env = xrecallocarray( + options->send_env, options->num_send_env, + options->num_send_env + 1, + sizeof(*options->send_env)); + options->send_env[options->num_send_env++] = + xstrdup(arg); + } + } + break; + + case oSetEnv: + value = options->num_setenv; + while ((arg = strdelimw(&s)) != NULL && *arg != '\0') { + if (strchr(arg, '=') == NULL) + fatal("%s line %d: Invalid SetEnv.", + filename, linenum); + if (!*activep || value != 0) + continue; + /* Adding a setenv var */ + if (options->num_setenv >= INT_MAX) + fatal("%s line %d: too many SetEnv.", filename, linenum); - options->send_env[options->num_send_env++] = - xstrdup(arg); + options->setenv = xrecallocarray( + options->setenv, options->num_setenv, + options->num_setenv + 1, sizeof(*options->setenv)); + options->setenv[options->num_setenv++] = xstrdup(arg); } break; @@ -1688,7 +1741,8 @@ read_config_file_depth(const char *filename, struct passwd *pw, int flags, int *activep, int depth) { FILE *f; - char line[4096]; + char *line = NULL; + size_t linesize = 0; int linenum; int bad_options = 0; @@ -1715,15 +1769,14 @@ read_config_file_depth(const char *filename, struct passwd *pw, * on/off by Host specifications. */ linenum = 0; - while (fgets(line, sizeof(line), f)) { + while (getline(&line, &linesize, f) != -1) { /* Update line number counter. */ linenum++; - if (strlen(line) == sizeof(line) - 1) - fatal("%s line %d too long", filename, linenum); if (process_config_line_depth(options, pw, host, original_host, line, filename, linenum, activep, flags, depth) != 0) bad_options++; } + free(line); fclose(f); if (bad_options > 0) fatal("%s: terminating, %d bad configuration options", @@ -1761,7 +1814,6 @@ initialize_options(Options * options) options->fwd_opts.gateway_ports = -1; options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; options->fwd_opts.streamlocal_bind_unlink = -1; - options->use_privileged_port = -1; options->pubkey_authentication = -1; options->challenge_response_authentication = -1; options->gss_authentication = -1; @@ -1815,7 +1867,10 @@ initialize_options(Options * options) options->verify_host_key_dns = -1; options->server_alive_interval = -1; options->server_alive_count_max = -1; + options->send_env = NULL; options->num_send_env = 0; + options->setenv = NULL; + options->num_setenv = 0; options->control_path = NULL; options->control_master = -1; options->control_persist = -1; @@ -1869,6 +1924,9 @@ fill_default_options_for_canonicalization(Options *options) void fill_default_options(Options * options) { + char *all_cipher, *all_mac, *all_kex, *all_key; + int r; + if (options->forward_agent == -1) options->forward_agent = 0; if (options->forward_x11 == -1) @@ -1898,8 +1956,6 @@ fill_default_options(Options * options) options->fwd_opts.streamlocal_bind_mask = 0177; if (options->fwd_opts.streamlocal_bind_unlink == -1) options->fwd_opts.streamlocal_bind_unlink = 0; - if (options->use_privileged_port == -1) - options->use_privileged_port = 0; if (options->pubkey_authentication == -1) options->pubkey_authentication = 1; if (options->challenge_response_authentication == -1) @@ -1998,9 +2054,9 @@ fill_default_options(Options * options) if (options->visual_host_key == -1) options->visual_host_key = 0; if (options->ip_qos_interactive == -1) - options->ip_qos_interactive = IPTOS_LOWDELAY; + options->ip_qos_interactive = IPTOS_DSCP_AF21; if (options->ip_qos_bulk == -1) - options->ip_qos_bulk = IPTOS_THROUGHPUT; + options->ip_qos_bulk = IPTOS_DSCP_CS1; if (options->request_tty == -1) options->request_tty = REQUEST_TTY_AUTO; if (options->proxy_use_fdpass == -1) @@ -2015,14 +2071,28 @@ fill_default_options(Options * options) options->fingerprint_hash = SSH_FP_HASH_DEFAULT; if (options->update_hostkeys == -1) options->update_hostkeys = 0; - if (kex_assemble_names(KEX_CLIENT_ENCRYPT, &options->ciphers) != 0 || - kex_assemble_names(KEX_CLIENT_MAC, &options->macs) != 0 || - kex_assemble_names(KEX_CLIENT_KEX, &options->kex_algorithms) != 0 || - kex_assemble_names(KEX_DEFAULT_PK_ALG, - &options->hostbased_key_types) != 0 || - kex_assemble_names(KEX_DEFAULT_PK_ALG, - &options->pubkey_key_types) != 0) - fatal("%s: kex_assemble_names failed", __func__); + + /* Expand KEX name lists */ + all_cipher = cipher_alg_list(',', 0); + all_mac = mac_alg_list(','); + all_kex = kex_alg_list(','); + all_key = sshkey_alg_list(0, 0, 1, ','); +#define ASSEMBLE(what, defaults, all) \ + do { \ + if ((r = kex_assemble_names(&options->what, \ + defaults, all)) != 0) \ + fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \ + } while (0) + ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher); + ASSEMBLE(macs, KEX_SERVER_MAC, all_mac); + ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex); + ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); + ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); +#undef ASSEMBLE + free(all_cipher); + free(all_mac); + free(all_kex); + free(all_key); #define CLEAR_ON_NONE(v) \ do { \ @@ -2036,6 +2106,12 @@ fill_default_options(Options * options) CLEAR_ON_NONE(options->proxy_command); CLEAR_ON_NONE(options->control_path); CLEAR_ON_NONE(options->revoked_host_keys); + if (options->jump_host != NULL && + strcmp(options->jump_host, "none") == 0 && + options->jump_port == 0 && options->jump_user == NULL) { + free(options->jump_host); + options->jump_host = NULL; + } /* options->identity_agent distinguishes NULL from 'none' */ /* options->user will be set in the main program if appropriate */ /* options->hostname will be set in the main program if appropriate */ @@ -2264,6 +2340,8 @@ parse_jump(const char *s, Options *o, int active) orig = sdup = xstrdup(s); first = active; do { + if (strcasecmp(s, "none") == 0) + break; if ((cp = strrchr(sdup, ',')) == NULL) cp = sdup; /* last */ else @@ -2284,14 +2362,19 @@ parse_jump(const char *s, Options *o, int active) } while (cp != sdup); /* success */ if (active) { - o->jump_user = user; - o->jump_host = host; - o->jump_port = port; - o->proxy_command = xstrdup("none"); - user = host = NULL; - if ((cp = strrchr(s, ',')) != NULL && cp != s) { - o->jump_extra = xstrdup(s); - o->jump_extra[cp - s] = '\0'; + if (strcasecmp(s, "none") == 0) { + o->jump_host = xstrdup("none"); + o->jump_port = 0; + } else { + o->jump_user = user; + o->jump_host = host; + o->jump_port = port; + o->proxy_command = xstrdup("none"); + user = host = NULL; + if ((cp = strrchr(s, ',')) != NULL && cp != s) { + o->jump_extra = xstrdup(s); + o->jump_extra[cp - s] = '\0'; + } } } ret = 0; @@ -2348,6 +2431,8 @@ fmt_intarg(OpCodes code, int val) return fmt_multistate_int(val, multistate_requesttty); case oCanonicalizeHostname: return fmt_multistate_int(val, multistate_canonicalizehostname); + case oAddKeysToAgent: + return fmt_multistate_int(val, multistate_yesnoaskconfirm); case oFingerprintHash: return ssh_digest_alg_name(val); default: @@ -2455,11 +2540,14 @@ void dump_client_config(Options *o, const char *host) { int i; - char buf[8]; + char buf[8], *all_key; /* This is normally prepared in ssh_kex2 */ - if (kex_assemble_names(KEX_DEFAULT_PK_ALG, &o->hostkeyalgorithms) != 0) + all_key = sshkey_alg_list(0, 0, 1, ','); + if (kex_assemble_names( &o->hostkeyalgorithms, + KEX_DEFAULT_PK_ALG, all_key) != 0) fatal("%s: kex_assemble_names failed", __func__); + free(all_key); /* Most interesting options first: user, host, port */ dump_cfg_string(oUser, o->user); @@ -2467,6 +2555,7 @@ dump_client_config(Options *o, const char *host) dump_cfg_int(oPort, o->port); /* Flag options */ + dump_cfg_fmtint(oAddKeysToAgent, o->add_keys_to_agent); dump_cfg_fmtint(oAddressFamily, o->address_family); dump_cfg_fmtint(oBatchMode, o->batch_mode); dump_cfg_fmtint(oCanonicalizeFallbackLocal, o->canonicalize_fallback_local); @@ -2501,7 +2590,6 @@ dump_client_config(Options *o, const char *host) dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking); dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive); dump_cfg_fmtint(oTunnel, o->tun_open); - dump_cfg_fmtint(oUsePrivilegedPort, o->use_privileged_port); dump_cfg_fmtint(oVerifyHostKeyDNS, o->verify_host_key_dns); dump_cfg_fmtint(oVisualHostKey, o->visual_host_key); dump_cfg_fmtint(oUpdateHostkeys, o->update_hostkeys); @@ -2523,6 +2611,7 @@ dump_client_config(Options *o, const char *host) dump_cfg_string(oHostKeyAlias, o->host_key_alias); dump_cfg_string(oHostbasedKeyTypes, o->hostbased_key_types); dump_cfg_string(oIdentityAgent, o->identity_agent); + dump_cfg_string(oIgnoreUnknown, o->ignored_unknown); dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX); dump_cfg_string(oLocalCommand, o->local_command); @@ -2545,9 +2634,11 @@ dump_client_config(Options *o, const char *host) /* String array options */ dump_cfg_strarray(oIdentityFile, o->num_identity_files, o->identity_files); dump_cfg_strarray_oneline(oCanonicalDomains, o->num_canonical_domains, o->canonical_domains); + dump_cfg_strarray(oCertificateFile, o->num_certificate_files, o->certificate_files); dump_cfg_strarray_oneline(oGlobalKnownHostsFile, o->num_system_hostfiles, o->system_hostfiles); dump_cfg_strarray_oneline(oUserKnownHostsFile, o->num_user_hostfiles, o->user_hostfiles); dump_cfg_strarray(oSendEnv, o->num_send_env, o->send_env); + dump_cfg_strarray(oSetEnv, o->num_setenv, o->setenv); /* Special cases */ @@ -2605,6 +2696,9 @@ dump_client_config(Options *o, const char *host) printf("streamlocalbindmask 0%o\n", o->fwd_opts.streamlocal_bind_mask); + /* oLogFacility */ + printf("syslogfacility %s\n", log_facility_name(o->log_facility)); + /* oProxyCommand / oProxyJump */ if (o->jump_host == NULL) dump_cfg_string(oProxyCommand, o->proxy_command); diff --git a/readconf.h b/readconf.h index f4d9e2b2657..c56887816d1 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.125 2018/02/23 02:34:33 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.127 2018/07/19 10:28:47 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -18,7 +18,6 @@ /* Data structure for representing option data. */ -#define MAX_SEND_ENV 256 #define SSH_MAX_HOSTS_FILES 32 #define MAX_CANON_DOMAINS 32 #define PATH_MAX_SUN (sizeof((struct sockaddr_un *)0)->sun_path) @@ -36,7 +35,6 @@ typedef struct { int exit_on_forward_failure; /* Exit if bind(2) fails for -L/-R */ char *xauth_location; /* Location for xauth program */ struct ForwardOptions fwd_opts; /* forwarding options */ - int use_privileged_port; /* Don't use privileged port if false. */ int pubkey_authentication; /* Try ssh2 pubkey authentication. */ int hostbased_authentication; /* ssh2's rhosts_rsa */ int challenge_response_authentication; @@ -120,7 +118,9 @@ typedef struct { int server_alive_count_max; int num_send_env; - char *send_env[MAX_SEND_ENV]; + char **send_env; + int num_setenv; + char **setenv; char *control_path; int control_master; diff --git a/readpass.c b/readpass.c index 05c8cac1cc0..f160f866b88 100644 --- a/readpass.c +++ b/readpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.c,v 1.51 2015/12/11 00:20:04 mmcc Exp $ */ +/* $OpenBSD: readpass.c,v 1.52 2018/07/18 11:34:04 dtucker Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -72,7 +72,6 @@ ssh_askpass(char *askpass, const char *msg) return NULL; } if (pid == 0) { - permanently_drop_suid(getuid()); close(p[0]); if (dup2(p[1], STDOUT_FILENO) < 0) fatal("ssh_askpass: dup2: %s", strerror(errno)); diff --git a/regress/Makefile b/regress/Makefile index d15898ad0ba..647b4a049be 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.96 2017/10/24 19:33:32 millert Exp $ +# $OpenBSD: Makefile,v 1.97 2018/06/07 04:46:34 djm Exp $ REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec tests: prep $(REGRESS_TARGETS) @@ -61,6 +61,7 @@ LTESTS= connect \ sshcfgparse \ cfgparse \ cfgmatch \ + cfgmatchlisten \ addrmatch \ localcommand \ forcecommand \ diff --git a/regress/allow-deny-users.sh b/regress/allow-deny-users.sh index 4165111e0da..5c389512247 100644 --- a/regress/allow-deny-users.sh +++ b/regress/allow-deny-users.sh @@ -1,6 +1,6 @@ # Public Domain # Zev Weiss, 2016 -# $OpenBSD: allow-deny-users.sh,v 1.4 2017/10/20 02:13:41 djm Exp $ +# $OpenBSD: allow-deny-users.sh,v 1.5 2018/07/13 02:13:50 djm Exp $ tid="AllowUsers/DenyUsers" @@ -10,6 +10,8 @@ if [ "x$me" = "x" ]; then fi other="nobody" +cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig + test_auth() { deny="$1" @@ -17,17 +19,19 @@ test_auth() should_succeed="$3" failmsg="$4" + cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy + echo DenyUsers="$deny" >> $OBJ/sshd_proxy + echo AllowUsers="$allow" >> $OBJ/sshd_proxy + start_sshd -oDenyUsers="$deny" -oAllowUsers="$allow" - ${SSH} -F $OBJ/ssh_config "$me@somehost" true + ${SSH} -F $OBJ/ssh_proxy "$me@somehost" true status=$? if (test $status -eq 0 && ! $should_succeed) \ || (test $status -ne 0 && $should_succeed); then fail "$failmsg" fi - - stop_sshd } # DenyUsers AllowUsers should_succeed failure_message diff --git a/regress/authinfo.sh b/regress/authinfo.sh index 3caf89478c1..693424afafa 100644 --- a/regress/authinfo.sh +++ b/regress/authinfo.sh @@ -1,4 +1,4 @@ -# $OpenBSD: authinfo.sh,v 1.2 2017/10/25 20:08:36 millert Exp $ +# $OpenBSD: authinfo.sh,v 1.3 2018/04/10 00:13:27 djm Exp $ # Placed in the Public Domain. tid="authinfo" diff --git a/regress/cert-file.sh b/regress/cert-file.sh index 8fd62c7730d..1157a3582e5 100755 --- a/regress/cert-file.sh +++ b/regress/cert-file.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-file.sh,v 1.6 2017/04/30 23:34:55 djm Exp $ +# $OpenBSD: cert-file.sh,v 1.7 2018/04/10 00:14:10 djm Exp $ # Placed in the Public Domain. tid="ssh with certificates" @@ -52,7 +52,7 @@ echo "cert-authority $(cat $OBJ/user_ca_key1.pub)" > $OBJ/authorized_keys_$USER cat $OBJ/ssh_proxy | grep -v IdentityFile > $OBJ/no_identity_config # XXX: verify that certificate used was what we expect. Needs exposure of -# keys via enviornment variable or similar. +# keys via environment variable or similar. # Key with no .pub should work - finding the equivalent *-cert.pub. verbose "identity cert with no plain public file" @@ -138,7 +138,7 @@ fi # try ssh with the agent and certificates opts="-F $OBJ/ssh_proxy" -# with no certificates, shoud fail +# with no certificates, should fail ${SSH} $opts somehost exit 52 if [ $? -eq 52 ]; then fail "ssh connect with agent in succeeded with no cert" diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index 3d5732a5d4f..d2ecd318bea 100755 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-hostkey.sh,v 1.15 2017/04/30 23:34:55 djm Exp $ +# $OpenBSD: cert-hostkey.sh,v 1.16 2018/07/03 11:43:49 djm Exp $ # Placed in the Public Domain. tid="certified host keys" @@ -14,6 +14,13 @@ for i in `$SSH -Q key`; do continue fi case "$i" in + # Special treatment for RSA keys. + *rsa*cert*) + types="rsa-sha2-256-cert-v01@openssh.com,$i,$types" + types="rsa-sha2-512-cert-v01@openssh.com,$types";; + *rsa*) + types="$types,rsa-sha2-512,rsa-sha2-256,$i";; + # Prefer certificate to plain keys. *cert*) types="$i,$types";; *) types="$types,$i";; esac diff --git a/regress/cfgmatchlisten.sh b/regress/cfgmatchlisten.sh new file mode 100644 index 00000000000..a4fd66b3224 --- /dev/null +++ b/regress/cfgmatchlisten.sh @@ -0,0 +1,202 @@ +# $OpenBSD: cfgmatchlisten.sh,v 1.3 2018/07/02 14:13:30 dtucker Exp $ +# Placed in the Public Domain. + +tid="sshd_config matchlisten" + +pidfile=$OBJ/remote_pid +fwdport=3301 +fwdspec="localhost:${fwdport}" +fwd="-R $fwdport:127.0.0.1:$PORT" + +echo "ExitOnForwardFailure=yes" >> $OBJ/ssh_config +echo "ExitOnForwardFailure=yes" >> $OBJ/ssh_proxy + +start_client() +{ + rm -f $pidfile + ${SSH} -vvv $fwd "$@" somehost true >>$TEST_REGRESS_LOGFILE 2>&1 + r=$? + if [ $r -ne 0 ]; then + return $r + fi + ${SSH} -vvv $fwd "$@" somehost \ + exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' \ + >>$TEST_REGRESS_LOGFILE 2>&1 & + client_pid=$! + # Wait for remote end + n=0 + while test ! -f $pidfile ; do + sleep 1 + n=`expr $n + 1` + if test $n -gt 60; then + kill $client_pid + fatal "timeout waiting for background ssh" + fi + done + return $r +} + +expect_client_ok() +{ + start_client "$@" || + fail "client did not start" +} + +expect_client_fail() +{ + local failmsg="$1" + shift + start_client "$@" && + fail $failmsg +} + +stop_client() +{ + pid=`cat $pidfile` + if [ ! -z "$pid" ]; then + kill $pid + fi + wait +} + +cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak +echo "PermitListen 127.0.0.1:1" >>$OBJ/sshd_config +echo "Match Address 127.0.0.1" >>$OBJ/sshd_config +echo "PermitListen 127.0.0.1:2 127.0.0.1:3 $fwdspec" >>$OBJ/sshd_config + +grep -v AuthorizedKeysFile $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy +echo "AuthorizedKeysFile /dev/null" >>$OBJ/sshd_proxy +echo "PermitListen 127.0.0.1:1" >>$OBJ/sshd_proxy +echo "Match user $USER" >>$OBJ/sshd_proxy +echo "AuthorizedKeysFile /dev/null $OBJ/authorized_keys_%u" >>$OBJ/sshd_proxy +echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy +echo "PermitListen 127.0.0.1:2 127.0.0.1:3 $fwdspec" >>$OBJ/sshd_proxy + +start_sshd + +#set -x + +# Test Match + PermitListen in sshd_config. This should be permitted +trace "match permitlisten localhost" +expect_client_ok -F $OBJ/ssh_config +${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \ + fail "match permitlisten permit" +stop_client + +# Same but from different source. This should not be permitted +trace "match permitlisten proxy" +expect_client_fail "match permitlisten deny" \ + -F $OBJ/ssh_proxy + +# Retry previous with key option, should also be denied. +cp /dev/null $OBJ/authorized_keys_$USER +for t in ${SSH_KEYTYPES}; do + printf 'permitlisten="'$fwdspec'" ' >> $OBJ/authorized_keys_$USER + cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER +done +trace "match permitlisten proxy w/key opts" +expect_client_fail "match permitlisten deny w/key opt"\ + -F $OBJ/ssh_proxy + +# Test both sshd_config and key options permitting the same dst/port pair. +# Should be permitted. +trace "match permitlisten localhost" +expect_client_ok -F $OBJ/ssh_config +${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \ + fail "match permitlisten permit" +stop_client + +# Test that a bare port number is accepted in PermitListen +cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy +echo "PermitListen 127.0.0.1:1 $fwdport 127.0.0.2:2" >>$OBJ/sshd_proxy +trace "match permitlisten bare" +expect_client_ok -F $OBJ/ssh_config +${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \ + fail "match permitlisten bare" +stop_client + +# Test that an incorrect bare port number is denied as expected +cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy +echo "PermitListen 1 2 99" >>$OBJ/sshd_proxy +trace "match permitlisten bare" +expect_client_fail -F $OBJ/ssh_config + +cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy +echo "PermitListen 127.0.0.1:1 $fwdspec 127.0.0.2:2" >>$OBJ/sshd_proxy +echo "Match User $USER" >>$OBJ/sshd_proxy +echo "PermitListen 127.0.0.1:1 127.0.0.1:2" >>$OBJ/sshd_proxy + +# Test that a Match overrides a PermitListen in the global section +trace "match permitlisten proxy w/key opts" +expect_client_fail "match override permitlisten" \ + -F $OBJ/ssh_proxy + +cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy +echo "PermitListen 127.0.0.1:1 $fwdspec 127.0.0.2:2" >>$OBJ/sshd_proxy +echo "Match User NoSuchUser" >>$OBJ/sshd_proxy +echo "PermitListen 127.0.0.1:1 127.0.0.1:2" >>$OBJ/sshd_proxy + +# Test that a rule that doesn't match doesn't override, plus test a +# PermitListen entry that's not at the start of the list +trace "nomatch permitlisten proxy w/key opts" +expect_client_ok -F $OBJ/ssh_proxy +${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \ + fail "nomatch override permitlisten" +stop_client + +# bind to 127.0.0.1 instead of default localhost +fwdspec2="127.0.0.1:${fwdport}" +fwd="-R ${fwdspec2}:127.0.0.1:$PORT" + +# first try w/ old fwdspec both in server config and key opts +cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy +echo "PermitListen 127.0.0.1:1 $fwdspec 127.0.0.2:2" >>$OBJ/sshd_proxy +cp /dev/null $OBJ/authorized_keys_$USER +for t in ${SSH_KEYTYPES}; do + printf 'permitlisten="'$fwdspec'" ' >> $OBJ/authorized_keys_$USER + cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER +done +trace "nomatch permitlisten 127.0.0.1 server config and userkey" +expect_client_fail "nomatch 127.0.0.1 server config and userkey" \ + -F $OBJ/ssh_config + +# correct server config, denied by key opts +cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy +echo "PermitListen 127.0.0.1:1 ${fwdspec2} 127.0.0.2:2" >>$OBJ/sshd_proxy +trace "nomatch permitlisten 127.0.0.1 w/key opts" +expect_client_fail "nomatch 127.0.0.1 w/key opts" \ + -F $OBJ/ssh_config + +# fix key opts +cp /dev/null $OBJ/authorized_keys_$USER +for t in ${SSH_KEYTYPES}; do + printf 'permitlisten="'$fwdspec2'" ' >> $OBJ/authorized_keys_$USER + cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER +done +trace "match permitlisten 127.0.0.1 server config w/key opts" +expect_client_ok -F $OBJ/ssh_proxy +${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \ + fail "match 127.0.0.1 server config w/key opts" +stop_client + +# key opts with bare port number +cp /dev/null $OBJ/authorized_keys_$USER +for t in ${SSH_KEYTYPES}; do + printf 'permitlisten="'$fwdport'" ' >> $OBJ/authorized_keys_$USER + cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER +done +trace "match permitlisten 127.0.0.1 server config w/key opts (bare)" +expect_client_ok -F $OBJ/ssh_proxy +${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \ + fail "match 127.0.0.1 server config w/key opts (bare)" +stop_client + +# key opts with incorrect bare port number +cp /dev/null $OBJ/authorized_keys_$USER +for t in ${SSH_KEYTYPES}; do + printf 'permitlisten="99" ' >> $OBJ/authorized_keys_$USER + cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER +done +trace "match permitlisten 127.0.0.1 server config w/key opts (wrong bare)" +expect_client_fail "nomatch 127.0.0.1 w/key opts (wrong bare)" \ + -F $OBJ/ssh_config diff --git a/regress/cfgparse.sh b/regress/cfgparse.sh index ccf511f6b86..a9e5c6b09ee 100755 --- a/regress/cfgparse.sh +++ b/regress/cfgparse.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cfgparse.sh,v 1.6 2016/06/03 03:47:59 dtucker Exp $ +# $OpenBSD: cfgparse.sh,v 1.7 2018/05/11 03:51:06 dtucker Exp $ # Placed in the Public Domain. tid="sshd config parse" @@ -10,8 +10,8 @@ fi # We need to use the keys generated for the regression test because sshd -T # will fail if we're not running with SUDO (no permissions for real keys) or -# if we are # running tests on a system that has never had sshd installed -# (keys won't exist). +# if we are running tests on a system that has never had sshd installed +# because the keys won't exist. grep "HostKey " $OBJ/sshd_config > $OBJ/sshd_config_minimal SSHD_KEYS="`cat $OBJ/sshd_config_minimal`" diff --git a/regress/forward-control.sh b/regress/forward-control.sh index 93d05cf6393..3b1f69a71e5 100755 --- a/regress/forward-control.sh +++ b/regress/forward-control.sh @@ -1,4 +1,4 @@ -# $OpenBSD: forward-control.sh,v 1.5 2018/03/02 02:51:55 djm Exp $ +# $OpenBSD: forward-control.sh,v 1.7 2018/06/07 14:29:43 djm Exp $ # Placed in the Public Domain. tid="sshd control of local and remote forwarding" @@ -67,7 +67,7 @@ check_rfwd() { _message=$2 rm -f $READY ${SSH} -F $OBJ/ssh_proxy \ - -R$RFWD_PORT:127.0.0.1:$PORT \ + -R127.0.0.1:$RFWD_PORT:127.0.0.1:$PORT \ -o ExitOnForwardFailure=yes \ -n host exec sh -c \'"sleep 60 & echo \$! > $READY ; wait "\' \ >/dev/null 2>&1 & @@ -100,8 +100,8 @@ cp ${OBJ}/authorized_keys_${USER} ${OBJ}/authorized_keys_${USER}.bak check_lfwd Y "default configuration" check_rfwd Y "default configuration" -# Usage: all_tests yes|local|remote|no Y|N Y|N Y|N Y|N Y|N Y|N -all_tests() { +# Usage: lperm_tests yes|local|remote|no Y|N Y|N Y|N Y|N Y|N Y|N +lperm_tests() { _tcpfwd=$1 _plain_lfwd=$2 _plain_rfwd=$3 @@ -109,32 +109,39 @@ all_tests() { _nopermit_rfwd=$5 _permit_lfwd=$6 _permit_rfwd=$7 - _badfwd=127.0.0.1:22 + _badfwd1=127.0.0.1:22 + _badfwd2=127.0.0.2:22 _goodfwd=127.0.0.1:${PORT} cp ${OBJ}/authorized_keys_${USER}.bak ${OBJ}/authorized_keys_${USER} _prefix="AllowTcpForwarding=$_tcpfwd" + # No PermitOpen ( cat ${OBJ}/sshd_proxy.bak ; echo "AllowTcpForwarding $_tcpfwd" ) \ > ${OBJ}/sshd_proxy check_lfwd $_plain_lfwd "$_prefix" check_rfwd $_plain_rfwd "$_prefix" + # PermitOpen via sshd_config that doesn't match ( cat ${OBJ}/sshd_proxy.bak ; echo "AllowTcpForwarding $_tcpfwd" ; - echo "PermitOpen $_badfwd" ) \ + echo "PermitOpen $_badfwd1 $_badfwd2" ) \ > ${OBJ}/sshd_proxy check_lfwd $_nopermit_lfwd "$_prefix, !PermitOpen" check_rfwd $_nopermit_rfwd "$_prefix, !PermitOpen" # PermitOpen via sshd_config that does match ( cat ${OBJ}/sshd_proxy.bak ; echo "AllowTcpForwarding $_tcpfwd" ; - echo "PermitOpen $_badfwd $_goodfwd" ) \ + echo "PermitOpen $_badfwd1 $_goodfwd $_badfwd2" ) \ > ${OBJ}/sshd_proxy + check_lfwd $_plain_lfwd "$_prefix, PermitOpen" + check_rfwd $_plain_rfwd "$_prefix, PermitOpen" + + # permitopen keys option. # NB. permitopen via authorized_keys should have same # success/fail as via sshd_config # permitopen via authorized_keys that doesn't match - sed "s/^/permitopen=\"$_badfwd\" /" \ + sed "s/^/permitopen=\"$_badfwd1\",permitopen=\"$_badfwd2\" /" \ < ${OBJ}/authorized_keys_${USER}.bak \ > ${OBJ}/authorized_keys_${USER} || fatal "sed 1 fail" ( cat ${OBJ}/sshd_proxy.bak ; @@ -143,7 +150,7 @@ all_tests() { check_lfwd $_nopermit_lfwd "$_prefix, !permitopen" check_rfwd $_nopermit_rfwd "$_prefix, !permitopen" # permitopen via authorized_keys that does match - sed "s/^/permitopen=\"$_badfwd\",permitopen=\"$_goodfwd\" /" \ + sed "s/^/permitopen=\"$_badfwd1\",permitopen=\"$_goodfwd\" /" \ < ${OBJ}/authorized_keys_${USER}.bak \ > ${OBJ}/authorized_keys_${USER} || fatal "sed 2 fail" ( cat ${OBJ}/sshd_proxy.bak ; @@ -151,6 +158,7 @@ all_tests() { > ${OBJ}/sshd_proxy check_lfwd $_permit_lfwd "$_prefix, permitopen" check_rfwd $_permit_rfwd "$_prefix, permitopen" + # Check port-forwarding flags in authorized_keys. # These two should refuse all. sed "s/^/no-port-forwarding /" \ @@ -180,9 +188,48 @@ all_tests() { check_rfwd $_plain_rfwd "$_prefix, restrict,port-forwarding" } -# no-permitopen mismatch-permitopen match-permitopen -# AllowTcpForwarding local remote local remote local remote -all_tests yes Y Y N Y Y Y -all_tests local Y N N N Y N -all_tests remote N Y N Y N Y -all_tests no N N N N N N +# permit-open none mismatch match +# AllowTcpForwarding local remote local remote local remote +lperm_tests yes Y Y N Y Y Y +lperm_tests local Y N N N Y N +lperm_tests remote N Y N Y N Y +lperm_tests no N N N N N N + +# Usage: rperm_tests yes|local|remote|no Y|N Y|N Y|N Y|N Y|N Y|N +rperm_tests() { + _tcpfwd=$1 + _plain_lfwd=$2 + _plain_rfwd=$3 + _nopermit_lfwd=$4 + _nopermit_rfwd=$5 + _permit_lfwd=$6 + _permit_rfwd=$7 + _badfwd1=127.0.0.1:22 + _badfwd2=127.0.0.2:${RFWD_PORT} + _goodfwd=127.0.0.1:${RFWD_PORT} + cp ${OBJ}/authorized_keys_${USER}.bak ${OBJ}/authorized_keys_${USER} + _prefix="AllowTcpForwarding=$_tcpfwd" + + # PermitListen via sshd_config that doesn't match + ( cat ${OBJ}/sshd_proxy.bak ; + echo "AllowTcpForwarding $_tcpfwd" ; + echo "PermitListen $_badfwd1 $_badfwd2" ) \ + > ${OBJ}/sshd_proxy + check_lfwd $_nopermit_lfwd "$_prefix, !PermitListen" + check_rfwd $_nopermit_rfwd "$_prefix, !PermitListen" + # PermitListen via sshd_config that does match + ( cat ${OBJ}/sshd_proxy.bak ; + echo "AllowTcpForwarding $_tcpfwd" ; + echo "PermitListen $_badfwd1 $_goodfwd $_badfwd2" ) \ + > ${OBJ}/sshd_proxy + check_lfwd $_plain_lfwd "$_prefix, PermitListen" + check_rfwd $_plain_rfwd "$_prefix, PermitListen" +} + +# permit-remote-open none mismatch match +# AllowTcpForwarding local remote local remote local remote +rperm_tests yes Y Y Y N Y Y +rperm_tests local Y N Y N Y N +rperm_tests remote N Y N N N Y +rperm_tests no N N N N N N + diff --git a/regress/forwarding.sh b/regress/forwarding.sh index 39fccba7385..7d0fae11469 100644 --- a/regress/forwarding.sh +++ b/regress/forwarding.sh @@ -10,7 +10,8 @@ start_sshd base=33 last=$PORT fwd="" -CTL=/tmp/openssh.regress.ctl-sock.$$ +make_tmpdir +CTL=${SSH_REGRESS_TMP}/ctl-sock for j in 0 1 2; do for i in 0 1 2; do diff --git a/regress/key-options.sh b/regress/key-options.sh index d680737c168..112c9bd8ec5 100755 --- a/regress/key-options.sh +++ b/regress/key-options.sh @@ -1,4 +1,4 @@ -# $OpenBSD: key-options.sh,v 1.8 2018/03/14 05:35:40 djm Exp $ +# $OpenBSD: key-options.sh,v 1.9 2018/07/03 13:53:26 djm Exp $ # Placed in the Public Domain. tid="key options" @@ -27,6 +27,7 @@ expect_pty_succeed() { rm -f $OBJ/data sed "s/.*/$opts &/" $origkeys >$authkeys verbose "key option pty $which" + config_defined HAVE_OPENPTY || verbose "skipped for no openpty(3)" ${SSH} -ttq -F $OBJ/ssh_proxy somehost "tty > $OBJ/data; exit 0" if [ $? -ne 0 ] ; then fail "key option failed $which" @@ -44,6 +45,7 @@ expect_pty_fail() { rm -f $OBJ/data sed "s/.*/$opts &/" $origkeys >$authkeys verbose "key option pty $which" + config_defined HAVE_OPENPTY || verbose "skipped for no openpty(3)" ${SSH} -ttq -F $OBJ/ssh_proxy somehost "tty > $OBJ/data; exit 0" if [ $? -eq 0 ]; then r=`cat $OBJ/data` @@ -63,6 +65,7 @@ expect_pty_fail "restrict" "restrict" expect_pty_succeed "restrict,pty" "restrict,pty" # Test environment= +# XXX this can fail if ~/.ssh/environment exists for the user running the test echo 'PermitUserEnvironment yes' >> $OBJ/sshd_proxy sed 's/.*/environment="FOO=bar" &/' $origkeys >$authkeys verbose "key option environment" diff --git a/regress/keygen-knownhosts.sh b/regress/keygen-knownhosts.sh index 693cd0e7543..37af34769ec 100755 --- a/regress/keygen-knownhosts.sh +++ b/regress/keygen-knownhosts.sh @@ -1,4 +1,4 @@ -# $OpenBSD: keygen-knownhosts.sh,v 1.3 2015/07/17 03:34:27 djm Exp $ +# $OpenBSD: keygen-knownhosts.sh,v 1.4 2018/06/01 03:52:37 djm Exp $ # Placed in the Public Domain. tid="ssh-keygen known_hosts" @@ -55,13 +55,24 @@ expect_key() { check_find() { _host=$1 _name=$2 - _keygenopt=$3 - ${SSHKEYGEN} $_keygenopt -f $OBJ/kh.invalid -F $_host > $OBJ/kh.result + shift; shift + ${SSHKEYGEN} "$@" -f $OBJ/kh.invalid -F $_host > $OBJ/kh.result if ! diff -w $OBJ/kh.expect $OBJ/kh.result ; then fail "didn't find $_name" fi } +check_find_exit_code() { + _host=$1 + _name=$2 + _keygenopt=$3 + _exp_exit_code=$4 + ${SSHKEYGEN} $_keygenopt -f $OBJ/kh.invalid -F $_host > /dev/null + if [ "$?" != "$_exp_exit_code" ] ; then + fail "Unexpected exit code $_name" + fi +} + # Find key rm -f $OBJ/kh.expect expect_key host-a host-a host-a 2 @@ -88,6 +99,18 @@ rm -f $OBJ/kh.expect expect_key host-h "host-f,host-g,host-h " host-f 17 check_find host-h "find multiple hosts" +# Check exit code, known host +check_find_exit_code host-a "known host" "-q" "0" + +# Check exit code, unknown host +check_find_exit_code host-aa "unknown host" "-q" "1" + +# Check exit code, the hash mode, known host +check_find_exit_code host-a "known host" "-q -H" "0" + +# Check exit code, the hash mode, unknown host +check_find_exit_code host-aa "unknown host" "-q -H" "1" + check_hashed_find() { _host=$1 _name=$2 @@ -110,19 +133,19 @@ check_hashed_find host-a "find simple and hash" rm -f $OBJ/kh.expect expect_key host-c host-c host-c "" CA # CA key output is not hashed. -check_find host-c "find simple and hash" -H +check_find host-c "find simple and hash" -Hq # Find revoked key and hash rm -f $OBJ/kh.expect expect_key host-d host-d host-d "" REVOKED # Revoked key output is not hashed. -check_find host-d "find simple and hash" -H +check_find host-d "find simple and hash" -Hq # find key with wildcard and hash rm -f $OBJ/kh.expect expect_key host-e "host-e*" host-e "" # Key with wildcard hostname should not be hashed. -check_find host-e "find wildcard key" -H +check_find host-e "find wildcard key" -Hq # find key among multiple hosts rm -f $OBJ/kh.expect diff --git a/regress/mkdtemp.c b/regress/mkdtemp.c new file mode 100644 index 00000000000..a7be1bdab4b --- /dev/null +++ b/regress/mkdtemp.c @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2017 Colin Watson + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* Roughly equivalent to "mktemp -d -t TEMPLATE", but portable. */ + +#include "includes.h" + +#include +#include +#include +#include +#include + +#include "log.h" + +static void +usage(void) +{ + fprintf(stderr, "mkdtemp template\n"); + exit(1); +} + +int +main(int argc, char **argv) +{ + const char *base; + const char *tmpdir; + char template[PATH_MAX]; + int r; + char *dir; + + if (argc != 2) + usage(); + base = argv[1]; + + if ((tmpdir = getenv("TMPDIR")) == NULL) + tmpdir = "/tmp"; + r = snprintf(template, sizeof(template), "%s/%s", tmpdir, base); + if (r < 0 || (size_t)r >= sizeof(template)) + fatal("template string too long"); + dir = mkdtemp(template); + if (dir == NULL) { + perror("mkdtemp"); + exit(1); + } + puts(dir); + return 0; +} diff --git a/regress/multiplex.sh b/regress/multiplex.sh index 078a53a889e..a6fad8eb820 100644 --- a/regress/multiplex.sh +++ b/regress/multiplex.sh @@ -1,7 +1,8 @@ # $OpenBSD: multiplex.sh,v 1.28 2017/04/30 23:34:55 djm Exp $ # Placed in the Public Domain. -CTL=/tmp/openssh.regress.ctl-sock.$$ +make_tmpdir +CTL=${SSH_REGRESS_TMP}/ctl-sock tid="connection multiplexing" diff --git a/regress/rekey.sh b/regress/rekey.sh index ae145bc8b92..fd6a02cc7a6 100644 --- a/regress/rekey.sh +++ b/regress/rekey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: rekey.sh,v 1.17 2016/01/29 05:18:15 dtucker Exp $ +# $OpenBSD: rekey.sh,v 1.18 2018/04/10 00:14:10 djm Exp $ # Placed in the Public Domain. tid="rekey" @@ -30,7 +30,7 @@ ssh_data_rekeying() n=`expr $n - 1` trace "$n rekeying(s)" if [ $n -lt 1 ]; then - fail "no rekeying occured ($@)" + fail "no rekeying occurred ($@)" fi } @@ -80,7 +80,7 @@ for s in 5 10; do n=`expr $n - 1` trace "$n rekeying(s)" if [ $n -lt 1 ]; then - fail "no rekeying occured" + fail "no rekeying occurred" fi done @@ -96,7 +96,7 @@ for s in 5 10; do n=`expr $n - 1` trace "$n rekeying(s)" if [ $n -lt 1 ]; then - fail "no rekeying occured" + fail "no rekeying occurred" fi done @@ -115,7 +115,7 @@ for s in 16 1k 128k 256k; do n=`expr $n - 1` trace "$n rekeying(s)" if [ $n -lt 1 ]; then - fail "no rekeying occured" + fail "no rekeying occurred" fi done @@ -132,7 +132,7 @@ for s in 5 10; do n=`expr $n - 1` trace "$n rekeying(s)" if [ $n -lt 1 ]; then - fail "no rekeying occured" + fail "no rekeying occurred" fi done diff --git a/regress/setuid-allowed.c b/regress/setuid-allowed.c index 7a0527fd064..d91d9f194d1 100644 --- a/regress/setuid-allowed.c +++ b/regress/setuid-allowed.c @@ -22,6 +22,7 @@ #ifdef HAVE_SYS_STATVFS_H # include #endif +#include #include #include #include diff --git a/regress/sshcfgparse.sh b/regress/sshcfgparse.sh index 010e028656c..e0ce568d71c 100644 --- a/regress/sshcfgparse.sh +++ b/regress/sshcfgparse.sh @@ -1,8 +1,27 @@ -# $OpenBSD: sshcfgparse.sh,v 1.2 2016/07/14 01:24:21 dtucker Exp $ +# $OpenBSD: sshcfgparse.sh,v 1.4 2018/07/04 13:51:12 djm Exp $ # Placed in the Public Domain. tid="ssh config parse" +expect_result_present() { + _str="$1" ; shift + for _expect in "$@" ; do + echo "$f" | tr ',' '\n' | grep "^$_expect\$" >/dev/null + if test $? -ne 0 ; then + fail "missing expected \"$_expect\" from \"$_str\"" + fi + done +} +expect_result_absent() { + _str="$1" ; shift + for _expect in "$@" ; do + echo "$f" | tr ',' '\n' | grep "^$_expect\$" >/dev/null + if test $? -eq 0 ; then + fail "unexpected \"$_expect\" present in \"$_str\"" + fi + done +} + verbose "reparse minimal config" (${SSH} -G -F $OBJ/ssh_config somehost >$OBJ/ssh_config.1 && ${SSH} -G -F $OBJ/ssh_config.1 somehost >$OBJ/ssh_config.2 && @@ -25,5 +44,46 @@ f=`${SSH} -GF $OBJ/ssh_config -W a:1 -o clearallforwardings=no h | \ awk '/clearallforwardings/{print $2}'` test "$f" = "no" || fail "clearallforwardings override" +verbose "user first match" +user=`awk '$1=="User" {print $2}' $OBJ/ssh_config` +f=`${SSH} -GF $OBJ/ssh_config host | awk '/^user /{print $2}'` +test "$f" = "$user" || fail "user from config, expected '$user' got '$f'" +f=`${SSH} -GF $OBJ/ssh_config -o user=foo -l bar baz@host | awk '/^user /{print $2}'` +test "$f" = "foo" || fail "user first match -oUser, expected 'foo' got '$f' " +f=`${SSH} -GF $OBJ/ssh_config -lbar baz@host user=foo baz@host | awk '/^user /{print $2}'` +test "$f" = "bar" || fail "user first match -l, expected 'bar' got '$f'" +f=`${SSH} -GF $OBJ/ssh_config baz@host -o user=foo -l bar baz@host | awk '/^user /{print $2}'` +test "$f" = "baz" || fail "user first match user@host, expected 'baz' got '$f'" + +verbose "pubkeyacceptedkeytypes" +# Default set +f=`${SSH} -GF none host | awk '/^pubkeyacceptedkeytypes /{print $2}'` +expect_result_present "$f" "ssh-ed25519" "ssh-ed25519-cert-v01.*" +expect_result_absent "$f" "ssh-dss" +# Explicit override +f=`${SSH} -GF none -opubkeyacceptedkeytypes=ssh-ed25519 host | \ + awk '/^pubkeyacceptedkeytypes /{print $2}'` +expect_result_present "$f" "ssh-ed25519" +expect_result_absent "$f" "ssh-ed25519-cert-v01.*" "ssh-dss" +# Removal from default set +f=`${SSH} -GF none -opubkeyacceptedkeytypes=-ssh-ed25519-cert* host | \ + awk '/^pubkeyacceptedkeytypes /{print $2}'` +expect_result_present "$f" "ssh-ed25519" +expect_result_absent "$f" "ssh-ed25519-cert-v01.*" "ssh-dss" +f=`${SSH} -GF none -opubkeyacceptedkeytypes=-ssh-ed25519 host | \ + awk '/^pubkeyacceptedkeytypes /{print $2}'` +expect_result_present "$f" "ssh-ed25519-cert-v01.*" +expect_result_absent "$f" "ssh-ed25519" "ssh-dss" +# Append to default set. +# XXX this will break for !WITH_OPENSSL +f=`${SSH} -GF none -opubkeyacceptedkeytypes=+ssh-dss-cert* host | \ + awk '/^pubkeyacceptedkeytypes /{print $2}'` +expect_result_present "$f" "ssh-ed25519" "ssh-dss-cert-v01.*" +expect_result_absent "$f" "ssh-dss" +f=`${SSH} -GF none -opubkeyacceptedkeytypes=+ssh-dss host | \ + awk '/^pubkeyacceptedkeytypes /{print $2}'` +expect_result_present "$f" "ssh-ed25519" "ssh-ed25519-cert-v01.*" "ssh-dss" +expect_result_absent "$f" "ssh-dss-cert-v01.*" + # cleanup rm -f $OBJ/ssh_config.[012] diff --git a/regress/test-exec.sh b/regress/test-exec.sh index b6169f15703..40d46e3cd4c 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.62 2018/03/16 09:06:31 dtucker Exp $ +# $OpenBSD: test-exec.sh,v 1.64 2018/08/10 01:35:49 dtucker Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -76,6 +76,9 @@ SFTP=sftp SFTPSERVER=/usr/libexec/openssh/sftp-server SCP=scp +# Set by make_tmpdir() on demand (below). +SSH_REGRESS_TMP= + # Interop testing PLINK=plink PUTTYGEN=puttygen @@ -163,9 +166,13 @@ if [ "x$USE_VALGRIND" != "x" ]; then esac if [ x"$VG_SKIP" = "x" ]; then + VG_LEAK="--leak-check=no" + if [ x"$VALGRIND_CHECK_LEAKS" != "x" ]; then + VG_LEAK="--leak-check=full" + fi VG_IGNORE="/bin/*,/sbin/*,/usr/*,/var/*" VG_LOG="$OBJ/valgrind-out/${VG_TEST}." - VG_OPTS="--track-origins=yes --leak-check=full" + VG_OPTS="--track-origins=yes $VG_LEAK" VG_OPTS="$VG_OPTS --trace-children=yes" VG_OPTS="$VG_OPTS --trace-children-skip=${VG_IGNORE}" VG_PATH="valgrind" @@ -318,6 +325,12 @@ stop_sshd () fi } +make_tmpdir () +{ + SSH_REGRESS_TMP="$($OBJ/mkdtemp openssh-XXXXXXXX)" || \ + fatal "failed to create temporary directory" +} + # helper cleanup () { @@ -328,6 +341,9 @@ cleanup () kill $SSH_PID fi fi + if [ "x$SSH_REGRESS_TMP" != "x" ]; then + rm -rf "$SSH_REGRESS_TMP" + fi stop_sshd } @@ -375,7 +391,10 @@ fail () save_debug_log "FAIL: $@" RESULT=1 echo "$@" - + if test "x$TEST_SSH_FAIL_FATAL" != "x" ; then + cleanup + exit $RESULT + fi } fatal () @@ -512,10 +531,13 @@ if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then >> $OBJ/authorized_keys_$USER # Convert rsa2 host key to PuTTY format - ${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/rsa > \ + cp $OBJ/rsa $OBJ/rsa_oldfmt + ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/rsa_oldfmt >/dev/null + ${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/rsa_oldfmt > \ ${OBJ}/.putty/sshhostkeys - ${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/rsa >> \ + ${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/rsa_oldfmt >> \ ${OBJ}/.putty/sshhostkeys + rm -f $OBJ/rsa_oldfmt # Setup proxied session mkdir -p ${OBJ}/.putty/sessions diff --git a/regress/unittests/hostkeys/test_iterate.c b/regress/unittests/hostkeys/test_iterate.c index 751825ddae9..d6963bd2a30 100644 --- a/regress/unittests/hostkeys/test_iterate.c +++ b/regress/unittests/hostkeys/test_iterate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_iterate.c,v 1.5 2017/04/30 23:33:48 djm Exp $ */ +/* $OpenBSD: test_iterate.c,v 1.6 2018/07/16 03:09:59 djm Exp $ */ /* * Regress test for hostfile.h hostkeys_foreach() * @@ -152,6 +152,17 @@ prepare_expected(struct expected *expected, size_t n) } } +static void +cleanup_expected(struct expected *expected, size_t n) +{ + size_t i; + + for (i = 0; i < n; i++) { + sshkey_free(expected[i].l.key); + expected[i].l.key = NULL; + } +} + struct expected expected_full[] = { { NULL, -1, -1, 0, 0, 0, 0, -1, { NULL, /* path, don't care */ @@ -825,6 +836,7 @@ test_iterate(void) prepare_expected(expected_full, ctx.nexpected); ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"), check, &ctx, NULL, NULL, ctx.flags), 0); + cleanup_expected(expected_full, ctx.nexpected); TEST_DONE(); TEST_START("hostkeys_iterate all without key parse"); @@ -835,6 +847,7 @@ test_iterate(void) prepare_expected(expected_full, ctx.nexpected); ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"), check, &ctx, NULL, NULL, ctx.flags), 0); + cleanup_expected(expected_full, ctx.nexpected); TEST_DONE(); TEST_START("hostkeys_iterate specify host 1"); @@ -846,6 +859,7 @@ test_iterate(void) prepare_expected(expected_full, ctx.nexpected); ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"), check, &ctx, "prometheus.example.com", NULL, ctx.flags), 0); + cleanup_expected(expected_full, ctx.nexpected); TEST_DONE(); TEST_START("hostkeys_iterate specify host 2"); @@ -857,6 +871,7 @@ test_iterate(void) prepare_expected(expected_full, ctx.nexpected); ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"), check, &ctx, "sisyphus.example.com", NULL, ctx.flags), 0); + cleanup_expected(expected_full, ctx.nexpected); TEST_DONE(); TEST_START("hostkeys_iterate match host 1"); @@ -868,6 +883,7 @@ test_iterate(void) prepare_expected(expected_full, ctx.nexpected); ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"), check, &ctx, "prometheus.example.com", NULL, ctx.flags), 0); + cleanup_expected(expected_full, ctx.nexpected); TEST_DONE(); TEST_START("hostkeys_iterate match host 2"); @@ -879,6 +895,7 @@ test_iterate(void) prepare_expected(expected_full, ctx.nexpected); ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"), check, &ctx, "sisyphus.example.com", NULL, ctx.flags), 0); + cleanup_expected(expected_full, ctx.nexpected); TEST_DONE(); TEST_START("hostkeys_iterate specify host missing"); @@ -889,6 +906,7 @@ test_iterate(void) prepare_expected(expected_full, ctx.nexpected); ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"), check, &ctx, "actaeon.example.org", NULL, ctx.flags), 0); + cleanup_expected(expected_full, ctx.nexpected); TEST_DONE(); TEST_START("hostkeys_iterate match host missing"); @@ -899,6 +917,7 @@ test_iterate(void) prepare_expected(expected_full, ctx.nexpected); ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"), check, &ctx, "actaeon.example.org", NULL, ctx.flags), 0); + cleanup_expected(expected_full, ctx.nexpected); TEST_DONE(); TEST_START("hostkeys_iterate specify IPv4"); @@ -910,6 +929,7 @@ test_iterate(void) prepare_expected(expected_full, ctx.nexpected); ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"), check, &ctx, "tiresias.example.org", "192.0.2.1", ctx.flags), 0); + cleanup_expected(expected_full, ctx.nexpected); TEST_DONE(); TEST_START("hostkeys_iterate specify IPv6"); @@ -921,6 +941,7 @@ test_iterate(void) prepare_expected(expected_full, ctx.nexpected); ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"), check, &ctx, "tiresias.example.org", "2001:db8::1", ctx.flags), 0); + cleanup_expected(expected_full, ctx.nexpected); TEST_DONE(); TEST_START("hostkeys_iterate match IPv4"); @@ -932,6 +953,7 @@ test_iterate(void) prepare_expected(expected_full, ctx.nexpected); ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"), check, &ctx, "tiresias.example.org", "192.0.2.1", ctx.flags), 0); + cleanup_expected(expected_full, ctx.nexpected); TEST_DONE(); TEST_START("hostkeys_iterate match IPv6"); @@ -943,6 +965,7 @@ test_iterate(void) prepare_expected(expected_full, ctx.nexpected); ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"), check, &ctx, "tiresias.example.org", "2001:db8::1", ctx.flags), 0); + cleanup_expected(expected_full, ctx.nexpected); TEST_DONE(); TEST_START("hostkeys_iterate specify addr missing"); @@ -953,6 +976,7 @@ test_iterate(void) prepare_expected(expected_full, ctx.nexpected); ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"), check, &ctx, "tiresias.example.org", "192.168.0.1", ctx.flags), 0); + cleanup_expected(expected_full, ctx.nexpected); TEST_DONE(); TEST_START("hostkeys_iterate match addr missing"); @@ -963,6 +987,7 @@ test_iterate(void) prepare_expected(expected_full, ctx.nexpected); ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"), check, &ctx, "tiresias.example.org", "::1", ctx.flags), 0); + cleanup_expected(expected_full, ctx.nexpected); TEST_DONE(); TEST_START("hostkeys_iterate specify host 2 and IPv4"); @@ -975,6 +1000,7 @@ test_iterate(void) prepare_expected(expected_full, ctx.nexpected); ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"), check, &ctx, "sisyphus.example.com", "192.0.2.1", ctx.flags), 0); + cleanup_expected(expected_full, ctx.nexpected); TEST_DONE(); TEST_START("hostkeys_iterate match host 1 and IPv6"); @@ -986,7 +1012,9 @@ test_iterate(void) ctx.match_ipv6 = 1; prepare_expected(expected_full, ctx.nexpected); ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"), - check, &ctx, "prometheus.example.com", "2001:db8::1", ctx.flags), 0); + check, &ctx, "prometheus.example.com", + "2001:db8::1", ctx.flags), 0); + cleanup_expected(expected_full, ctx.nexpected); TEST_DONE(); TEST_START("hostkeys_iterate specify host 2 and IPv4 w/ key parse"); @@ -999,6 +1027,7 @@ test_iterate(void) prepare_expected(expected_full, ctx.nexpected); ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"), check, &ctx, "sisyphus.example.com", "192.0.2.1", ctx.flags), 0); + cleanup_expected(expected_full, ctx.nexpected); TEST_DONE(); TEST_START("hostkeys_iterate match host 1 and IPv6 w/ key parse"); @@ -1010,7 +1039,9 @@ test_iterate(void) ctx.match_ipv6 = 1; prepare_expected(expected_full, ctx.nexpected); ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"), - check, &ctx, "prometheus.example.com", "2001:db8::1", ctx.flags), 0); + check, &ctx, "prometheus.example.com", + "2001:db8::1", ctx.flags), 0); + cleanup_expected(expected_full, ctx.nexpected); TEST_DONE(); } diff --git a/regress/unittests/match/tests.c b/regress/unittests/match/tests.c index e1593367bf3..3d9af55f284 100644 --- a/regress/unittests/match/tests.c +++ b/regress/unittests/match/tests.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tests.c,v 1.4 2017/02/03 23:01:42 djm Exp $ */ +/* $OpenBSD: tests.c,v 1.5 2018/07/04 13:51:45 djm Exp $ */ /* * Regress test for matching functions * @@ -105,7 +105,7 @@ tests(void) #define CHECK_FILTER(string,filter,expected) \ do { \ - char *result = match_filter_list((string), (filter)); \ + char *result = match_filter_blacklist((string), (filter)); \ ASSERT_STRING_EQ(result, expected); \ free(result); \ } while (0) diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c index 1aa608f92b0..72367bde77c 100644 --- a/regress/unittests/sshkey/test_sshkey.c +++ b/regress/unittests/sshkey/test_sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_sshkey.c,v 1.13 2017/12/21 00:41:22 djm Exp $ */ +/* $OpenBSD: test_sshkey.c,v 1.14 2018/07/13 02:13:19 djm Exp $ */ /* * Regress test for sshkey.h key management API * @@ -434,10 +434,13 @@ sshkey_tests(void) ASSERT_PTR_NE(k1->cert->principals[1], NULL); ASSERT_PTR_NE(k1->cert->principals[2], NULL); ASSERT_PTR_NE(k1->cert->principals[3], NULL); + k1->cert->nprincipals = 4; k1->cert->valid_after = 0; k1->cert->valid_before = (u_int64_t)-1; + sshbuf_free(k1->cert->critical); k1->cert->critical = sshbuf_new(); ASSERT_PTR_NE(k1->cert->critical, NULL); + sshbuf_free(k1->cert->extensions); k1->cert->extensions = sshbuf_new(); ASSERT_PTR_NE(k1->cert->extensions, NULL); put_opt(k1->cert->critical, "force-command", "/usr/bin/true"); diff --git a/regress/valgrind-unit.sh b/regress/valgrind-unit.sh index 433cb069a75..4143ead4b62 100755 --- a/regress/valgrind-unit.sh +++ b/regress/valgrind-unit.sh @@ -7,10 +7,12 @@ UNIT_ARGS="$@" test "x$OBJ" = "x" && OBJ=$PWD # This mostly replicates the logic in test-exec.sh for running the -# regress tests under valgrind. +# regress tests under valgrind, except that we unconditionally enable +# leak checking because the unit tests should be clean. +VG_LEAK="--leak-check=full" VG_TEST=`basename $UNIT_BINARY` VG_LOG="$OBJ/valgrind-out/${VG_TEST}.%p" -VG_OPTS="--track-origins=yes --leak-check=full --log-file=${VG_LOG}" +VG_OPTS="--track-origins=yes $VG_LEAK --log-file=${VG_LOG}" VG_OPTS="$VG_OPTS --trace-children=yes" VG_PATH="valgrind" if [ "x$VALGRIND_PATH" != "x" ]; then diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index ca75cc719b1..12c4ee1301a 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c @@ -166,6 +166,12 @@ static const struct sock_filter preauth_insns[] = { #ifdef __NR_exit_group SC_ALLOW(__NR_exit_group), #endif +#ifdef __NR_geteuid + SC_ALLOW(__NR_geteuid), +#endif +#ifdef __NR_geteuid32 + SC_ALLOW(__NR_geteuid32), +#endif #ifdef __NR_getpgid SC_ALLOW(__NR_getpgid), #endif @@ -178,6 +184,12 @@ static const struct sock_filter preauth_insns[] = { #ifdef __NR_gettimeofday SC_ALLOW(__NR_gettimeofday), #endif +#ifdef __NR_getuid + SC_ALLOW(__NR_getuid), +#endif +#ifdef __NR_getuid32 + SC_ALLOW(__NR_getuid32), +#endif #ifdef __NR_madvise SC_ALLOW(__NR_madvise), #endif @@ -193,6 +205,9 @@ static const struct sock_filter preauth_insns[] = { #ifdef __NR_munmap SC_ALLOW(__NR_munmap), #endif +#ifdef __NR_nanosleep + SC_ALLOW(__NR_nanosleep), +#endif #ifdef __NR__newselect SC_ALLOW(__NR__newselect), #endif diff --git a/sandbox-systrace.c b/sandbox-systrace.c index b4d8d04cae3..add4c46d071 100644 --- a/sandbox-systrace.c +++ b/sandbox-systrace.c @@ -59,6 +59,7 @@ static const struct sandbox_policy preauth_policy[] = { { SYS_getpgid, SYSTR_POLICY_PERMIT }, { SYS_clock_gettime, SYSTR_POLICY_PERMIT }, { SYS_gettimeofday, SYSTR_POLICY_PERMIT }, + { SYS_nanosleep, SYSTR_POLICY_PERMIT }, { SYS_sigprocmask, SYSTR_POLICY_PERMIT }, #ifdef SYS_getentropy diff --git a/scp.0 b/scp.0 index 0089ed80f99..11516924bc9 100644 --- a/scp.0 +++ b/scp.0 @@ -114,10 +114,10 @@ DESCRIPTION SendEnv ServerAliveInterval ServerAliveCountMax + SetEnv StrictHostKeyChecking TCPKeepAlive UpdateHostKeys - UsePrivilegedPort User UserKnownHostsFile VerifyHostKeyDNS @@ -159,4 +159,4 @@ AUTHORS Timo Rinne Tatu Ylonen -OpenBSD 6.2 February 23, 2018 OpenBSD 6.2 +OpenBSD 6.4 July 19, 2018 OpenBSD 6.4 diff --git a/scp.1 b/scp.1 index 8d251e34a83..92abcaf075a 100644 --- a/scp.1 +++ b/scp.1 @@ -8,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.77 2018/02/23 07:38:09 jmc Exp $ +.\" $OpenBSD: scp.1,v 1.80 2018/07/19 10:28:47 dtucker Exp $ .\" -.Dd $Mdocdate: February 23 2018 $ +.Dd $Mdocdate: July 19 2018 $ .Dt SCP 1 .Os .Sh NAME @@ -173,10 +173,10 @@ For full details of the options listed below, and their possible values, see .It SendEnv .It ServerAliveInterval .It ServerAliveCountMax +.It SetEnv .It StrictHostKeyChecking .It TCPKeepAlive .It UpdateHostKeys -.It UsePrivilegedPort .It User .It UserKnownHostsFile .It VerifyHostKeyDNS diff --git a/scp.c b/scp.c index 31e6709fbca..60682c68769 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.195 2018/02/10 06:15:12 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.197 2018/06/01 04:31:48 dtucker Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -311,7 +311,7 @@ do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout) } /* - * This functions executes a command simlar to do_cmd(), but expects the + * This function executes a command similar to do_cmd(), but expects the * input and output descriptors to be setup by a previous call to do_cmd(). * This way the input and output of two commands can be connected. */ @@ -1092,6 +1092,8 @@ sink(int argc, char **argv) SCREWUP("bad mode"); mode = (mode << 3) | (*cp - '0'); } + if (!pflag) + mode &= ~mask; if (*cp++ != ' ') SCREWUP("mode not delimited"); diff --git a/servconf.c b/servconf.c index 0f0d090686b..c0f6af0bee9 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.326 2018/03/01 20:32:16 markus Exp $ */ +/* $OpenBSD: servconf.c,v 1.340 2018/08/12 20:19:13 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -45,13 +45,13 @@ #include "xmalloc.h" #include "ssh.h" #include "log.h" -#include "buffer.h" +#include "sshbuf.h" #include "misc.h" #include "servconf.h" #include "compat.h" #include "pathnames.h" #include "cipher.h" -#include "key.h" +#include "sshkey.h" #include "kex.h" #include "mac.h" #include "match.h" @@ -59,6 +59,7 @@ #include "groupaccess.h" #include "canohost.h" #include "packet.h" +#include "ssherr.h" #include "hostfile.h" #include "auth.h" #include "myproposal.h" @@ -71,7 +72,7 @@ static void add_one_listen_addr(ServerOptions *, const char *, /* Use of privilege separation or not */ extern int use_privsep; -extern Buffer cfg; +extern struct sshbuf *cfg; /* Initializes the server options to their default values. */ @@ -130,6 +131,7 @@ initialize_server_options(ServerOptions *options) options->challenge_response_authentication = -1; options->permit_empty_passwd = -1; options->permit_user_env = -1; + options->permit_user_env_whitelist = NULL; options->compression = -1; options->rekey_limit = -1; options->rekey_interval = -1; @@ -158,8 +160,10 @@ initialize_server_options(ServerOptions *options) options->client_alive_count_max = -1; options->num_authkeys_files = 0; options->num_accept_env = 0; + options->num_setenv = 0; options->permit_tun = -1; options->permitted_opens = NULL; + options->permitted_listens = NULL; options->adm_forced_command = NULL; options->chroot_directory = NULL; options->authorized_keys_command = NULL; @@ -187,15 +191,29 @@ option_clear_or_none(const char *o) static void assemble_algorithms(ServerOptions *o) { - if (kex_assemble_names(KEX_SERVER_ENCRYPT, &o->ciphers) != 0 || - kex_assemble_names(KEX_SERVER_MAC, &o->macs) != 0 || - kex_assemble_names(KEX_SERVER_KEX, &o->kex_algorithms) != 0 || - kex_assemble_names(KEX_DEFAULT_PK_ALG, - &o->hostkeyalgorithms) != 0 || - kex_assemble_names(KEX_DEFAULT_PK_ALG, - &o->hostbased_key_types) != 0 || - kex_assemble_names(KEX_DEFAULT_PK_ALG, &o->pubkey_key_types) != 0) - fatal("kex_assemble_names failed"); + char *all_cipher, *all_mac, *all_kex, *all_key; + int r; + + all_cipher = cipher_alg_list(',', 0); + all_mac = mac_alg_list(','); + all_kex = kex_alg_list(','); + all_key = sshkey_alg_list(0, 0, 1, ','); +#define ASSEMBLE(what, defaults, all) \ + do { \ + if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \ + fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \ + } while (0) + ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher); + ASSEMBLE(macs, KEX_SERVER_MAC, all_mac); + ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex); + ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key); + ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key); + ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key); +#undef ASSEMBLE + free(all_cipher); + free(all_mac); + free(all_kex); + free(all_key); } static void @@ -327,8 +345,10 @@ fill_default_server_options(ServerOptions *options) options->challenge_response_authentication = 1; if (options->permit_empty_passwd == -1) options->permit_empty_passwd = 0; - if (options->permit_user_env == -1) + if (options->permit_user_env == -1) { options->permit_user_env = 0; + options->permit_user_env_whitelist = NULL; + } if (options->compression == -1) options->compression = COMP_DELAYED; if (options->rekey_limit == -1) @@ -372,9 +392,9 @@ fill_default_server_options(ServerOptions *options) if (options->permit_tun == -1) options->permit_tun = SSH_TUNMODE_NO; if (options->ip_qos_interactive == -1) - options->ip_qos_interactive = IPTOS_LOWDELAY; + options->ip_qos_interactive = IPTOS_DSCP_AF21; if (options->ip_qos_bulk == -1) - options->ip_qos_bulk = IPTOS_THROUGHPUT; + options->ip_qos_bulk = IPTOS_DSCP_CS1; if (options->version_addendum == NULL) options->version_addendum = xstrdup(""); if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) @@ -461,8 +481,8 @@ typedef enum { sHostKeyAlgorithms, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, - sAcceptEnv, sPermitTunnel, - sMatch, sPermitOpen, sForceCommand, sChrootDirectory, + sAcceptEnv, sSetEnv, sPermitTunnel, + sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory, sUsePrivilegeSeparation, sAllowAgentForwarding, sHostCertificate, sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, @@ -544,7 +564,7 @@ static struct { { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, - { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ + { "skeyauthentication", sDeprecated, SSHCFG_GLOBAL }, { "checkmail", sDeprecated, SSHCFG_GLOBAL }, { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, @@ -592,11 +612,13 @@ static struct { { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL}, { "acceptenv", sAcceptEnv, SSHCFG_ALL }, + { "setenv", sSetEnv, SSHCFG_ALL }, { "permittunnel", sPermitTunnel, SSHCFG_ALL }, { "permittty", sPermitTTY, SSHCFG_ALL }, { "permituserrc", sPermitUserRC, SSHCFG_ALL }, { "match", sMatch, SSHCFG_ALL }, { "permitopen", sPermitOpen, SSHCFG_ALL }, + { "permitlisten", sPermitListen, SSHCFG_ALL }, { "forcecommand", sForceCommand, SSHCFG_ALL }, { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, @@ -632,6 +654,20 @@ static struct { { -1, NULL } }; +/* Returns an opcode name from its number */ + +static const char * +lookup_opcode_name(ServerOpCodes code) +{ + u_int i; + + for (i = 0; keywords[i].name != NULL; i++) + if (keywords[i].opcode == code) + return(keywords[i].name); + return "UNKNOWN"; +} + + /* * Returns the number of the token pointed to by cp or sBadOption. */ @@ -814,43 +850,59 @@ process_queued_listen_addrs(ServerOptions *options) } /* - * Inform channels layer of permitopen options from configuration. + * Inform channels layer of permitopen options for a single forwarding + * direction (local/remote). */ -void -process_permitopen(struct ssh *ssh, ServerOptions *options) +static void +process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode, + char **opens, u_int num_opens) { u_int i; int port; char *host, *arg, *oarg; + int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE; + const char *what = lookup_opcode_name(opcode); - channel_clear_adm_permitted_opens(ssh); - if (options->num_permitted_opens == 0) + channel_clear_permission(ssh, FORWARD_ADM, where); + if (num_opens == 0) return; /* permit any */ /* handle keywords: "any" / "none" */ - if (options->num_permitted_opens == 1 && - strcmp(options->permitted_opens[0], "any") == 0) + if (num_opens == 1 && strcmp(opens[0], "any") == 0) return; - if (options->num_permitted_opens == 1 && - strcmp(options->permitted_opens[0], "none") == 0) { - channel_disable_adm_local_opens(ssh); + if (num_opens == 1 && strcmp(opens[0], "none") == 0) { + channel_disable_admin(ssh, where); return; } /* Otherwise treat it as a list of permitted host:port */ - for (i = 0; i < options->num_permitted_opens; i++) { - oarg = arg = xstrdup(options->permitted_opens[i]); + for (i = 0; i < num_opens; i++) { + oarg = arg = xstrdup(opens[i]); host = hpdelim(&arg); if (host == NULL) - fatal("%s: missing host in PermitOpen", __func__); + fatal("%s: missing host in %s", __func__, what); host = cleanhostname(host); if (arg == NULL || ((port = permitopen_port(arg)) < 0)) - fatal("%s: bad port number in PermitOpen", __func__); + fatal("%s: bad port number in %s", __func__, what); /* Send it to channels layer */ - channel_add_adm_permitted_opens(ssh, host, port); + channel_add_permission(ssh, FORWARD_ADM, + where, host, port); free(oarg); } } +/* + * Inform channels layer of permitopen options from configuration. + */ +void +process_permitopen(struct ssh *ssh, ServerOptions *options) +{ + process_permitopen_list(ssh, sPermitOpen, + options->permitted_opens, options->num_permitted_opens); + process_permitopen_list(ssh, sPermitListen, + options->permitted_listens, + options->num_permitted_listens); +} + struct connection_info * get_connection_info(int populate, int use_dns) { @@ -1144,12 +1196,12 @@ process_server_config_line(ServerOptions *options, char *line, const char *filename, int linenum, int *activep, struct connection_info *connectinfo) { - char *cp, **charptr, *arg, *arg2, *p; + char *cp, ***chararrayptr, **charptr, *arg, *arg2, *p; int cmdline = 0, *intptr, value, value2, n, port; SyslogFacility *log_facility_ptr; LogLevel *log_level_ptr; ServerOpCodes opcode; - u_int i, flags = 0; + u_int i, *uintptr, uvalue, flags = 0; size_t len; long long val64; const struct multistate *multistate_ptr; @@ -1480,7 +1532,29 @@ process_server_config_line(ServerOptions *options, char *line, case sPermitUserEnvironment: intptr = &options->permit_user_env; - goto parse_flag; + charptr = &options->permit_user_env_whitelist; + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: missing argument.", + filename, linenum); + value = 0; + p = NULL; + if (strcmp(arg, "yes") == 0) + value = 1; + else if (strcmp(arg, "no") == 0) + value = 0; + else { + /* Pattern-list specified */ + value = 1; + p = xstrdup(arg); + } + if (*activep && *intptr == -1) { + *intptr = value; + *charptr = p; + p = NULL; + } + free(p); + break; case sCompression: intptr = &options->compression; @@ -1769,6 +1843,19 @@ process_server_config_line(ServerOptions *options, char *line, } break; + case sSetEnv: + uvalue = options->num_setenv; + while ((arg = strdelimw(&cp)) && *arg != '\0') { + if (strchr(arg, '=') == NULL) + fatal("%s line %d: Invalid environment.", + filename, linenum); + if (!*activep || uvalue != 0) + continue; + array_append(filename, linenum, "SetEnv", + &options->setenv, &options->num_setenv, arg); + } + break; + case sPermitTunnel: intptr = &options->permit_tun; arg = strdelim(&cp); @@ -1799,36 +1886,57 @@ process_server_config_line(ServerOptions *options, char *line, *activep = value; break; + case sPermitListen: case sPermitOpen: + if (opcode == sPermitListen) { + uintptr = &options->num_permitted_listens; + chararrayptr = &options->permitted_listens; + } else { + uintptr = &options->num_permitted_opens; + chararrayptr = &options->permitted_opens; + } arg = strdelim(&cp); if (!arg || *arg == '\0') - fatal("%s line %d: missing PermitOpen specification", - filename, linenum); - value = options->num_permitted_opens; /* modified later */ + fatal("%s line %d: missing %s specification", + filename, linenum, lookup_opcode_name(opcode)); + uvalue = *uintptr; /* modified later */ if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) { - if (*activep && value == 0) { - options->num_permitted_opens = 1; - options->permitted_opens = xcalloc(1, - sizeof(*options->permitted_opens)); - options->permitted_opens[0] = xstrdup(arg); + if (*activep && uvalue == 0) { + *uintptr = 1; + *chararrayptr = xcalloc(1, + sizeof(**chararrayptr)); + (*chararrayptr)[0] = xstrdup(arg); } break; } for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { - arg2 = xstrdup(arg); - p = hpdelim(&arg); - if (p == NULL) - fatal("%s line %d: missing host in PermitOpen", - filename, linenum); - p = cleanhostname(p); - if (arg == NULL || ((port = permitopen_port(arg)) < 0)) - fatal("%s line %d: bad port number in " - "PermitOpen", filename, linenum); - if (*activep && value == 0) { + if (opcode == sPermitListen && + strchr(arg, ':') == NULL) { + /* + * Allow bare port number for PermitListen + * to indicate a wildcard listen host. + */ + xasprintf(&arg2, "*:%s", arg); + } else { + arg2 = xstrdup(arg); + p = hpdelim(&arg); + if (p == NULL) { + fatal("%s line %d: missing host in %s", + filename, linenum, + lookup_opcode_name(opcode)); + } + p = cleanhostname(p); + } + if (arg == NULL || + ((port = permitopen_port(arg)) < 0)) { + fatal("%s line %d: bad port number in %s", + filename, linenum, + lookup_opcode_name(opcode)); + } + if (*activep && uvalue == 0) { array_append(filename, linenum, - "PermitOpen", - &options->permitted_opens, - &options->num_permitted_opens, arg2); + lookup_opcode_name(opcode), + chararrayptr, uintptr, arg2); } free(arg2); } @@ -1951,7 +2059,7 @@ process_server_config_line(ServerOptions *options, char *line, case sAuthenticationMethods: if (options->num_auth_methods == 0) { value = 0; /* seen "any" pseudo-method */ - value2 = 0; /* sucessfully parsed any method */ + value2 = 0; /* successfully parsed any method */ while ((arg = strdelim(&cp)) && *arg != '\0') { if (strcmp(arg, "any") == 0) { if (options->num_auth_methods > 0) { @@ -2056,22 +2164,21 @@ process_server_config_line(ServerOptions *options, char *line, /* Reads the server configuration file. */ void -load_server_config(const char *filename, Buffer *conf) +load_server_config(const char *filename, struct sshbuf *conf) { - char line[4096], *cp; + char *line = NULL, *cp; + size_t linesize = 0; FILE *f; - int lineno = 0; + int r, lineno = 0; debug2("%s: filename %s", __func__, filename); if ((f = fopen(filename, "r")) == NULL) { perror(filename); exit(1); } - buffer_clear(conf); - while (fgets(line, sizeof(line), f)) { + sshbuf_reset(conf); + while (getline(&line, &linesize, f) != -1) { lineno++; - if (strlen(line) == sizeof(line) - 1) - fatal("%s line %d too long", filename, lineno); /* * Trim out comments and strip whitespace * NB - preserve newlines, they are needed to reproduce @@ -2080,12 +2187,14 @@ load_server_config(const char *filename, Buffer *conf) if ((cp = strchr(line, '#')) != NULL) memcpy(cp, "\n", 2); cp = line + strspn(line, " \t\r"); - - buffer_append(conf, cp, strlen(cp)); + if ((r = sshbuf_put(conf, cp, strlen(cp))) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } - buffer_append(conf, "\0", 1); + free(line); + if ((r = sshbuf_put_u8(conf, 0)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); fclose(f); - debug2("%s: done config len = %d", __func__, buffer_len(conf)); + debug2("%s: done config len = %zu", __func__, sshbuf_len(conf)); } void @@ -2095,7 +2204,7 @@ parse_server_match_config(ServerOptions *options, ServerOptions mo; initialize_server_options(&mo); - parse_server_config(&mo, "reprocess config", &cfg, connectinfo); + parse_server_config(&mo, "reprocess config", cfg, connectinfo); copy_set_server_options(options, &mo, 0); } @@ -2135,7 +2244,7 @@ int parse_server_match_testspec(struct connection_info *ci, char *spec) * * If the preauth flag is set, we do not bother copying the string or * array values that are not used pre-authentication, because any that we - * do use must be explictly sent in mm_getpwnamallow(). + * do use must be explicitly sent in mm_getpwnamallow(). */ void copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) @@ -2239,13 +2348,13 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) #undef M_CP_STRARRAYOPT void -parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, - struct connection_info *connectinfo) +parse_server_config(ServerOptions *options, const char *filename, + struct sshbuf *conf, struct connection_info *connectinfo) { int active, linenum, bad_options = 0; char *cp, *obuf, *cbuf; - debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); + debug2("%s: config %s len %zu", __func__, filename, sshbuf_len(conf)); if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) fatal("%s: sshbuf_dup_string failed", __func__); @@ -2307,17 +2416,6 @@ fmt_intarg(ServerOpCodes code, int val) } } -static const char * -lookup_opcode_name(ServerOpCodes code) -{ - u_int i; - - for (i = 0; keywords[i].name != NULL; i++) - if (keywords[i].opcode == code) - return(keywords[i].name); - return "UNKNOWN"; -} - static void dump_cfg_int(ServerOpCodes code, int val) { @@ -2471,7 +2569,6 @@ dump_config(ServerOptions *o) dump_cfg_fmtint(sStrictModes, o->strict_modes); dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); - dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); dump_cfg_fmtint(sCompression, o->compression); dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); dump_cfg_fmtint(sUseDNS, o->use_dns); @@ -2528,6 +2625,7 @@ dump_config(ServerOptions *o) dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups); dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups); dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env); + dump_cfg_strarray(sSetEnv, o->num_setenv, o->setenv); dump_cfg_strarray_oneline(sAuthenticationMethods, o->num_auth_methods, o->auth_methods); @@ -2562,4 +2660,20 @@ dump_config(ServerOptions *o) printf(" %s", o->permitted_opens[i]); } printf("\n"); + printf("permitlisten"); + if (o->num_permitted_listens == 0) + printf(" any"); + else { + for (i = 0; i < o->num_permitted_listens; i++) + printf(" %s", o->permitted_listens[i]); + } + printf("\n"); + + if (o->permit_user_env_whitelist == NULL) { + dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); + } else { + printf("permituserenvironment %s\n", + o->permit_user_env_whitelist); + } + } diff --git a/servconf.h b/servconf.h index 37a0fb1a39f..557521d7303 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.130 2017/10/25 00:19:47 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.136 2018/07/09 21:26:02 markus Exp $ */ /* * Author: Tatu Ylonen @@ -32,12 +32,6 @@ #define PRIVSEP_ON 1 #define PRIVSEP_NOSANDBOX 2 -/* AllowTCPForwarding */ -#define FORWARD_DENY 0 -#define FORWARD_REMOTE (1) -#define FORWARD_LOCAL (1<<1) -#define FORWARD_ALLOW (FORWARD_REMOTE|FORWARD_LOCAL) - /* PermitOpen */ #define PERMITOPEN_ANY 0 #define PERMITOPEN_NONE -2 @@ -139,6 +133,7 @@ typedef struct { int permit_empty_passwd; /* If false, do not permit empty * passwords. */ int permit_user_env; /* If true, read ~/.ssh/environment */ + char *permit_user_env_whitelist; /* pattern-list whitelist */ int compression; /* If true, compression is allowed */ int allow_tcp_forwarding; /* One of FORWARD_* */ int allow_streamlocal_forwarding; /* One of FORWARD_* */ @@ -160,6 +155,8 @@ typedef struct { u_int num_accept_env; char **accept_env; + u_int num_setenv; + char **setenv; int max_startups_begin; int max_startups_rate; @@ -187,8 +184,10 @@ typedef struct { int permit_tun; - char **permitted_opens; - u_int num_permitted_opens; /* May also be one of PERMITOPEN_* */ + char **permitted_opens; /* May also be one of PERMITOPEN_* */ + u_int num_permitted_opens; + char **permitted_listens; /* May also be one of PERMITOPEN_* */ + u_int num_permitted_listens; char *chroot_directory; char *revoked_keys_file; @@ -209,6 +208,7 @@ typedef struct { int fingerprint_hash; int expose_userauth_info; + u_int64_t timing_secret; } ServerOptions; /* Information about the incoming connection as used by Match */ @@ -243,6 +243,7 @@ struct connection_info { M_CP_STROPT(hostbased_key_types); \ M_CP_STROPT(pubkey_key_types); \ M_CP_STROPT(routing_domain); \ + M_CP_STROPT(permit_user_env_whitelist); \ M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ M_CP_STRARRAYOPT(allow_users, num_allow_users); \ M_CP_STRARRAYOPT(deny_users, num_deny_users); \ @@ -251,6 +252,7 @@ struct connection_info { M_CP_STRARRAYOPT(accept_env, num_accept_env); \ M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \ M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \ + M_CP_STRARRAYOPT(permitted_listens, num_permitted_listens); \ } while (0) struct connection_info *get_connection_info(int, int); @@ -259,8 +261,8 @@ void fill_default_server_options(ServerOptions *); int process_server_config_line(ServerOptions *, char *, const char *, int, int *, struct connection_info *); void process_permitopen(struct ssh *ssh, ServerOptions *options); -void load_server_config(const char *, Buffer *); -void parse_server_config(ServerOptions *, const char *, Buffer *, +void load_server_config(const char *, struct sshbuf *); +void parse_server_config(ServerOptions *, const char *, struct sshbuf *, struct connection_info *); void parse_server_match_config(ServerOptions *, struct connection_info *); int parse_server_match_testspec(struct connection_info *, char *); diff --git a/serverloop.c b/serverloop.c index d6fe24cc1db..7be83e2d338 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.205 2018/03/03 03:15:51 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.209 2018/07/27 05:13:02 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -58,7 +58,7 @@ #include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "packet.h" -#include "buffer.h" +#include "sshbuf.h" #include "log.h" #include "misc.h" #include "servconf.h" @@ -67,7 +67,7 @@ #include "channels.h" #include "compat.h" #include "ssh2.h" -#include "key.h" +#include "sshkey.h" #include "cipher.h" #include "kex.h" #include "hostfile.h" @@ -103,6 +103,17 @@ static void server_init_dispatch(void); /* requested tunnel forwarding interface(s), shared with session.c */ char *tun_fwd_ifnames = NULL; +/* returns 1 if bind to specified port by specified user is permitted */ +static int +bind_permitted(int port, uid_t uid) +{ + if (use_privsep) + return 1; /* allow system to decide */ + if (port < IPPORT_RESERVED && uid != 0) + return 0; + return 1; +} + /* * we write to this pipe if a SIGCHLD is caught in order to avoid * the race between select() and child_terminated @@ -145,7 +156,7 @@ notify_done(fd_set *readset) if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset)) while (read(notify_pipe[0], &c, 1) != -1) - debug2("notify_done: reading"); + debug2("%s: reading", __func__); } /*ARGSUSED*/ @@ -623,7 +634,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) rwindow = packet_get_int(); rmaxpack = packet_get_int(); - debug("server_input_channel_open: ctype %s rchan %d win %d max %d", + debug("%s: ctype %s rchan %d win %d max %d", __func__, ctype, rchan, rwindow, rmaxpack); if (strcmp(ctype, "session") == 0) { @@ -636,7 +647,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) c = server_request_tun(ssh); } if (c != NULL) { - debug("server_input_channel_open: confirm %s", ctype); + debug("%s: confirm %s", __func__, ctype); c->remote_id = rchan; c->have_remote_id = 1; c->remote_window = rwindow; @@ -650,7 +661,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) packet_send(); } } else { - debug("server_input_channel_open: failure %s", ctype); + debug("%s: failure %s", __func__, ctype); packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); packet_put_int(rchan); packet_put_int(reason); @@ -750,11 +761,11 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) struct passwd *pw = the_authctxt->pw; if (pw == NULL || !the_authctxt->valid) - fatal("server_input_global_request: no/invalid user"); + fatal("%s: no/invalid user", __func__); rtype = packet_get_string(NULL); want_reply = packet_get_char(); - debug("server_input_global_request: rtype %s want_reply %d", rtype, want_reply); + debug("%s: rtype %s want_reply %d", __func__, rtype, want_reply); /* -R style forwarding */ if (strcmp(rtype, "tcpip-forward") == 0) { @@ -763,7 +774,7 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) memset(&fwd, 0, sizeof(fwd)); fwd.listen_host = packet_get_string(NULL); fwd.listen_port = (u_short)packet_get_int(); - debug("server_input_global_request: tcpip-forward listen %s port %d", + debug("%s: tcpip-forward listen %s port %d", __func__, fwd.listen_host, fwd.listen_port); /* check permissions */ @@ -802,7 +813,7 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh) memset(&fwd, 0, sizeof(fwd)); fwd.listen_path = packet_get_string(NULL); - debug("server_input_global_request: streamlocal-forward listen path %s", + debug("%s: streamlocal-forward listen path %s", __func__, fwd.listen_path); /* check permissions */ diff --git a/session.c b/session.c index 58826db1698..f2cf52006e4 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.294 2018/03/03 03:15:51 djm Exp $ */ +/* $OpenBSD: session.c,v 1.305 2018/07/25 13:56:23 deraadt Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -69,12 +69,13 @@ #include "ssh2.h" #include "sshpty.h" #include "packet.h" -#include "buffer.h" +#include "sshbuf.h" +#include "ssherr.h" #include "match.h" #include "uidswap.h" #include "compat.h" #include "channels.h" -#include "key.h" +#include "sshkey.h" #include "cipher.h" #ifdef GSSAPI #include "ssh-gss.h" @@ -139,7 +140,7 @@ extern int debug_flag; extern u_int utmp_len; extern int startup_pipe; extern void destroy_sensitive_data(void); -extern Buffer loginmsg; +extern struct sshbuf *loginmsg; extern struct sshauthopt *auth_opts; char *tun_fwd_ifnames; /* serverloop.c */ @@ -248,11 +249,14 @@ auth_input_request_forwarding(struct ssh *ssh, struct passwd * pw) static void display_loginmsg(void) { - if (buffer_len(&loginmsg) > 0) { - buffer_append(&loginmsg, "\0", 1); - printf("%s", (char *)buffer_ptr(&loginmsg)); - buffer_clear(&loginmsg); - } + int r; + + if (sshbuf_len(loginmsg) == 0) + return; + if ((r = sshbuf_put_u8(loginmsg, 0)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + printf("%s", (char *)sshbuf_ptr(loginmsg)); + sshbuf_reset(loginmsg); } static void @@ -290,26 +294,43 @@ prepare_auth_info_file(struct passwd *pw, struct sshbuf *info) } static void -set_permitopen_from_authopts(struct ssh *ssh, const struct sshauthopt *opts) +set_fwdpermit_from_authopts(struct ssh *ssh, const struct sshauthopt *opts) { char *tmp, *cp, *host; int port; size_t i; - if ((options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) - return; - channel_clear_permitted_opens(ssh); - for (i = 0; i < auth_opts->npermitopen; i++) { - tmp = cp = xstrdup(auth_opts->permitopen[i]); - /* This shouldn't fail as it has already been checked */ - if ((host = hpdelim(&cp)) == NULL) - fatal("%s: internal error: hpdelim", __func__); - host = cleanhostname(host); - if (cp == NULL || (port = permitopen_port(cp)) < 0) - fatal("%s: internal error: permitopen port", - __func__); - channel_add_permitted_opens(ssh, host, port); - free(tmp); + if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) { + channel_clear_permission(ssh, FORWARD_USER, FORWARD_LOCAL); + for (i = 0; i < auth_opts->npermitopen; i++) { + tmp = cp = xstrdup(auth_opts->permitopen[i]); + /* This shouldn't fail as it has already been checked */ + if ((host = hpdelim(&cp)) == NULL) + fatal("%s: internal error: hpdelim", __func__); + host = cleanhostname(host); + if (cp == NULL || (port = permitopen_port(cp)) < 0) + fatal("%s: internal error: permitopen port", + __func__); + channel_add_permission(ssh, + FORWARD_USER, FORWARD_LOCAL, host, port); + free(tmp); + } + } + if ((options.allow_tcp_forwarding & FORWARD_REMOTE) != 0) { + channel_clear_permission(ssh, FORWARD_USER, FORWARD_REMOTE); + for (i = 0; i < auth_opts->npermitlisten; i++) { + tmp = cp = xstrdup(auth_opts->permitlisten[i]); + /* This shouldn't fail as it has already been checked */ + if ((host = hpdelim(&cp)) == NULL) + fatal("%s: internal error: hpdelim", __func__); + host = cleanhostname(host); + if (cp == NULL || (port = permitopen_port(cp)) < 0) + fatal("%s: internal error: permitlisten port", + __func__); + channel_add_permission(ssh, + FORWARD_USER, FORWARD_REMOTE, host, port); + free(tmp); + } } } @@ -322,14 +343,22 @@ do_authenticated(struct ssh *ssh, Authctxt *authctxt) /* setup the channel layer */ /* XXX - streamlocal? */ - set_permitopen_from_authopts(ssh, auth_opts); - if (!auth_opts->permit_port_forwarding_flag || - options.disable_forwarding || - (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) - channel_disable_adm_local_opens(ssh); - else - channel_permit_all_opens(ssh); + set_fwdpermit_from_authopts(ssh, auth_opts); + if (!auth_opts->permit_port_forwarding_flag || + options.disable_forwarding) { + channel_disable_admin(ssh, FORWARD_LOCAL); + channel_disable_admin(ssh, FORWARD_REMOTE); + } else { + if ((options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) + channel_disable_admin(ssh, FORWARD_LOCAL); + else + channel_permit_all(ssh, FORWARD_LOCAL); + if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0) + channel_disable_admin(ssh, FORWARD_REMOTE); + else + channel_permit_all(ssh, FORWARD_REMOTE); + } auth_debug_send(); prepare_auth_info_file(authctxt->pw, authctxt->session_info); @@ -349,7 +378,7 @@ xauth_valid_string(const char *s) if (!isalnum((u_char)s[i]) && s[i] != '.' && s[i] != ':' && s[i] != '/' && s[i] != '-' && s[i] != '_') - return 0; + return 0; } return 1; } @@ -500,7 +529,7 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) * it to the user, otherwise multiple sessions may accumulate * multiple copies of the login messages. */ - buffer_clear(&loginmsg); + sshbuf_reset(loginmsg); #ifdef USE_PIPES /* We are the parent. Close the child sides of the pipes. */ @@ -732,7 +761,7 @@ do_exec(struct ssh *ssh, Session *s, const char *command) * it to the user, otherwise multiple sessions may accumulate * multiple copies of the login messages. */ - buffer_clear(&loginmsg); + sshbuf_reset(loginmsg); return ret; } @@ -842,24 +871,26 @@ check_quietlogin(Session *s, const char *command) * into the environment. If the file does not exist, this does nothing. * Otherwise, it must consist of empty lines, comments (line starts with '#') * and assignments of the form name=value. No other forms are allowed. + * If whitelist is not NULL, then it is interpreted as a pattern list and + * only variable names that match it will be accepted. */ static void read_environment_file(char ***env, u_int *envsize, - const char *filename) + const char *filename, const char *whitelist) { FILE *f; - char buf[4096]; - char *cp, *value; + char *line = NULL, *cp, *value; + size_t linesize = 0; u_int lineno = 0; f = fopen(filename, "r"); if (!f) return; - while (fgets(buf, sizeof(buf), f)) { + while (getline(&line, &linesize, f) != -1) { if (++lineno > 1000) fatal("Too many lines in environment file %s", filename); - for (cp = buf; *cp == ' ' || *cp == '\t'; cp++) + for (cp = line; *cp == ' ' || *cp == '\t'; cp++) ; if (!*cp || *cp == '#' || *cp == '\n') continue; @@ -878,8 +909,12 @@ read_environment_file(char ***env, u_int *envsize, */ *value = '\0'; value++; + if (whitelist != NULL && + match_pattern_list(cp, whitelist, 0) != 1) + continue; child_set_env(env, envsize, cp, value); } + free(line); fclose(f); } @@ -916,7 +951,8 @@ read_etc_default_login(char ***env, u_int *envsize, uid_t uid) * so we use a temporary environment and copy the variables we're * interested in. */ - read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login"); + read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login", + options.permit_user_env_whitelist); if (tmpenv == NULL) return; @@ -978,7 +1014,7 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) char buf[256]; size_t n; u_int i, envsize; - char *ocp, *cp, **env, *laddr; + char *ocp, *cp, *value, **env, *laddr; struct passwd *pw = s->pw; #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN) char *path = NULL; @@ -1052,46 +1088,10 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) if (getenv("TZ")) child_set_env(&env, &envsize, "TZ", getenv("TZ")); - - /* Set custom environment options from pubkey authentication. */ - if (options.permit_user_env) { - for (n = 0 ; n < auth_opts->nenv; n++) { - ocp = xstrdup(auth_opts->env[n]); - cp = strchr(ocp, '='); - if (*cp == '=') { - *cp = '\0'; - child_set_env(&env, &envsize, ocp, cp + 1); - } - free(ocp); - } - } - - /* SSH_CLIENT deprecated */ - snprintf(buf, sizeof buf, "%.50s %d %d", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), - ssh_local_port(ssh)); - child_set_env(&env, &envsize, "SSH_CLIENT", buf); - - laddr = get_local_ipaddr(packet_get_connection_in()); - snprintf(buf, sizeof buf, "%.50s %d %.50s %d", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), - laddr, ssh_local_port(ssh)); - free(laddr); - child_set_env(&env, &envsize, "SSH_CONNECTION", buf); - - if (tun_fwd_ifnames != NULL) - child_set_env(&env, &envsize, "SSH_TUNNEL", tun_fwd_ifnames); - if (auth_info_file != NULL) - child_set_env(&env, &envsize, "SSH_USER_AUTH", auth_info_file); - if (s->ttyfd != -1) - child_set_env(&env, &envsize, "SSH_TTY", s->tty); if (s->term) child_set_env(&env, &envsize, "TERM", s->term); if (s->display) child_set_env(&env, &envsize, "DISPLAY", s->display); - if (original_command) - child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", - original_command); /* * Since we clear KRB5CCNAME at startup, if it's set now then it @@ -1111,7 +1111,8 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) if ((cp = getenv("AUTHSTATE")) != NULL) child_set_env(&env, &envsize, "AUTHSTATE", cp); - read_environment_file(&env, &envsize, "/etc/environment"); + read_environment_file(&env, &envsize, "/etc/environment", + options.permit_user_env_whitelist); } #endif #ifdef KRB5 @@ -1119,6 +1120,37 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) child_set_env(&env, &envsize, "KRB5CCNAME", s->authctxt->krb5_ccname); #endif + if (auth_sock_name != NULL) + child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, + auth_sock_name); + + + /* Set custom environment options from pubkey authentication. */ + if (options.permit_user_env) { + for (n = 0 ; n < auth_opts->nenv; n++) { + ocp = xstrdup(auth_opts->env[n]); + cp = strchr(ocp, '='); + if (*cp == '=') { + *cp = '\0'; + /* Apply PermitUserEnvironment whitelist */ + if (options.permit_user_env_whitelist == NULL || + match_pattern_list(ocp, + options.permit_user_env_whitelist, 0) == 1) + child_set_env(&env, &envsize, + ocp, cp + 1); + } + free(ocp); + } + } + + /* read $HOME/.ssh/environment. */ + if (options.permit_user_env) { + snprintf(buf, sizeof buf, "%.200s/.ssh/environment", + pw->pw_dir); + read_environment_file(&env, &envsize, buf, + options.permit_user_env_whitelist); + } + #ifdef USE_PAM /* * Pull in any environment variables that may have @@ -1141,16 +1173,40 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) } #endif /* USE_PAM */ - if (auth_sock_name != NULL) - child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, - auth_sock_name); - - /* read $HOME/.ssh/environment. */ - if (options.permit_user_env) { - snprintf(buf, sizeof buf, "%.200s/.ssh/environment", - strcmp(pw->pw_dir, "/") ? pw->pw_dir : ""); - read_environment_file(&env, &envsize, buf); + /* Environment specified by admin */ + for (i = 0; i < options.num_setenv; i++) { + cp = xstrdup(options.setenv[i]); + if ((value = strchr(cp, '=')) == NULL) { + /* shouldn't happen; vars are checked in servconf.c */ + fatal("Invalid config SetEnv: %s", options.setenv[i]); + } + *value++ = '\0'; + child_set_env(&env, &envsize, cp, value); } + + /* SSH_CLIENT deprecated */ + snprintf(buf, sizeof buf, "%.50s %d %d", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), + ssh_local_port(ssh)); + child_set_env(&env, &envsize, "SSH_CLIENT", buf); + + laddr = get_local_ipaddr(packet_get_connection_in()); + snprintf(buf, sizeof buf, "%.50s %d %.50s %d", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), + laddr, ssh_local_port(ssh)); + free(laddr); + child_set_env(&env, &envsize, "SSH_CONNECTION", buf); + + if (tun_fwd_ifnames != NULL) + child_set_env(&env, &envsize, "SSH_TUNNEL", tun_fwd_ifnames); + if (auth_info_file != NULL) + child_set_env(&env, &envsize, "SSH_USER_AUTH", auth_info_file); + if (s->ttyfd != -1) + child_set_env(&env, &envsize, "SSH_TTY", s->tty); + if (original_command) + child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", + original_command); + if (debug_flag) { /* dump the environment */ fprintf(stderr, "Environment:\n"); @@ -1324,7 +1380,7 @@ safely_chroot(const char *path, uid_t uid) void do_setusercontext(struct passwd *pw) { - char *chroot_path, *tmp; + char uidstr[32], *chroot_path, *tmp; platform_setusercontext(pw); @@ -1356,8 +1412,10 @@ do_setusercontext(struct passwd *pw) strcasecmp(options.chroot_directory, "none") != 0) { tmp = tilde_expand_filename(options.chroot_directory, pw->pw_uid); + snprintf(uidstr, sizeof(uidstr), "%llu", + (unsigned long long)pw->pw_uid); chroot_path = percent_expand(tmp, "h", pw->pw_dir, - "u", pw->pw_name, (char *)NULL); + "u", pw->pw_name, "U", uidstr, (char *)NULL); safely_chroot(chroot_path, pw->pw_uid); free(tmp); free(chroot_path); @@ -1858,7 +1916,6 @@ static int session_pty_req(struct ssh *ssh, Session *s) { u_int len; - int n_bytes; if (!auth_opts->permit_pty_flag || !options.permit_tty) { debug("Allocating a pty not permitted for this connection."); @@ -1893,8 +1950,7 @@ session_pty_req(struct ssh *ssh, Session *s) } debug("session_pty_req: session %d alloc %s", s->self, s->tty); - n_bytes = packet_remaining(); - tty_parse_modes(s->ttyfd, &n_bytes); + ssh_tty_parse_modes(ssh, s->ttyfd); if (!use_privsep) pty_setowner(s->pw, s->tty); diff --git a/sftp-client.c b/sftp-client.c index 0b53a2e681a..4986d6d8d29 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.128 2017/11/28 21:10:22 dtucker Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.130 2018/07/31 03:07:24 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -669,7 +669,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag, **dir = NULL; } - return status; + return status == SSH2_FX_OK ? 0 : -1; } int @@ -1019,7 +1019,7 @@ do_fsync(struct sftp_conn *conn, u_char *handle, u_int handle_len) if (status != SSH2_FX_OK) error("Couldn't sync file: %s", fx2txt(status)); - return status; + return status == SSH2_FX_OK ? 0 : -1; } #ifdef notyet @@ -1451,7 +1451,7 @@ do_download(struct sftp_conn *conn, const char *remote_path, sshbuf_free(msg); free(handle); - return(status); + return status == SSH2_FX_OK ? 0 : -1; } static int @@ -1461,7 +1461,7 @@ download_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, { int i, ret = 0; SFTP_DIRENT **dir_entries; - char *filename, *new_src, *new_dst; + char *filename, *new_src = NULL, *new_dst = NULL; mode_t mode = 0777; if (depth >= MAX_DIR_DEPTH) { @@ -1499,8 +1499,10 @@ download_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, } for (i = 0; dir_entries[i] != NULL && !interrupted; i++) { - filename = dir_entries[i]->filename; + free(new_dst); + free(new_src); + filename = dir_entries[i]->filename; new_dst = path_append(dst, filename); new_src = path_append(src, filename); @@ -1523,9 +1525,9 @@ download_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, } else logit("%s: not a regular file\n", new_src); - free(new_dst); - free(new_src); } + free(new_dst); + free(new_src); if (preserve_flag) { if (dirattrib->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { @@ -1793,7 +1795,7 @@ upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, int ret = 0; DIR *dirp; struct dirent *dp; - char *filename, *new_src, *new_dst; + char *filename, *new_src = NULL, *new_dst = NULL; struct stat sb; Attrib a, *dirattrib; @@ -1844,6 +1846,8 @@ upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, while (((dp = readdir(dirp)) != NULL) && !interrupted) { if (dp->d_ino == 0) continue; + free(new_dst); + free(new_src); filename = dp->d_name; new_dst = path_append(dst, filename); new_src = path_append(src, filename); @@ -1870,9 +1874,9 @@ upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, } } else logit("%s: not a regular file\n", filename); - free(new_dst); - free(new_src); } + free(new_dst); + free(new_src); do_setstat(conn, dst, &a); diff --git a/sftp-server.0 b/sftp-server.0 index 4f994f4c595..4c42b26c95d 100644 --- a/sftp-server.0 +++ b/sftp-server.0 @@ -93,4 +93,4 @@ HISTORY AUTHORS Markus Friedl -OpenBSD 6.2 December 11, 2014 OpenBSD 6.2 +OpenBSD 6.4 December 11, 2014 OpenBSD 6.4 diff --git a/sftp-server.c b/sftp-server.c index df0fb50680f..ab1b063f213 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.111 2017/04/04 00:24:56 djm Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.112 2018/06/01 03:33:53 djm Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -1503,7 +1503,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) int i, r, in, out, max, ch, skipargs = 0, log_stderr = 0; ssize_t len, olen, set_size; SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; - char *cp, *homedir = NULL, buf[4*4096]; + char *cp, *homedir = NULL, uidstr[32], buf[4*4096]; long mask; extern char *optarg; @@ -1554,8 +1554,10 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) break; case 'd': cp = tilde_expand_filename(optarg, user_pw->pw_uid); + snprintf(uidstr, sizeof(uidstr), "%llu", + (unsigned long long)pw->pw_uid); homedir = percent_expand(cp, "d", user_pw->pw_dir, - "u", user_pw->pw_name, (char *)NULL); + "u", user_pw->pw_name, "U", uidstr, (char *)NULL); free(cp); break; case 'p': diff --git a/sftp.0 b/sftp.0 index 7ad3e8d3f46..343058e714a 100644 --- a/sftp.0 +++ b/sftp.0 @@ -146,10 +146,10 @@ DESCRIPTION SendEnv ServerAliveInterval ServerAliveCountMax + SetEnv StrictHostKeyChecking TCPKeepAlive UpdateHostKeys - UsePrivilegedPort User UserKnownHostsFile VerifyHostKeyDNS @@ -197,16 +197,16 @@ INTERACTIVE COMMANDS change directory to the one the session started in. chgrp grp path - Change group of file path to grp. path may contain glob(3) + Change group of file path to grp. path may contain glob(7) characters and may match multiple files. grp must be a numeric GID. chmod mode path Change permissions of file path to mode. path may contain - glob(3) characters and may match multiple files. + glob(7) characters and may match multiple files. chown own path - Change owner of file path to own. path may contain glob(3) + Change owner of file path to own. path may contain glob(7) characters and may match multiple files. own must be a numeric UID. @@ -223,7 +223,7 @@ INTERACTIVE COMMANDS get [-afPpr] remote-path [local-path] Retrieve the remote-path and store it on the local machine. If the local path name is not specified, it is given the same name - it has on the remote machine. remote-path may contain glob(3) + it has on the remote machine. remote-path may contain glob(7) characters and may match multiple files. If it does and local-path is specified, then local-path must specify a directory. @@ -254,7 +254,7 @@ INTERACTIVE COMMANDS Display local directory listing of either path or current directory if path is not specified. ls-options may contain any flags supported by the local system's ls(1) command. path may - contain glob(3) characters and may match multiple files. + contain glob(7) characters and may match multiple files. lmkdir path Create local directory specified by path. @@ -268,7 +268,7 @@ INTERACTIVE COMMANDS ls [-1afhlnrSt] [path] Display a remote directory listing of either path or the current - directory if path is not specified. path may contain glob(3) + directory if path is not specified. path may contain glob(7) characters and may match multiple files. The following flags are recognized and alter the behaviour of ls @@ -311,7 +311,7 @@ INTERACTIVE COMMANDS put [-afPpr] local-path [remote-path] Upload local-path and store it on the remote machine. If the remote path name is not specified, it is given the same name it - has on the local machine. local-path may contain glob(3) + has on the local machine. local-path may contain glob(7) characters and may match multiple files. If it does and remote-path is specified, then remote-path must specify a directory. @@ -369,10 +369,10 @@ INTERACTIVE COMMANDS ? Synonym for help. SEE ALSO - ftp(1), ls(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), glob(3), - ssh_config(5), sftp-server(8), sshd(8) + ftp(1), ls(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), ssh_config(5), + glob(7), sftp-server(8), sshd(8) T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- filexfer-00.txt, January 2001, work in progress material. -OpenBSD 6.2 February 23, 2018 OpenBSD 6.2 +OpenBSD 6.4 July 23, 2018 OpenBSD 6.4 diff --git a/sftp.1 b/sftp.1 index 43e0442f7bb..a25d3890b46 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.114 2018/02/23 07:38:09 jmc Exp $ +.\" $OpenBSD: sftp.1,v 1.119 2018/07/23 19:53:55 jmc Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: February 23 2018 $ +.Dd $Mdocdate: July 23 2018 $ .Dt SFTP 1 .Os .Sh NAME @@ -243,10 +243,10 @@ For full details of the options listed below, and their possible values, see .It SendEnv .It ServerAliveInterval .It ServerAliveCountMax +.It SetEnv .It StrictHostKeyChecking .It TCPKeepAlive .It UpdateHostKeys -.It UsePrivilegedPort .It User .It UserKnownHostsFile .It VerifyHostKeyDNS @@ -315,7 +315,7 @@ to .Ar grp . .Ar path may contain -.Xr glob 3 +.Xr glob 7 characters and may match multiple files. .Ar grp must be a numeric GID. @@ -326,7 +326,7 @@ to .Ar mode . .Ar path may contain -.Xr glob 3 +.Xr glob 7 characters and may match multiple files. .It Ic chown Ar own Ar path Change owner of file @@ -335,7 +335,7 @@ to .Ar own . .Ar path may contain -.Xr glob 3 +.Xr glob 7 characters and may match multiple files. .Ar own must be a numeric UID. @@ -373,7 +373,7 @@ path name is not specified, it is given the same name it has on the remote machine. .Ar remote-path may contain -.Xr glob 3 +.Xr glob 7 characters and may match multiple files. If it does and .Ar local-path @@ -429,7 +429,7 @@ may contain any flags supported by the local system's command. .Ar path may contain -.Xr glob 3 +.Xr glob 7 characters and may match multiple files. .It Ic lmkdir Ar path Create local directory specified by @@ -460,7 +460,7 @@ or the current directory if is not specified. .Ar path may contain -.Xr glob 3 +.Xr glob 7 characters and may match multiple files. .Pp The following flags are recognized and alter the behaviour of @@ -513,7 +513,7 @@ If the remote path name is not specified, it is given the same name it has on the local machine. .Ar local-path may contain -.Xr glob 3 +.Xr glob 7 characters and may match multiple files. If it does and .Ar remote-path @@ -616,8 +616,8 @@ Synonym for help. .Xr ssh 1 , .Xr ssh-add 1 , .Xr ssh-keygen 1 , -.Xr glob 3 , .Xr ssh_config 5 , +.Xr glob 7 , .Xr sftp-server 8 , .Xr sshd 8 .Rs diff --git a/sftp.c b/sftp.c index 5ce864eeb0f..d068f7e0fee 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.182 2017/11/03 03:46:52 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.185 2018/04/26 14:47:03 bluhm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -81,7 +81,7 @@ FILE* infile; int batchmode = 0; /* PID of ssh transport process */ -static pid_t sshpid = -1; +static volatile pid_t sshpid = -1; /* Suppress diagnositic messages */ int quiet = 0; @@ -253,6 +253,25 @@ cmd_interrupt(int signo) errno = olderrno; } +/*ARGSUSED*/ +static void +sigchld_handler(int sig) +{ + int save_errno = errno; + pid_t pid; + const char msg[] = "\rConnection closed. \n"; + + /* Report if ssh transport process dies. */ + while ((pid = waitpid(sshpid, NULL, WNOHANG)) == -1 && errno == EINTR) + continue; + if (pid == sshpid) { + (void)write(STDERR_FILENO, msg, sizeof(msg) - 1); + sshpid = -1; + } + + errno = save_errno; +} + static void help(void) { @@ -1844,7 +1863,7 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote, return 0; } - /* Complete ambigious command */ + /* Complete ambiguous command */ tmp = complete_ambiguous(cmd, list, count); if (count > 1) complete_display(list, 0); @@ -2227,6 +2246,7 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) if (err != 0) break; } + signal(SIGCHLD, SIG_DFL); free(remote_path); free(startdir); free(conn); @@ -2296,6 +2316,7 @@ connect_to_server(char *path, char **args, int *in, int *out) signal(SIGTSTP, suspchild); signal(SIGTTIN, suspchild); signal(SIGTTOU, suspchild); + signal(SIGCHLD, sigchld_handler); close(c_in); close(c_out); } @@ -2535,7 +2556,7 @@ main(int argc, char **argv) if (batchmode) fclose(infile); - while (waitpid(sshpid, NULL, 0) == -1) + while (waitpid(sshpid, NULL, 0) == -1 && sshpid > 1) if (errno != EINTR) fatal("Couldn't wait for ssh process: %s", strerror(errno)); diff --git a/ssh-add.0 b/ssh-add.0 index 2ef6c3da298..d60ae715ee9 100644 --- a/ssh-add.0 +++ b/ssh-add.0 @@ -120,4 +120,4 @@ AUTHORS created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 6.2 August 29, 2017 OpenBSD 6.2 +OpenBSD 6.4 August 29, 2017 OpenBSD 6.4 diff --git a/ssh-agent.0 b/ssh-agent.0 index 86ac988bdf1..f4575d01be0 100644 --- a/ssh-agent.0 +++ b/ssh-agent.0 @@ -117,4 +117,4 @@ AUTHORS created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 6.2 November 30, 2016 OpenBSD 6.2 +OpenBSD 6.4 November 30, 2016 OpenBSD 6.4 diff --git a/ssh-agent.c b/ssh-agent.c index 2a4578b03ef..d8a8260f9bf 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.228 2018/02/23 15:58:37 markus Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.231 2018/05/11 03:38:51 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -709,7 +709,7 @@ process_message(u_int socknum) debug("%s: socket %u (fd=%d) type %d", __func__, socknum, e->fd, type); - /* check wheter agent is locked */ + /* check whether agent is locked */ if (locked && type != SSH_AGENTC_UNLOCK) { sshbuf_reset(e->request); switch (type) { @@ -886,10 +886,10 @@ handle_conn_write(u_int socknum) } static void -after_poll(struct pollfd *pfd, size_t npfd) +after_poll(struct pollfd *pfd, size_t npfd, u_int maxfds) { size_t i; - u_int socknum; + u_int socknum, activefds = npfd; for (i = 0; i < npfd; i++) { if (pfd[i].revents == 0) @@ -909,19 +909,30 @@ after_poll(struct pollfd *pfd, size_t npfd) /* Process events */ switch (sockets[socknum].type) { case AUTH_SOCKET: - if ((pfd[i].revents & (POLLIN|POLLERR)) != 0 && - handle_socket_read(socknum) != 0) - close_socket(&sockets[socknum]); + if ((pfd[i].revents & (POLLIN|POLLERR)) == 0) + break; + if (npfd > maxfds) { + debug3("out of fds (active %u >= limit %u); " + "skipping accept", activefds, maxfds); + break; + } + if (handle_socket_read(socknum) == 0) + activefds++; break; case AUTH_CONNECTION: if ((pfd[i].revents & (POLLIN|POLLERR)) != 0 && handle_conn_read(socknum) != 0) { - close_socket(&sockets[socknum]); - break; + goto close_sock; } if ((pfd[i].revents & (POLLOUT|POLLHUP)) != 0 && - handle_conn_write(socknum) != 0) + handle_conn_write(socknum) != 0) { + close_sock: + if (activefds == 0) + fatal("activefds == 0 at close_sock"); close_socket(&sockets[socknum]); + activefds--; + break; + } break; default: break; @@ -930,7 +941,7 @@ after_poll(struct pollfd *pfd, size_t npfd) } static int -prepare_poll(struct pollfd **pfdp, size_t *npfdp, int *timeoutp) +prepare_poll(struct pollfd **pfdp, size_t *npfdp, int *timeoutp, u_int maxfds) { struct pollfd *pfd = *pfdp; size_t i, j, npfd = 0; @@ -959,6 +970,16 @@ prepare_poll(struct pollfd **pfdp, size_t *npfdp, int *timeoutp) for (i = j = 0; i < sockets_alloc; i++) { switch (sockets[i].type) { case AUTH_SOCKET: + if (npfd > maxfds) { + debug3("out of fds (active %zu >= limit %u); " + "skipping arming listener", npfd, maxfds); + break; + } + pfd[j].fd = sockets[i].fd; + pfd[j].revents = 0; + pfd[j].events = POLLIN; + j++; + break; case AUTH_CONNECTION: pfd[j].fd = sockets[i].fd; pfd[j].revents = 0; @@ -1059,6 +1080,7 @@ main(int ac, char **av) int timeout = -1; /* INFTIM */ struct pollfd *pfd = NULL; size_t npfd = 0; + u_int maxfds; ssh_malloc_init(); /* must be called before any mallocs */ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ @@ -1070,6 +1092,9 @@ main(int ac, char **av) platform_disable_tracing(0); /* strict=no */ + if (getrlimit(RLIMIT_NOFILE, &rlim) == -1) + fatal("%s: getrlimit: %s", __progname, strerror(errno)); + #ifdef WITH_OPENSSL OpenSSL_add_all_algorithms(); #endif @@ -1166,6 +1191,18 @@ main(int ac, char **av) printf("echo Agent pid %ld killed;\n", (long)pid); exit(0); } + + /* + * Minimum file descriptors: + * stdio (3) + listener (1) + syslog (1 maybe) + connection (1) + + * a few spare for libc / stack protectors / sanitisers, etc. + */ +#define SSH_AGENT_MIN_FDS (3+1+1+1+4) + if (rlim.rlim_cur < SSH_AGENT_MIN_FDS) + fatal("%s: file descriptior rlimit %lld too low (minimum %u)", + __progname, (long long)rlim.rlim_cur, SSH_AGENT_MIN_FDS); + maxfds = rlim.rlim_cur - SSH_AGENT_MIN_FDS; + parent_pid = getpid(); if (agentsocket == NULL) { @@ -1285,7 +1322,7 @@ main(int ac, char **av) platform_pledge_agent(); while (1) { - prepare_poll(&pfd, &npfd, &timeout); + prepare_poll(&pfd, &npfd, &timeout, maxfds); result = poll(pfd, npfd, timeout); saved_errno = errno; if (parent_alive_interval != 0) @@ -1296,7 +1333,7 @@ main(int ac, char **av) continue; fatal("poll: %s", strerror(saved_errno)); } else if (result > 0) - after_poll(pfd, npfd); + after_poll(pfd, npfd, maxfds); } /* NOTREACHED */ } diff --git a/ssh-gss.h b/ssh-gss.h index 6593e422d92..36180d07a4c 100644 --- a/ssh-gss.h +++ b/ssh-gss.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-gss.h,v 1.12 2017/06/24 06:34:38 djm Exp $ */ +/* $OpenBSD: ssh-gss.h,v 1.14 2018/07/10 09:13:30 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. * @@ -107,6 +107,9 @@ ssh_gssapi_mech *ssh_gssapi_get_ctype(Gssctxt *); void ssh_gssapi_prepare_supported_oids(void); OM_uint32 ssh_gssapi_test_oid_supported(OM_uint32 *, gss_OID, int *); +struct sshbuf; +int ssh_gssapi_get_buffer_desc(struct sshbuf *, gss_buffer_desc *); + OM_uint32 ssh_gssapi_import_name(Gssctxt *, const char *); OM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int, gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *); @@ -118,7 +121,8 @@ char *ssh_gssapi_last_error(Gssctxt *, OM_uint32 *, OM_uint32 *); void ssh_gssapi_build_ctx(Gssctxt **); void ssh_gssapi_delete_ctx(Gssctxt **); OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); -void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *); +void ssh_gssapi_buildmic(struct sshbuf *, const char *, + const char *, const char *); int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *); /* In the server */ diff --git a/ssh-keygen.0 b/ssh-keygen.0 index 417e8382b68..f8cc3c3e2ea 100644 --- a/ssh-keygen.0 +++ b/ssh-keygen.0 @@ -88,9 +88,8 @@ DESCRIPTION new host keys. -a rounds - When saving a new-format private key (i.e. an ed25519 key or when - the -o flag is set), this option specifies the number of KDF (key - derivation function) rounds used. Higher numbers result in + When saving a private key this option specifies the number of KDF + (key derivation function) rounds used. Higher numbers result in slower passphrase verification and increased resistance to brute- force password cracking (should the keys be stolen). @@ -115,10 +114,9 @@ DESCRIPTION Provides a new comment. -c Requests changing the comment in the private and public key - files. This operation is only supported for keys stored in the - newer OpenSSH format. The program will prompt for the file - containing the private keys, for the passphrase if the key has - one, and for the new comment. + files. The program will prompt for the file containing the + private keys, for the passphrase if the key has one, and for the + new comment. -D pkcs11 Download the RSA public keys provided by the PKCS#11 shared @@ -212,7 +210,9 @@ DESCRIPTION conversion options. The supported key formats are: M-bM-^@M-^\RFC4716M-bM-^@M-^] (RFC 4716/SSH2 public or private key), M-bM-^@M-^\PKCS8M-bM-^@M-^] (PEM PKCS8 public key) or M-bM-^@M-^\PEMM-bM-^@M-^] (PEM public key). The default conversion format is - M-bM-^@M-^\RFC4716M-bM-^@M-^]. + M-bM-^@M-^\RFC4716M-bM-^@M-^]. Setting a format of M-bM-^@M-^\PEMM-bM-^@M-^] when generating or updating + a supported private key type will cause the key to be stored in + the legacy PEM private key format. -N new_passphrase Provides the new passphrase. @@ -289,12 +289,6 @@ DESCRIPTION separated list of one or more address/netmask pairs in CIDR format. - -o Causes ssh-keygen to save private keys using the new OpenSSH - format rather than the more compatible PEM format. The new - format has increased resistance to brute-force password cracking - but is not supported by versions of OpenSSH prior to 6.5. - Ed25519 keys always use the new private key format. - -P passphrase Provides the (old) passphrase. @@ -577,4 +571,4 @@ AUTHORS created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 6.2 March 12, 2018 OpenBSD 6.2 +OpenBSD 6.4 August 8, 2018 OpenBSD 6.4 diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 3525d7d1756..dd6e7e5a8a3 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.147 2018/03/12 00:52:01 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.148 2018/08/08 01:16:01 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 12 2018 $ +.Dd $Mdocdate: August 8 2018 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -233,10 +233,8 @@ This is used by .Pa /etc/rc to generate new host keys. .It Fl a Ar rounds -When saving a new-format private key (i.e. an ed25519 key or when the -.Fl o -flag is set), this option specifies the number of KDF (key derivation function) -rounds used. +When saving a private key this option specifies the number of KDF +(key derivation function) rounds used. Higher numbers result in slower passphrase verification and increased resistance to brute-force password cracking (should the keys be stolen). .Pp @@ -264,8 +262,6 @@ flag will be ignored. Provides a new comment. .It Fl c Requests changing the comment in the private and public key files. -This operation is only supported for keys stored in the -newer OpenSSH format. The program will prompt for the file containing the private keys, for the passphrase if the key has one, and for the new comment. .It Fl D Ar pkcs11 @@ -410,6 +406,10 @@ or (PEM public key). The default conversion format is .Dq RFC4716 . +Setting a format of +.Dq PEM +when generating or updating a supported private key type will cause the +key to be stored in the legacy PEM private key format. .It Fl N Ar new_passphrase Provides the new passphrase. .It Fl n Ar principals @@ -504,14 +504,6 @@ The is a comma-separated list of one or more address/netmask pairs in CIDR format. .El -.It Fl o -Causes -.Nm -to save private keys using the new OpenSSH format rather than -the more compatible PEM format. -The new format has increased resistance to brute-force password cracking -but is not supported by versions of OpenSSH prior to 6.5. -Ed25519 keys always use the new private key format. .It Fl P Ar passphrase Provides the (old) passphrase. .It Fl p diff --git a/ssh-keygen.c b/ssh-keygen.c index 9aac64fc3b1..22860ad90df 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.314 2018/03/12 00:52:01 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.319 2018/08/08 01:16:01 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -38,6 +38,7 @@ #include #include #include +#include #include "xmalloc.h" #include "sshkey.h" @@ -178,7 +179,7 @@ char *key_type_name = NULL; char *pkcs11provider = NULL; /* Use new OpenSSH private key format when writing SSH2 keys instead of PEM */ -int use_new_format = 0; +int use_new_format = 1; /* Cipher for new-format private keys */ char *new_format_cipher = NULL; @@ -870,7 +871,8 @@ do_fingerprint(struct passwd *pw) { FILE *f; struct sshkey *public = NULL; - char *comment = NULL, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES]; + char *comment = NULL, *cp, *ep, *line = NULL; + size_t linesize = 0; int i, invalid = 1; const char *path; u_long lnum = 0; @@ -885,7 +887,8 @@ do_fingerprint(struct passwd *pw) } else if ((f = fopen(path, "r")) == NULL) fatal("%s: %s: %s", __progname, path, strerror(errno)); - while (read_keyfile_line(f, path, line, sizeof(line), &lnum) == 0) { + while (getline(&line, &linesize, f) != -1) { + lnum++; cp = line; cp[strcspn(cp, "\n")] = '\0'; /* Trim leading space and comments */ @@ -905,6 +908,7 @@ do_fingerprint(struct passwd *pw) */ if (lnum == 1 && strcmp(identity_file, "-") != 0 && strstr(cp, "PRIVATE KEY") != NULL) { + free(line); fclose(f); fingerprint_private(path); exit(0); @@ -951,6 +955,7 @@ do_fingerprint(struct passwd *pw) invalid = 0; /* One good key in the file is sufficient */ } fclose(f); + free(line); if (invalid) fatal("%s is not a public key file.", path); @@ -1254,13 +1259,12 @@ do_known_hosts(struct passwd *pw, const char *name) } inplace = 1; } - /* XXX support identity_file == "-" for stdin */ foreach_options = find_host ? HKF_WANT_MATCH : 0; foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0; - if ((r = hostkeys_foreach(identity_file, - hash_hosts ? known_hosts_hash : known_hosts_find_delete, &ctx, - name, NULL, foreach_options)) != 0) { + if ((r = hostkeys_foreach(identity_file, (find_host || !hash_hosts) ? + known_hosts_find_delete : known_hosts_hash, &ctx, name, NULL, + foreach_options)) != 0) { if (inplace) unlink(tmp); fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r)); @@ -2005,8 +2009,9 @@ do_show_cert(struct passwd *pw) struct stat st; int r, is_stdin = 0, ok = 0; FILE *f; - char *cp, line[SSH_MAX_PUBKEY_BYTES]; + char *cp, *line = NULL; const char *path; + size_t linesize = 0; u_long lnum = 0; if (!have_identity) @@ -2022,7 +2027,8 @@ do_show_cert(struct passwd *pw) } else if ((f = fopen(identity_file, "r")) == NULL) fatal("fopen %s: %s", identity_file, strerror(errno)); - while (read_keyfile_line(f, path, line, sizeof(line), &lnum) == 0) { + while (getline(&line, &linesize, f) != -1) { + lnum++; sshkey_free(key); key = NULL; /* Trim leading space and comments */ @@ -2047,6 +2053,7 @@ do_show_cert(struct passwd *pw) printf("%s:%lu:\n", path, lnum); print_cert(key); } + free(line); sshkey_free(key); fclose(f); exit(ok ? 0 : 1); @@ -2078,7 +2085,8 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca, { struct sshkey *key = NULL; u_long lnum = 0; - char *path, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES]; + char *path, *cp, *ep, *line = NULL; + size_t linesize = 0; unsigned long long serial, serial2; int i, was_explicit_key, was_sha1, r; FILE *krl_spec; @@ -2093,8 +2101,8 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca, if (!quiet) printf("Revoking from %s\n", path); - while (read_keyfile_line(krl_spec, path, line, sizeof(line), - &lnum) == 0) { + while (getline(&line, &linesize, krl_spec) != -1) { + lnum++; was_explicit_key = was_sha1 = 0; cp = line + strspn(line, " \t"); /* Trim trailing space, comments and strip \n */ @@ -2194,6 +2202,7 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca, } if (strcmp(path, "-") != 0) fclose(krl_spec); + free(line); free(path); } @@ -2247,7 +2256,7 @@ do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) fatal("Couldn't generate KRL"); if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) fatal("open %s: %s", identity_file, strerror(errno)); - if (atomicio(vwrite, fd, (void *)sshbuf_ptr(kbuf), sshbuf_len(kbuf)) != + if (atomicio(vwrite, fd, sshbuf_mutable_ptr(kbuf), sshbuf_len(kbuf)) != sshbuf_len(kbuf)) fatal("write %s: %s", identity_file, strerror(errno)); close(fd); @@ -2425,6 +2434,7 @@ main(int argc, char **argv) } if (strcasecmp(optarg, "PEM") == 0) { convert_format = FMT_PEM; + use_new_format = 0; break; } fatal("Unsupported conversion format \"%s\"", optarg); @@ -2432,7 +2442,7 @@ main(int argc, char **argv) cert_principals = optarg; break; case 'o': - use_new_format = 1; + /* no-op; new format is already the default */ break; case 'p': change_passphrase = 1; diff --git a/ssh-keyscan.0 b/ssh-keyscan.0 index c0278ee0aac..497ac0d9ee7 100644 --- a/ssh-keyscan.0 +++ b/ssh-keyscan.0 @@ -93,4 +93,4 @@ AUTHORS Davison added support for protocol version 2. -OpenBSD 6.2 March 5, 2018 OpenBSD 6.2 +OpenBSD 6.4 March 5, 2018 OpenBSD 6.4 diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 381fb0844da..38b1c548be3 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.119 2018/03/02 21:40:15 jmc Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.120 2018/06/06 18:29:18 markus Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -646,9 +646,9 @@ main(int argc, char **argv) { int debug_flag = 0, log_level = SYSLOG_LEVEL_INFO; int opt, fopt_count = 0, j; - char *tname, *cp, line[NI_MAXHOST]; + char *tname, *cp, *line = NULL; + size_t linesize = 0; FILE *fp; - u_long linenum; extern int optind; extern char *optarg; @@ -769,11 +769,8 @@ main(int argc, char **argv) else if ((fp = fopen(argv[j], "r")) == NULL) fatal("%s: %s: %s", __progname, argv[j], strerror(errno)); - linenum = 0; - while (read_keyfile_line(fp, - argv[j] == NULL ? "(stdin)" : argv[j], line, sizeof(line), - &linenum) != -1) { + while (getline(&line, &linesize, fp) != -1) { /* Chomp off trailing whitespace and comments */ if ((cp = strchr(line, '#')) == NULL) cp = line + strlen(line) - 1; @@ -798,6 +795,7 @@ main(int argc, char **argv) fclose(fp); } + free(line); while (optind < argc) do_host(argv[optind++]); diff --git a/ssh-keysign.0 b/ssh-keysign.0 index d855ad07a8e..db4355d297c 100644 --- a/ssh-keysign.0 +++ b/ssh-keysign.0 @@ -49,4 +49,4 @@ HISTORY AUTHORS Markus Friedl -OpenBSD 6.2 February 17, 2016 OpenBSD 6.2 +OpenBSD 6.4 February 17, 2016 OpenBSD 6.4 diff --git a/ssh-keysign.c b/ssh-keysign.c index 78bb66b08f7..744ecb4f90f 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.54 2018/02/23 15:58:38 markus Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.55 2018/07/27 05:34:42 dtucker Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -62,11 +62,6 @@ struct ssh *active_state = NULL; /* XXX needed for linking */ extern char *__progname; -/* XXX readconf.c needs these */ -uid_t original_real_uid; - -extern char *__progname; - static int valid_request(struct passwd *pw, char *host, struct sshkey **ret, u_char *data, size_t datalen) @@ -201,8 +196,7 @@ main(int argc, char **argv) key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); - original_real_uid = getuid(); /* XXX readconf.c needs this */ - if ((pw = getpwuid(original_real_uid)) == NULL) + if ((pw = getpwuid(getuid())) == NULL) fatal("getpwuid failed"); pw = pwcopy(pw); diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c index fc75828278f..028b272cb9f 100644 --- a/ssh-pkcs11-client.c +++ b/ssh-pkcs11-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-client.c,v 1.8 2018/02/05 05:37:46 tb Exp $ */ +/* $OpenBSD: ssh-pkcs11-client.c,v 1.10 2018/07/09 21:59:10 markus Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -34,13 +34,14 @@ #include "pathnames.h" #include "xmalloc.h" -#include "buffer.h" +#include "sshbuf.h" #include "log.h" #include "misc.h" -#include "key.h" +#include "sshkey.h" #include "authfd.h" #include "atomicio.h" #include "ssh-pkcs11.h" +#include "ssherr.h" /* borrows code from sftp-server and ssh-agent */ @@ -48,34 +49,37 @@ int fd = -1; pid_t pid = -1; static void -send_msg(Buffer *m) +send_msg(struct sshbuf *m) { u_char buf[4]; - int mlen = buffer_len(m); + size_t mlen = sshbuf_len(m); + int r; - put_u32(buf, mlen); + POKE_U32(buf, mlen); if (atomicio(vwrite, fd, buf, 4) != 4 || - atomicio(vwrite, fd, buffer_ptr(m), - buffer_len(m)) != buffer_len(m)) + atomicio(vwrite, fd, sshbuf_mutable_ptr(m), + sshbuf_len(m)) != sshbuf_len(m)) error("write to helper failed"); - buffer_consume(m, mlen); + if ((r = sshbuf_consume(m, mlen)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } static int -recv_msg(Buffer *m) +recv_msg(struct sshbuf *m) { u_int l, len; - u_char buf[1024]; + u_char c, buf[1024]; + int r; if ((len = atomicio(read, fd, buf, 4)) != 4) { error("read from helper failed: %u", len); return (0); /* XXX */ } - len = get_u32(buf); + len = PEEK_U32(buf); if (len > 256 * 1024) fatal("response too long: %u", len); /* read len bytes into m */ - buffer_clear(m); + sshbuf_reset(m); while (len > 0) { l = len; if (l > sizeof(buf)) @@ -84,10 +88,13 @@ recv_msg(Buffer *m) error("response from helper failed."); return (0); /* XXX */ } - buffer_append(m, buf, l); + if ((r = sshbuf_put(m, buf, l)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); len -= l; } - return (buffer_get_char(m)); + if ((r = sshbuf_get_u8(m, &c)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + return c; } int @@ -109,34 +116,39 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, { struct sshkey key; /* XXX */ u_char *blob, *signature = NULL; - u_int blen, slen = 0; - int ret = -1; - Buffer msg; + size_t blen, slen = 0; + int r, ret = -1; + struct sshbuf *msg; if (padding != RSA_PKCS1_PADDING) return (-1); key.type = KEY_RSA; key.rsa = rsa; - if (key_to_blob(&key, &blob, &blen) == 0) + if ((r = sshkey_to_blob(&key, &blob, &blen)) != 0) { + error("%s: sshkey_to_blob: %s", __func__, ssh_err(r)); return -1; - buffer_init(&msg); - buffer_put_char(&msg, SSH2_AGENTC_SIGN_REQUEST); - buffer_put_string(&msg, blob, blen); - buffer_put_string(&msg, from, flen); - buffer_put_int(&msg, 0); + } + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 || + (r = sshbuf_put_string(msg, blob, blen)) != 0 || + (r = sshbuf_put_string(msg, from, flen)) != 0 || + (r = sshbuf_put_u32(msg, 0)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); free(blob); - send_msg(&msg); - buffer_clear(&msg); + send_msg(msg); + sshbuf_reset(msg); - if (recv_msg(&msg) == SSH2_AGENT_SIGN_RESPONSE) { - signature = buffer_get_string(&msg, &slen); - if (slen <= (u_int)RSA_size(rsa)) { + if (recv_msg(msg) == SSH2_AGENT_SIGN_RESPONSE) { + if ((r = sshbuf_get_string(msg, &signature, &slen)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (slen <= (size_t)RSA_size(rsa)) { memcpy(to, signature, slen); ret = slen; } free(signature); } - buffer_free(&msg); + sshbuf_free(msg); return (ret); } @@ -185,31 +197,39 @@ pkcs11_start_helper(void) } int -pkcs11_add_provider(char *name, char *pin, Key ***keysp) +pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp) { struct sshkey *k; - int i, nkeys; + int r; u_char *blob; - u_int blen; - Buffer msg; + size_t blen; + u_int nkeys, i; + struct sshbuf *msg; if (fd < 0 && pkcs11_start_helper() < 0) return (-1); - buffer_init(&msg); - buffer_put_char(&msg, SSH_AGENTC_ADD_SMARTCARD_KEY); - buffer_put_cstring(&msg, name); - buffer_put_cstring(&msg, pin); - send_msg(&msg); - buffer_clear(&msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u8(msg, SSH_AGENTC_ADD_SMARTCARD_KEY)) != 0 || + (r = sshbuf_put_cstring(msg, name)) != 0 || + (r = sshbuf_put_cstring(msg, pin)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + send_msg(msg); + sshbuf_reset(msg); - if (recv_msg(&msg) == SSH2_AGENT_IDENTITIES_ANSWER) { - nkeys = buffer_get_int(&msg); - *keysp = xcalloc(nkeys, sizeof(Key *)); + if (recv_msg(msg) == SSH2_AGENT_IDENTITIES_ANSWER) { + if ((r = sshbuf_get_u32(msg, &nkeys)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + *keysp = xcalloc(nkeys, sizeof(struct sshkey *)); for (i = 0; i < nkeys; i++) { - blob = buffer_get_string(&msg, &blen); - free(buffer_get_string(&msg, NULL)); - k = key_from_blob(blob, blen); + /* XXX clean up properly instead of fatal() */ + if ((r = sshbuf_get_string(msg, &blob, &blen)) != 0 || + (r = sshbuf_skip_string(msg)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); + if ((r = sshkey_from_blob(blob, blen, &k)) != 0) + fatal("%s: bad key: %s", __func__, ssh_err(r)); wrap_key(k->rsa); (*keysp)[i] = k; free(blob); @@ -217,26 +237,28 @@ pkcs11_add_provider(char *name, char *pin, Key ***keysp) } else { nkeys = -1; } - buffer_free(&msg); + sshbuf_free(msg); return (nkeys); } int pkcs11_del_provider(char *name) { - int ret = -1; - Buffer msg; + int r, ret = -1; + struct sshbuf *msg; - buffer_init(&msg); - buffer_put_char(&msg, SSH_AGENTC_REMOVE_SMARTCARD_KEY); - buffer_put_cstring(&msg, name); - buffer_put_cstring(&msg, ""); - send_msg(&msg); - buffer_clear(&msg); + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_u8(msg, SSH_AGENTC_REMOVE_SMARTCARD_KEY)) != 0 || + (r = sshbuf_put_cstring(msg, name)) != 0 || + (r = sshbuf_put_cstring(msg, "")) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + send_msg(msg); + sshbuf_reset(msg); - if (recv_msg(&msg) == SSH_AGENT_SUCCESS) + if (recv_msg(msg) == SSH_AGENT_SUCCESS) ret = 0; - buffer_free(&msg); + sshbuf_free(msg); return (ret); } diff --git a/ssh-pkcs11-helper.0 b/ssh-pkcs11-helper.0 index 93e5565b7ae..4d5c9843b89 100644 --- a/ssh-pkcs11-helper.0 +++ b/ssh-pkcs11-helper.0 @@ -22,4 +22,4 @@ HISTORY AUTHORS Markus Friedl -OpenBSD 6.2 July 16, 2013 OpenBSD 6.2 +OpenBSD 6.4 July 16, 2013 OpenBSD 6.4 diff --git a/ssh-rsa.c b/ssh-rsa.c index 49e71c87f64..1756315b920 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-rsa.c,v 1.66 2018/02/14 16:27:24 jsing Exp $ */ +/* $OpenBSD: ssh-rsa.c,v 1.67 2018/07/03 11:39:54 djm Exp $ */ /* * Copyright (c) 2000, 2003 Markus Friedl * @@ -51,11 +51,14 @@ rsa_hash_alg_ident(int hash_alg) return NULL; } +/* + * Returns the hash algorithm ID for a given algorithm identifier as used + * inside the signature blob, + */ static int -rsa_hash_alg_from_ident(const char *ident) +rsa_hash_id_from_ident(const char *ident) { - if (strcmp(ident, "ssh-rsa") == 0 || - strcmp(ident, "ssh-rsa-cert-v01@openssh.com") == 0) + if (strcmp(ident, "ssh-rsa") == 0) return SSH_DIGEST_SHA1; if (strcmp(ident, "rsa-sha2-256") == 0) return SSH_DIGEST_SHA256; @@ -64,6 +67,27 @@ rsa_hash_alg_from_ident(const char *ident) return -1; } +/* + * Return the hash algorithm ID for the specified key name. This includes + * all the cases of rsa_hash_id_from_ident() but also the certificate key + * types. + */ +static int +rsa_hash_id_from_keyname(const char *alg) +{ + int r; + + if ((r = rsa_hash_id_from_ident(alg)) != -1) + return r; + if (strcmp(alg, "ssh-rsa-cert-v01@openssh.com") == 0) + return SSH_DIGEST_SHA1; + if (strcmp(alg, "rsa-sha2-256-cert-v01@openssh.com") == 0) + return SSH_DIGEST_SHA256; + if (strcmp(alg, "rsa-sha2-512-cert-v01@openssh.com") == 0) + return SSH_DIGEST_SHA512; + return -1; +} + static int rsa_hash_alg_nid(int type) { @@ -135,7 +159,7 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, if (alg_ident == NULL || strlen(alg_ident) == 0) hash_alg = SSH_DIGEST_SHA1; else - hash_alg = rsa_hash_alg_from_ident(alg_ident); + hash_alg = rsa_hash_id_from_keyname(alg_ident); if (key == NULL || key->rsa == NULL || hash_alg == -1 || sshkey_type_plain(key->type) != KEY_RSA) return SSH_ERR_INVALID_ARGUMENT; @@ -202,7 +226,7 @@ ssh_rsa_verify(const struct sshkey *key, const char *alg) { char *sigtype = NULL; - int hash_alg, ret = SSH_ERR_INTERNAL_ERROR; + int hash_alg, want_alg, ret = SSH_ERR_INTERNAL_ERROR; size_t len = 0, diff, modlen, dlen; struct sshbuf *b = NULL; u_char digest[SSH_DIGEST_MAX_LENGTH], *osigblob, *sigblob = NULL; @@ -220,18 +244,24 @@ ssh_rsa_verify(const struct sshkey *key, ret = SSH_ERR_INVALID_FORMAT; goto out; } - /* XXX djm: need cert types that reliably yield SHA-2 signatures */ - if (alg != NULL && strcmp(alg, sigtype) != 0 && - strcmp(alg, "ssh-rsa-cert-v01@openssh.com") != 0) { - error("%s: RSA signature type mismatch: " - "expected %s received %s", __func__, alg, sigtype); - ret = SSH_ERR_SIGNATURE_INVALID; - goto out; - } - if ((hash_alg = rsa_hash_alg_from_ident(sigtype)) == -1) { + if ((hash_alg = rsa_hash_id_from_ident(sigtype)) == -1) { ret = SSH_ERR_KEY_TYPE_MISMATCH; goto out; } + /* + * Allow ssh-rsa-cert-v01 certs to generate SHA2 signatures for + * legacy reasons, but otherwise the signature type should match. + */ + if (alg != NULL && strcmp(alg, "ssh-rsa-cert-v01@openssh.com") != 0) { + if ((want_alg = rsa_hash_id_from_keyname(alg)) == -1) { + ret = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if (hash_alg != want_alg) { + ret = SSH_ERR_SIGNATURE_INVALID; + goto out; + } + } if (sshbuf_get_string(b, &sigblob, &len) != 0) { ret = SSH_ERR_INVALID_FORMAT; goto out; diff --git a/ssh.0 b/ssh.0 index 228553c8b37..bab5eef3baa 100644 --- a/ssh.0 +++ b/ssh.0 @@ -269,7 +269,6 @@ DESCRIPTION IdentitiesOnly IdentityAgent IdentityFile - Include IPQoS KbdInteractiveAuthentication KbdInteractiveDevices @@ -298,6 +297,7 @@ DESCRIPTION SendEnv ServerAliveInterval ServerAliveCountMax + SetEnv StreamLocalBindMask StreamLocalBindUnlink StrictHostKeyChecking @@ -305,7 +305,6 @@ DESCRIPTION Tunnel TunnelDevice UpdateHostKeys - UsePrivilegedPort User UserKnownHostsFile VerifyHostKeyDNS @@ -405,9 +404,12 @@ DESCRIPTION The devices may be specified by numerical ID or the keyword M-bM-^@M-^\anyM-bM-^@M-^], which uses the next available tunnel device. If remote_tun is not specified, it defaults to M-bM-^@M-^\anyM-bM-^@M-^]. See also the - Tunnel and TunnelDevice directives in ssh_config(5). If the - Tunnel directive is unset, it is set to the default tunnel mode, - which is M-bM-^@M-^\point-to-pointM-bM-^@M-^]. + Tunnel and TunnelDevice directives in ssh_config(5). + + If the Tunnel directive is unset, it will be set to the default + tunnel mode, which is M-bM-^@M-^\point-to-pointM-bM-^@M-^]. If a different Tunnel + forwarding mode it desired, then it should be specified before + -w. -X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file. @@ -973,4 +975,4 @@ AUTHORS created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 6.2 February 23, 2018 OpenBSD 6.2 +OpenBSD 6.4 July 19, 2018 OpenBSD 6.4 diff --git a/ssh.1 b/ssh.1 index b4078525b32..b20908a5ea9 100644 --- a/ssh.1 +++ b/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.391 2018/02/23 07:38:09 jmc Exp $ -.Dd $Mdocdate: February 23 2018 $ +.\" $OpenBSD: ssh.1,v 1.396 2018/07/19 10:28:47 dtucker Exp $ +.Dd $Mdocdate: July 19 2018 $ .Dt SSH 1 .Os .Sh NAME @@ -499,7 +499,6 @@ For full details of the options listed below, and their possible values, see .It IdentitiesOnly .It IdentityAgent .It IdentityFile -.It Include .It IPQoS .It KbdInteractiveAuthentication .It KbdInteractiveDevices @@ -528,6 +527,7 @@ For full details of the options listed below, and their possible values, see .It SendEnv .It ServerAliveInterval .It ServerAliveCountMax +.It SetEnv .It StreamLocalBindMask .It StreamLocalBindUnlink .It StrictHostKeyChecking @@ -535,7 +535,6 @@ For full details of the options listed below, and their possible values, see .It Tunnel .It TunnelDevice .It UpdateHostKeys -.It UsePrivilegedPort .It User .It UserKnownHostsFile .It VerifyHostKeyDNS @@ -742,10 +741,15 @@ and .Cm TunnelDevice directives in .Xr ssh_config 5 . +.Pp If the .Cm Tunnel -directive is unset, it is set to the default tunnel mode, which is +directive is unset, it will be set to the default tunnel mode, which is .Dq point-to-point . +If a different +.Cm Tunnel +forwarding mode it desired, then it should be specified before +.Fl w . .Pp .It Fl X Enables X11 forwarding. diff --git a/ssh.c b/ssh.c index d3619fe292a..ce628848c6f 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.475 2018/02/23 15:58:38 markus Exp $ */ +/* $OpenBSD: ssh.c,v 1.490 2018/07/27 05:34:42 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -87,9 +87,9 @@ #include "cipher.h" #include "digest.h" #include "packet.h" -#include "buffer.h" +#include "sshbuf.h" #include "channels.h" -#include "key.h" +#include "sshkey.h" #include "authfd.h" #include "authfile.h" #include "pathnames.h" @@ -104,7 +104,6 @@ #include "sshpty.h" #include "match.h" #include "msg.h" -#include "uidswap.h" #include "version.h" #include "ssherr.h" #include "myproposal.h" @@ -178,12 +177,8 @@ struct sockaddr_storage hostaddr; /* Private host keys. */ Sensitive sensitive_data; -/* Original real UID. */ -uid_t original_real_uid; -uid_t original_effective_uid; - /* command to be executed */ -Buffer command; +struct sshbuf *command; /* Should we execute a command or invoke a subsystem? */ int subsystem_flag = 0; @@ -224,7 +219,7 @@ tilde_expand_paths(char **paths, u_int num_paths) char *cp; for (i = 0; i < num_paths; i++) { - cp = tilde_expand_filename(paths[i], original_real_uid); + cp = tilde_expand_filename(paths[i], getuid()); free(paths[i]); paths[i] = cp; } @@ -503,6 +498,30 @@ resolve_canonicalize(char **hostp, int port) return NULL; } +/* + * Check the result of hostkey loading, ignoring some errors and + * fatal()ing for others. + */ +static void +check_load(int r, const char *path, const char *message) +{ + switch (r) { + case 0: + break; + case SSH_ERR_INTERNAL_ERROR: + case SSH_ERR_ALLOC_FAIL: + fatal("load %s \"%s\": %s", message, path, ssh_err(r)); + case SSH_ERR_SYSTEM_ERROR: + /* Ignore missing files */ + if (errno == ENOENT) + break; + /* FALLTHROUGH */ + default: + error("load %s \"%s\": %s", message, path, ssh_err(r)); + break; + } +} + /* * Read per-user configuration file. Ignore the system wide config * file if the user specifies a config file on the command line. @@ -597,35 +616,10 @@ main(int ac, char **av) */ closefrom(STDERR_FILENO + 1); - /* - * Save the original real uid. It will be needed later (uid-swapping - * may clobber the real uid). - */ - original_real_uid = getuid(); - original_effective_uid = geteuid(); - - /* - * Use uid-swapping to give up root privileges for the duration of - * option processing. We will re-instantiate the rights when we are - * ready to create the privileged port, and will permanently drop - * them when the port has been created (actually, when the connection - * has been made, as we may need to create the port several times). - */ - PRIV_END; - -#ifdef HAVE_SETRLIMIT - /* If we are installed setuid root be careful to not drop core. */ - if (original_real_uid != original_effective_uid) { - struct rlimit rlim; - rlim.rlim_cur = rlim.rlim_max = 0; - if (setrlimit(RLIMIT_CORE, &rlim) < 0) - fatal("setrlimit failed: %.100s", strerror(errno)); - } -#endif /* Get user data. */ - pw = getpwuid(original_real_uid); + pw = getpwuid(getuid()); if (!pw) { - logit("No user exists for uid %lu", (u_long)original_real_uid); + logit("No user exists for uid %lu", (u_long)getuid()); exit(255); } /* Take a copy of the returned structure. */ @@ -728,7 +722,6 @@ main(int ac, char **av) fatal("Invalid multiplex command."); break; case 'P': /* deprecated */ - options.use_privileged_port = 0; break; case 'Q': cp = NULL; @@ -769,7 +762,7 @@ main(int ac, char **av) options.gss_deleg_creds = 1; break; case 'i': - p = tilde_expand_filename(optarg, original_real_uid); + p = tilde_expand_filename(optarg, getuid()); if (stat(p, &st) < 0) fprintf(stderr, "Warning: Identity file %s " "not accessible: %s.\n", p, @@ -1042,7 +1035,8 @@ main(int ac, char **av) #endif /* Initialize the command to execute on remote host. */ - buffer_init(&command); + if ((command = sshbuf_new()) == NULL) + fatal("sshbuf_new failed"); /* * Save the command to execute on the remote host in a buffer. There @@ -1059,9 +1053,10 @@ main(int ac, char **av) } else { /* A command has been specified. Store it into the buffer. */ for (i = 0; i < ac; i++) { - if (i) - buffer_append(&command, " ", 1); - buffer_append(&command, av[i], strlen(av[i])); + if ((r = sshbuf_putf(command, "%s%s", + i ? " " : "", av[i])) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); } } @@ -1171,6 +1166,14 @@ main(int ac, char **av) */ if (options.jump_host != NULL) { char port_s[8]; + const char *sshbin = argv0; + + /* + * Try to use SSH indicated by argv[0], but fall back to + * "ssh" if it appears unavailable. + */ + if (strchr(argv0, '/') != NULL && access(argv0, X_OK) != 0) + sshbin = "ssh"; /* Consistency check */ if (options.proxy_command != NULL) @@ -1179,7 +1182,8 @@ main(int ac, char **av) options.proxy_use_fdpass = 0; snprintf(port_s, sizeof(port_s), "%d", options.jump_port); xasprintf(&options.proxy_command, - "ssh%s%s%s%s%s%s%s%s%s%.*s -W '[%%h]:%%p' %s", + "%s%s%s%s%s%s%s%s%s%s%.*s -W '[%%h]:%%p' %s", + sshbin, /* Optional "-l user" argument if jump_user set */ options.jump_user == NULL ? "" : " -l ", options.jump_user == NULL ? "" : options.jump_user, @@ -1220,16 +1224,12 @@ main(int ac, char **av) } if (options.connection_attempts <= 0) fatal("Invalid number of ConnectionAttempts"); -#ifndef HAVE_CYGWIN - if (original_effective_uid != 0) - options.use_privileged_port = 0; -#endif - if (buffer_len(&command) != 0 && options.remote_command != NULL) + if (sshbuf_len(command) != 0 && options.remote_command != NULL) fatal("Cannot execute command-line and remote command."); /* Cannot fork to background if no command. */ - if (fork_after_authentication_flag && buffer_len(&command) == 0 && + if (fork_after_authentication_flag && sshbuf_len(command) == 0 && options.remote_command == NULL && !no_shell_flag) fatal("Cannot fork into background without a command " "to execute."); @@ -1242,7 +1242,7 @@ main(int ac, char **av) tty_flag = 1; /* Allocate a tty by default if no command specified. */ - if (buffer_len(&command) == 0 && options.remote_command == NULL) + if (sshbuf_len(command) == 0 && options.remote_command == NULL) tty_flag = options.request_tty != REQUEST_TTY_NO; /* Force no tty */ @@ -1269,7 +1269,8 @@ main(int ac, char **av) strlcpy(shorthost, thishost, sizeof(shorthost)); shorthost[strcspn(thishost, ".")] = '\0'; snprintf(portstr, sizeof(portstr), "%d", options.port); - snprintf(uidstr, sizeof(uidstr), "%d", pw->pw_uid); + snprintf(uidstr, sizeof(uidstr), "%llu", + (unsigned long long)pw->pw_uid); if ((md = ssh_digest_start(SSH_DIGEST_SHA1)) == NULL || ssh_digest_update(md, thishost, strlen(thishost)) < 0 || @@ -1294,6 +1295,7 @@ main(int ac, char **av) "L", shorthost, "d", pw->pw_dir, "h", host, + "i", uidstr, "l", thishost, "n", host_arg, "p", portstr, @@ -1302,18 +1304,19 @@ main(int ac, char **av) (char *)NULL); debug3("expanded RemoteCommand: %s", options.remote_command); free(cp); - buffer_append(&command, options.remote_command, - strlen(options.remote_command)); + if ((r = sshbuf_put(command, options.remote_command, + strlen(options.remote_command))) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } if (options.control_path != NULL) { - cp = tilde_expand_filename(options.control_path, - original_real_uid); + cp = tilde_expand_filename(options.control_path, getuid()); free(options.control_path); options.control_path = percent_expand(cp, "C", conn_hash_hex, "L", shorthost, "h", host, + "i", uidstr, "l", thishost, "n", host_arg, "p", portstr, @@ -1323,7 +1326,6 @@ main(int ac, char **av) (char *)NULL); free(cp); } - free(conn_hash_hex); if (config_test) { dump_client_config(&options, host); @@ -1357,8 +1359,7 @@ main(int ac, char **av) /* Open a connection to the remote host. */ if (ssh_connect(ssh, host, addrs, &hostaddr, options.port, options.address_family, options.connection_attempts, - &timeout_ms, options.tcp_keep_alive, - options.use_privileged_port) != 0) + &timeout_ms, options.tcp_keep_alive) != 0) exit(255); if (addrs != NULL) @@ -1373,100 +1374,45 @@ main(int ac, char **av) debug3("timeout: %d ms remain after connect", timeout_ms); /* - * If we successfully made the connection, load the host private key - * in case we will need it later for combined rsa-rhosts - * authentication. This must be done before releasing extra - * privileges, because the file is only readable by root. - * If we cannot access the private keys, load the public keys - * instead and try to execute the ssh-keysign helper instead. + * If we successfully made the connection and we have hostbased auth + * enabled, load the public keys so we can later use the ssh-keysign + * helper to sign challenges. */ sensitive_data.nkeys = 0; sensitive_data.keys = NULL; - sensitive_data.external_keysign = 0; if (options.hostbased_authentication) { - sensitive_data.nkeys = 11; + sensitive_data.nkeys = 10; sensitive_data.keys = xcalloc(sensitive_data.nkeys, - sizeof(struct sshkey)); /* XXX */ - for (i = 0; i < sensitive_data.nkeys; i++) - sensitive_data.keys[i] = NULL; - - PRIV_START; -#ifdef OPENSSL_HAS_ECC - sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA, - _PATH_HOST_ECDSA_KEY_FILE, "", NULL); -#endif - sensitive_data.keys[2] = key_load_private_cert(KEY_ED25519, - _PATH_HOST_ED25519_KEY_FILE, "", NULL); - sensitive_data.keys[3] = key_load_private_cert(KEY_RSA, - _PATH_HOST_RSA_KEY_FILE, "", NULL); - sensitive_data.keys[4] = key_load_private_cert(KEY_DSA, - _PATH_HOST_DSA_KEY_FILE, "", NULL); -#ifdef OPENSSL_HAS_ECC - sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA, - _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL); -#endif - sensitive_data.keys[6] = key_load_private_type(KEY_ED25519, - _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL); - sensitive_data.keys[7] = key_load_private_type(KEY_RSA, - _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); - sensitive_data.keys[8] = key_load_private_type(KEY_DSA, - _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); - sensitive_data.keys[9] = key_load_private_cert(KEY_XMSS, - _PATH_HOST_XMSS_KEY_FILE, "", NULL); - sensitive_data.keys[10] = key_load_private_type(KEY_XMSS, - _PATH_HOST_XMSS_KEY_FILE, "", NULL, NULL); - PRIV_END; - - if (options.hostbased_authentication == 1 && - sensitive_data.keys[0] == NULL && - sensitive_data.keys[5] == NULL && - sensitive_data.keys[6] == NULL && - sensitive_data.keys[7] == NULL && - sensitive_data.keys[8] == NULL && - sensitive_data.keys[9] == NULL) { -#ifdef OPENSSL_HAS_ECC - sensitive_data.keys[1] = key_load_cert( - _PATH_HOST_ECDSA_KEY_FILE); -#endif - sensitive_data.keys[2] = key_load_cert( - _PATH_HOST_ED25519_KEY_FILE); - sensitive_data.keys[3] = key_load_cert( - _PATH_HOST_RSA_KEY_FILE); - sensitive_data.keys[4] = key_load_cert( - _PATH_HOST_DSA_KEY_FILE); -#ifdef OPENSSL_HAS_ECC - sensitive_data.keys[5] = key_load_public( - _PATH_HOST_ECDSA_KEY_FILE, NULL); -#endif - sensitive_data.keys[6] = key_load_public( - _PATH_HOST_ED25519_KEY_FILE, NULL); - sensitive_data.keys[7] = key_load_public( - _PATH_HOST_RSA_KEY_FILE, NULL); - sensitive_data.keys[8] = key_load_public( - _PATH_HOST_DSA_KEY_FILE, NULL); - sensitive_data.keys[9] = key_load_cert( - _PATH_HOST_XMSS_KEY_FILE); - sensitive_data.keys[10] = key_load_public( - _PATH_HOST_XMSS_KEY_FILE, NULL); - sensitive_data.external_keysign = 1; + sizeof(struct sshkey)); + + /* XXX check errors? */ +#define L_PUBKEY(p,o) do { \ + if ((o) >= sensitive_data.nkeys) \ + fatal("%s pubkey out of array bounds", __func__); \ + check_load(sshkey_load_public(p, &(sensitive_data.keys[o]), NULL), \ + p, "pubkey"); \ +} while (0) +#define L_CERT(p,o) do { \ + if ((o) >= sensitive_data.nkeys) \ + fatal("%s cert out of array bounds", __func__); \ + check_load(sshkey_load_cert(p, &(sensitive_data.keys[o])), p, "cert"); \ +} while (0) + + if (options.hostbased_authentication == 1) { + L_CERT(_PATH_HOST_ECDSA_KEY_FILE, 0); + L_CERT(_PATH_HOST_ED25519_KEY_FILE, 1); + L_CERT(_PATH_HOST_RSA_KEY_FILE, 2); + L_CERT(_PATH_HOST_DSA_KEY_FILE, 3); + L_PUBKEY(_PATH_HOST_ECDSA_KEY_FILE, 4); + L_PUBKEY(_PATH_HOST_ED25519_KEY_FILE, 5); + L_PUBKEY(_PATH_HOST_RSA_KEY_FILE, 6); + L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 7); + L_CERT(_PATH_HOST_XMSS_KEY_FILE, 8); + L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 9); } } - /* - * Get rid of any extra privileges that we may have. We will no - * longer need them. Also, extra privileges could make it very hard - * to read identity files and other non-world-readable files from the - * user's home directory if it happens to be on a NFS volume where - * root is mapped to nobody. - */ - if (original_effective_uid == 0) { - PRIV_START; - permanently_set_uid(pw); - } - /* - * Now that we are back to our own permissions, create ~/.ssh - * directory if it doesn't already exist. - */ + /* Create ~/.ssh * directory if it doesn't already exist. */ if (config == NULL) { r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); @@ -1485,17 +1431,22 @@ main(int ac, char **av) /* load options.identity_files */ load_public_identity_files(pw); - /* optionally set the SSH_AUTHSOCKET_ENV_NAME varibale */ + /* optionally set the SSH_AUTHSOCKET_ENV_NAME variable */ if (options.identity_agent && strcmp(options.identity_agent, SSH_AUTHSOCKET_ENV_NAME) != 0) { if (strcmp(options.identity_agent, "none") == 0) { unsetenv(SSH_AUTHSOCKET_ENV_NAME); } else { p = tilde_expand_filename(options.identity_agent, - original_real_uid); - cp = percent_expand(p, "d", pw->pw_dir, - "u", pw->pw_name, "l", thishost, "h", host, - "r", options.user, (char *)NULL); + getuid()); + cp = percent_expand(p, + "d", pw->pw_dir, + "h", host, + "i", uidstr, + "l", thishost, + "r", options.user, + "u", pw->pw_name, + (char *)NULL); setenv(SSH_AUTHSOCKET_ENV_NAME, cp, 1); free(cp); free(p); @@ -1527,7 +1478,7 @@ main(int ac, char **av) if (sensitive_data.keys[i] != NULL) { /* Destroys contents safely */ debug3("clear hostkey %d", i); - key_free(sensitive_data.keys[i]); + sshkey_free(sensitive_data.keys[i]); sensitive_data.keys[i] = NULL; } } @@ -1537,7 +1488,7 @@ main(int ac, char **av) free(options.identity_files[i]); options.identity_files[i] = NULL; if (options.identity_keys[i]) { - key_free(options.identity_keys[i]); + sshkey_free(options.identity_keys[i]); options.identity_keys[i] = NULL; } } @@ -1638,10 +1589,10 @@ ssh_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt) logit("Allocated port %u for remote forward to %s:%d", rfwd->allocated_port, rfwd->connect_host, rfwd->connect_port); - channel_update_permitted_opens(ssh, + channel_update_permission(ssh, rfwd->handle, rfwd->allocated_port); } else { - channel_update_permitted_opens(ssh, rfwd->handle, -1); + channel_update_permission(ssh, rfwd->handle, -1); } } @@ -1830,7 +1781,7 @@ ssh_session2_setup(struct ssh *ssh, int id, int success, void *arg) options.ip_qos_interactive, options.ip_qos_bulk); client_session2_setup(ssh, id, tty_flag, subsystem_flag, getenv("TERM"), - NULL, fileno(stdin), &command, environ); + NULL, fileno(stdin), command, environ); } /* open new channel for a session */ @@ -1900,6 +1851,7 @@ ssh_session2(struct ssh *ssh, struct passwd *pw) "L", shorthost, "d", pw->pw_dir, "h", host, + "i", uidstr, "l", thishost, "n", host_arg, "p", portstr, @@ -2009,8 +1961,10 @@ load_public_identity_files(struct passwd *pw) u_int n_ids, n_certs; char *identity_files[SSH_MAX_IDENTITY_FILES]; struct sshkey *identity_keys[SSH_MAX_IDENTITY_FILES]; + int identity_file_userprovided[SSH_MAX_IDENTITY_FILES]; char *certificate_files[SSH_MAX_CERTIFICATE_FILES]; struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES]; + int certificate_file_userprovided[SSH_MAX_CERTIFICATE_FILES]; #ifdef ENABLE_PKCS11 struct sshkey **keys; int nkeys; @@ -2019,8 +1973,12 @@ load_public_identity_files(struct passwd *pw) n_ids = n_certs = 0; memset(identity_files, 0, sizeof(identity_files)); memset(identity_keys, 0, sizeof(identity_keys)); + memset(identity_file_userprovided, 0, + sizeof(identity_file_userprovided)); memset(certificate_files, 0, sizeof(certificate_files)); memset(certificates, 0, sizeof(certificates)); + memset(certificate_file_userprovided, 0, + sizeof(certificate_file_userprovided)); #ifdef ENABLE_PKCS11 if (options.pkcs11_provider != NULL && @@ -2030,7 +1988,7 @@ load_public_identity_files(struct passwd *pw) &keys)) > 0) { for (i = 0; i < nkeys; i++) { if (n_ids >= SSH_MAX_IDENTITY_FILES) { - key_free(keys[i]); + sshkey_free(keys[i]); continue; } identity_keys[n_ids] = keys[i]; @@ -2041,8 +1999,6 @@ load_public_identity_files(struct passwd *pw) free(keys); } #endif /* ENABLE_PKCS11 */ - if ((pw = getpwuid(original_real_uid)) == NULL) - fatal("load_public_identity_files: getpwuid failed"); for (i = 0; i < options.num_identity_files; i++) { if (n_ids >= SSH_MAX_IDENTITY_FILES || strcasecmp(options.identity_files[i], "none") == 0) { @@ -2050,19 +2006,20 @@ load_public_identity_files(struct passwd *pw) options.identity_files[i] = NULL; continue; } - cp = tilde_expand_filename(options.identity_files[i], - original_real_uid); + cp = tilde_expand_filename(options.identity_files[i], getuid()); filename = percent_expand(cp, "d", pw->pw_dir, "u", pw->pw_name, "l", thishost, "h", host, "r", options.user, (char *)NULL); free(cp); - public = key_load_public(filename, NULL); + check_load(sshkey_load_public(filename, &public, NULL), + filename, "pubkey"); debug("identity file %s type %d", filename, public ? public->type : -1); free(options.identity_files[i]); identity_files[n_ids] = filename; identity_keys[n_ids] = public; - + identity_file_userprovided[n_ids] = + options.identity_file_userprovided[i]; if (++n_ids >= SSH_MAX_IDENTITY_FILES) continue; @@ -2073,23 +2030,26 @@ load_public_identity_files(struct passwd *pw) if (options.num_certificate_files != 0) continue; xasprintf(&cp, "%s-cert", filename); - public = key_load_public(cp, NULL); + check_load(sshkey_load_public(cp, &public, NULL), + filename, "pubkey"); debug("identity file %s type %d", cp, public ? public->type : -1); if (public == NULL) { free(cp); continue; } - if (!key_is_cert(public)) { + if (!sshkey_is_cert(public)) { debug("%s: key %s type %s is not a certificate", - __func__, cp, key_type(public)); - key_free(public); + __func__, cp, sshkey_type(public)); + sshkey_free(public); free(cp); continue; } /* NB. leave filename pointing to private key */ identity_files[n_ids] = xstrdup(filename); identity_keys[n_ids] = public; + identity_file_userprovided[n_ids] = + options.identity_file_userprovided[i]; n_ids++; } @@ -2097,13 +2057,19 @@ load_public_identity_files(struct passwd *pw) fatal("%s: too many certificates", __func__); for (i = 0; i < options.num_certificate_files; i++) { cp = tilde_expand_filename(options.certificate_files[i], - original_real_uid); - filename = percent_expand(cp, "d", pw->pw_dir, - "u", pw->pw_name, "l", thishost, "h", host, - "r", options.user, (char *)NULL); + getuid()); + filename = percent_expand(cp, + "d", pw->pw_dir, + "h", host, + "i", uidstr, + "l", thishost, + "r", options.user, + "u", pw->pw_name, + (char *)NULL); free(cp); - public = key_load_public(filename, NULL); + check_load(sshkey_load_public(filename, &public, NULL), + filename, "certificate"); debug("certificate file %s type %d", filename, public ? public->type : -1); free(options.certificate_files[i]); @@ -2112,26 +2078,33 @@ load_public_identity_files(struct passwd *pw) free(filename); continue; } - if (!key_is_cert(public)) { + if (!sshkey_is_cert(public)) { debug("%s: key %s type %s is not a certificate", - __func__, filename, key_type(public)); - key_free(public); + __func__, filename, sshkey_type(public)); + sshkey_free(public); free(filename); continue; } certificate_files[n_certs] = filename; certificates[n_certs] = public; + certificate_file_userprovided[n_certs] = + options.certificate_file_userprovided[i]; ++n_certs; } options.num_identity_files = n_ids; memcpy(options.identity_files, identity_files, sizeof(identity_files)); memcpy(options.identity_keys, identity_keys, sizeof(identity_keys)); + memcpy(options.identity_file_userprovided, + identity_file_userprovided, sizeof(identity_file_userprovided)); options.num_certificate_files = n_certs; memcpy(options.certificate_files, certificate_files, sizeof(certificate_files)); memcpy(options.certificates, certificates, sizeof(certificates)); + memcpy(options.certificate_file_userprovided, + certificate_file_userprovided, + sizeof(certificate_file_userprovided)); } static void diff --git a/ssh.h b/ssh.h index 12d80092250..5abfd7a688f 100644 --- a/ssh.h +++ b/ssh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.h,v 1.87 2017/05/07 23:15:59 djm Exp $ */ +/* $OpenBSD: ssh.h,v 1.88 2018/06/06 18:29:18 markus Exp $ */ /* * Author: Tatu Ylonen @@ -30,13 +30,6 @@ */ #define SSH_MAX_IDENTITY_FILES 100 -/* - * Maximum length of lines in authorized_keys file. - * Current value permits 16kbit RSA keys and 8kbit DSA keys, with - * some room for options and comments. - */ -#define SSH_MAX_PUBKEY_BYTES 16384 - /* * Major protocol version. Different version indicates major incompatibility * that prevents communication. diff --git a/ssh_api.h b/ssh_api.h index 642acd5b2eb..584f896a78c 100644 --- a/ssh_api.h +++ b/ssh_api.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh_api.h,v 1.1 2015/01/19 20:30:23 markus Exp $ */ +/* $OpenBSD: ssh_api.h,v 1.2 2018/04/10 00:10:49 djm Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. * @@ -81,7 +81,7 @@ int ssh_set_verify_host_key_callback(struct ssh *ssh, * ssh_packet_next() sets typep if there is no new packet available. * in this case the caller must fill the input byte-stream by passing * the data received over network to ssh_input_append(). - * additinally, the caller needs to send the resulting output + * additionally, the caller needs to send the resulting output * byte-stream back over the network. otherwise the key exchange * would not proceed. the output byte-stream is accessed through * ssh_output_ptr(). diff --git a/ssh_config.0 b/ssh_config.0 index 4109b190903..00afda1cad9 100644 --- a/ssh_config.0 +++ b/ssh_config.0 @@ -109,13 +109,11 @@ DESCRIPTION BindAddress Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than - one address. Note that this option does not work if - UsePrivilegedPort is set to yes. + one address. BindInterface Use the address of the specified interface on the local machine - as the source address of the connection. Note that this option - does not work if UsePrivilegedPort is set to yes. + as the source address of the connection. CanonicalDomains When CanonicalizeHostname is enabled, this option specifies the @@ -216,8 +214,7 @@ DESCRIPTION chacha20-poly1305@openssh.com, aes128-ctr,aes192-ctr,aes256-ctr, - aes128-gcm@openssh.com,aes256-gcm@openssh.com, - aes128-cbc,aes192-cbc,aes256-cbc + aes128-gcm@openssh.com,aes256-gcm@openssh.com The list of available ciphers may also be obtained using "ssh -Q cipher". @@ -429,11 +426,11 @@ DESCRIPTION HostbasedKeyTypes Specifies the key types that will be used for hostbased - authentication as a comma-separated pattern list. Alternately if - the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the - specified key types will be appended to the default set instead - of replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y - character, then the specified key types (including wildcards) + authentication as a comma-separated list of patterns. + Alternately if the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, + then the specified key types will be appended to the default set + instead of replacing them. If the specified value begins with a + M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards) will be removed from the default set instead of replacing them. The default for this option is: @@ -441,9 +438,10 @@ DESCRIPTION ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, + rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, - ssh-ed25519,ssh-rsa + ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa The -Q option of ssh(1) may be used to list supported key types. @@ -460,9 +458,10 @@ DESCRIPTION ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, + rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, - ssh-ed25519,ssh-rsa + ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa If hostkeys are known for the destination host then this default is modified to prefer their algorithms. @@ -544,7 +543,7 @@ DESCRIPTION Include Include the specified configuration file(s). Multiple pathnames - may be specified and each pathname may contain glob(3) wildcards + may be specified and each pathname may contain glob(7) wildcards and, for user configurations, shell-like M-bM-^@M-^X~M-bM-^@M-^Y references to user home directories. Files without absolute paths are assumed to be in ~/.ssh if included in a user configuration file or /etc/ssh if @@ -561,8 +560,8 @@ DESCRIPTION is specified, it is used as the packet class unconditionally. If two values are specified, the first is automatically selected for interactive sessions and the second for non-interactive sessions. - The default is lowdelay for interactive sessions and throughput - for non-interactive sessions. + The default is af21 (Low-Latency Data) for interactive sessions + and cs1 (Lower Effort) for non-interactive sessions. KbdInteractiveAuthentication Specifies whether to use keyboard-interactive authentication. @@ -573,8 +572,7 @@ DESCRIPTION authentication. Multiple method names must be comma-separated. The default is to use the server specified list. The methods available vary depending on what the server supports. For an - OpenSSH server, it may be zero or more of: bsdauth, pam, and - skey. + OpenSSH server, it may be zero or more of: bsdauth and pam. KexAlgorithms Specifies the available KEX (Key Exchange) algorithms. Multiple @@ -735,11 +733,11 @@ DESCRIPTION PubkeyAcceptedKeyTypes Specifies the key types that will be used for public key - authentication as a comma-separated pattern list. Alternately if - the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the key - types after it will be appended to the default instead of - replacing it. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y - character, then the specified key types (including wildcards) + authentication as a comma-separated list of patterns. + Alternately if the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, + then the key types after it will be appended to the default + instead of replacing it. If the specified value begins with a + M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards) will be removed from the default set instead of replacing them. The default for this option is: @@ -747,9 +745,10 @@ DESCRIPTION ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, + rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, - ssh-ed25519,ssh-rsa + ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa The list of available key types may also be obtained using "ssh -Q key". @@ -781,7 +780,7 @@ DESCRIPTION RemoteForward Specifies that a TCP port on the remote machine be forwarded over - the secure channel. The remote port may either be fowarded to a + the secure channel. The remote port may either be forwarded to a specified host and port from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote client to connect to arbitrary destinations from the local machine. The first @@ -832,11 +831,14 @@ DESCRIPTION server. Variables are specified by name, which may contain wildcard characters. Multiple environment variables may be separated by whitespace or spread across multiple SendEnv - directives. The default is not to send any environment - variables. + directives. See PATTERNS for more information on patterns. + It is possible to clear previously set SendEnv variable names by + prefixing patterns with -. The default is not to send any + environment variables. + ServerAliveCountMax Sets the number of server alive messages (see below) which may be sent without ssh(1) receiving any messages back from the server. @@ -862,6 +864,10 @@ DESCRIPTION default is 0, indicating that these messages will not be sent to the server. + SetEnv Directly specify one or more environment variables and their + contents to be sent to the server. Similarly to SendEnv, the + server must be prepared to accept the environment variable. + StreamLocalBindMask Sets the octal file creation mode mask (umask) used when creating a Unix-domain socket file for local or remote port forwarding. @@ -956,11 +962,6 @@ DESCRIPTION "hostkeys@openssh.com" protocol extension used to inform the client of all the server's hostkeys. - UsePrivilegedPort - Specifies whether to use a privileged port for outgoing - connections. The argument must be yes or no (the default). If - set to yes, ssh(1) must be setuid root. - User Specifies the user to log in as. This can be useful when a different user name is used on different machines. This saves the trouble of having to remember to give the user name on the @@ -1046,24 +1047,25 @@ TOKENS tunnel forwarding was requested, or "NONE" otherwise. %u The local username. - Match exec accepts the tokens %%, %h, %L, %l, %n, %p, %r, and %u. + Match exec accepts the tokens %%, %h, %i, %L, %l, %n, %p, %r, and %u. - CertificateFile accepts the tokens %%, %d, %h, %l, %r, and %u. + CertificateFile accepts the tokens %%, %d, %h, %i, %l, %r, and %u. ControlPath accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and %u. HostName accepts the tokens %% and %h. - IdentityAgent and IdentityFile accept the tokens %%, %d, %h, %l, %r, and - %u. + IdentityAgent and IdentityFile accept the tokens %%, %d, %h, %i, %l, %r, + and %u. - LocalCommand accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, %T, and - %u. + LocalCommand accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, %T, + and %u. ProxyCommand accepts the tokens %%, %h, %p, and %r. - RemoteCommand accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u. + RemoteCommand accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, and + %u. FILES ~/.ssh/config @@ -1089,4 +1091,4 @@ AUTHORS created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 6.2 February 23, 2018 OpenBSD 6.2 +OpenBSD 6.4 July 23, 2018 OpenBSD 6.4 diff --git a/ssh_config.5 b/ssh_config.5 index 71705cabdda..f499396a374 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.268 2018/02/23 07:38:09 jmc Exp $ -.Dd $Mdocdate: February 23 2018 $ +.\" $OpenBSD: ssh_config.5,v 1.281 2018/07/23 19:02:49 kn Exp $ +.Dd $Mdocdate: July 23 2018 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -258,17 +258,9 @@ or Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address. -Note that this option does not work if -.Cm UsePrivilegedPort -is set to -.Cm yes . .It Cm BindInterface Use the address of the specified interface on the local machine as the source address of the connection. -Note that this option does not work if -.Cm UsePrivilegedPort -is set to -.Cm yes . .It Cm CanonicalDomains When .Cm CanonicalizeHostname @@ -425,8 +417,7 @@ The default is: .Bd -literal -offset indent chacha20-poly1305@openssh.com, aes128-ctr,aes192-ctr,aes256-ctr, -aes128-gcm@openssh.com,aes256-gcm@openssh.com, -aes128-cbc,aes192-cbc,aes256-cbc +aes128-gcm@openssh.com,aes256-gcm@openssh.com .Ed .Pp The list of available ciphers may also be obtained using @@ -758,7 +749,7 @@ or (the default). .It Cm HostbasedKeyTypes Specifies the key types that will be used for hostbased authentication -as a comma-separated pattern list. +as a comma-separated list of patterns. Alternately if the specified value begins with a .Sq + character, then the specified key types will be appended to the default set @@ -773,9 +764,10 @@ ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, +rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,ssh-rsa +ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The @@ -800,9 +792,10 @@ ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, +rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,ssh-rsa +ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp If hostkeys are known for the destination host then this default is modified @@ -933,7 +926,7 @@ to unknown options that appear before it. .It Cm Include Include the specified configuration file(s). Multiple pathnames may be specified and each pathname may contain -.Xr glob 3 +.Xr glob 7 wildcards and, for user configurations, shell-like .Sq ~ references to user home directories. @@ -984,9 +977,11 @@ If one argument is specified, it is used as the packet class unconditionally. If two values are specified, the first is automatically selected for interactive sessions and the second for non-interactive sessions. The default is -.Cm lowdelay +.Cm af21 +(Low-Latency Data) for interactive sessions and -.Cm throughput +.Cm cs1 +(Lower Effort) for non-interactive sessions. .It Cm KbdInteractiveAuthentication Specifies whether to use keyboard-interactive authentication. @@ -1002,10 +997,9 @@ The default is to use the server specified list. The methods available vary depending on what the server supports. For an OpenSSH server, it may be zero or more of: -.Cm bsdauth , -.Cm pam , +.Cm bsdauth and -.Cm skey . +.Cm pam . .It Cm KexAlgorithms Specifies the available KEX (Key Exchange) algorithms. Multiple algorithms must be comma-separated. @@ -1239,7 +1233,7 @@ The default is .Cm no . .It Cm PubkeyAcceptedKeyTypes Specifies the key types that will be used for public key authentication -as a comma-separated pattern list. +as a comma-separated list of patterns. Alternately if the specified value begins with a .Sq + character, then the key types after it will be appended to the default @@ -1254,9 +1248,10 @@ ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, +rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,ssh-rsa +ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The list of available key types may also be obtained using @@ -1307,7 +1302,7 @@ section. .It Cm RemoteForward Specifies that a TCP port on the remote machine be forwarded over the secure channel. -The remote port may either be fowarded to a specified host and port +The remote port may either be forwarded to a specified host and port from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote client to connect to arbitrary destinations from the local machine. The first argument must be @@ -1393,11 +1388,16 @@ Multiple environment variables may be separated by whitespace or spread across multiple .Cm SendEnv directives. -The default is not to send any environment variables. .Pp See .Sx PATTERNS for more information on patterns. +.Pp +It is possible to clear previously set +.Cm SendEnv +variable names by prefixing patterns with +.Pa - . +The default is not to send any environment variables. .It Cm ServerAliveCountMax Sets the number of server alive messages (see below) which may be sent without @@ -1432,6 +1432,12 @@ will send a message through the encrypted channel to request a response from the server. The default is 0, indicating that these messages will not be sent to the server. +.It Cm SetEnv +Directly specify one or more environment variables and their contents to +be sent to the server. +Similarly to +.Cm SendEnv , +the server must be prepared to accept the environment variable. .It Cm StreamLocalBindMask Sets the octal file creation mode mask .Pq umask @@ -1588,17 +1594,6 @@ Presently, only from OpenSSH 6.8 and greater support the .Qq hostkeys@openssh.com protocol extension used to inform the client of all the server's hostkeys. -.It Cm UsePrivilegedPort -Specifies whether to use a privileged port for outgoing connections. -The argument must be -.Cm yes -or -.Cm no -(the default). -If set to -.Cm yes , -.Xr ssh 1 -must be setuid root. .It Cm User Specifies the user to log in as. This can be useful when a different user name is used on different machines. @@ -1737,10 +1732,10 @@ The local username. .El .Pp .Cm Match exec -accepts the tokens %%, %h, %L, %l, %n, %p, %r, and %u. +accepts the tokens %%, %h, %i, %L, %l, %n, %p, %r, and %u. .Pp .Cm CertificateFile -accepts the tokens %%, %d, %h, %l, %r, and %u. +accepts the tokens %%, %d, %h, %i, %l, %r, and %u. .Pp .Cm ControlPath accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and %u. @@ -1751,16 +1746,16 @@ accepts the tokens %% and %h. .Cm IdentityAgent and .Cm IdentityFile -accept the tokens %%, %d, %h, %l, %r, and %u. +accept the tokens %%, %d, %h, %i, %l, %r, and %u. .Pp .Cm LocalCommand -accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, %T, and %u. +accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, %T, and %u. .Pp .Cm ProxyCommand accepts the tokens %%, %h, %p, and %r. .Pp .Cm RemoteCommand -accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u. +accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, and %u. .Sh FILES .Bl -tag -width Ds .It Pa ~/.ssh/config diff --git a/sshbuf.c b/sshbuf.c index de783a3638f..20ddf9eb627 100644 --- a/sshbuf.c +++ b/sshbuf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf.c,v 1.11 2017/06/01 06:58:25 djm Exp $ */ +/* $OpenBSD: sshbuf.c,v 1.12 2018/07/09 21:56:06 markus Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -36,7 +36,6 @@ sshbuf_check_sanity(const struct sshbuf *buf) (!buf->readonly && buf->d != buf->cd) || buf->refcount < 1 || buf->refcount > SSHBUF_REFS_MAX || buf->cd == NULL || - (buf->dont_free && (buf->readonly || buf->parent != NULL)) || buf->max_size > SSHBUF_SIZE_MAX || buf->alloc > buf->max_size || buf->size > buf->alloc || @@ -131,24 +130,9 @@ sshbuf_fromb(struct sshbuf *buf) return ret; } -void -sshbuf_init(struct sshbuf *ret) -{ - explicit_bzero(ret, sizeof(*ret)); - ret->alloc = SSHBUF_SIZE_INIT; - ret->max_size = SSHBUF_SIZE_MAX; - ret->readonly = 0; - ret->dont_free = 1; - ret->refcount = 1; - if ((ret->cd = ret->d = calloc(1, ret->alloc)) == NULL) - ret->alloc = 0; -} - void sshbuf_free(struct sshbuf *buf) { - int dont_free = 0; - if (buf == NULL) return; /* @@ -173,14 +157,12 @@ sshbuf_free(struct sshbuf *buf) buf->refcount--; if (buf->refcount > 0) return; - dont_free = buf->dont_free; if (!buf->readonly) { explicit_bzero(buf->d, buf->alloc); free(buf->d); } explicit_bzero(buf, sizeof(*buf)); - if (!dont_free) - free(buf); + free(buf); } void diff --git a/sshbuf.h b/sshbuf.h index 77f1e9e6d09..a43598cac4d 100644 --- a/sshbuf.h +++ b/sshbuf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf.h,v 1.9 2017/09/12 06:32:07 djm Exp $ */ +/* $OpenBSD: sshbuf.h,v 1.11 2018/07/09 21:56:06 markus Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -50,15 +50,6 @@ struct sshbuf { struct sshbuf *parent; /* If child, pointer to parent */ }; -#ifndef SSHBUF_NO_DEPREACTED -/* - * NB. Please do not use sshbuf_init() in new code. Please use sshbuf_new() - * instead. sshbuf_init() is deprectated and will go away soon (it is - * only included to allow compat with buffer_* in OpenSSH) - */ -void sshbuf_init(struct sshbuf *buf); -#endif - /* * Create a new sshbuf buffer. * Returns pointer to buffer on success, or NULL on allocation failure. diff --git a/sshconnect.c b/sshconnect.c index 3805d35d984..78813c164bc 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.297 2018/02/23 15:58:38 markus Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.304 2018/07/27 05:34:42 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -49,14 +49,12 @@ #endif #include "xmalloc.h" -#include "key.h" #include "hostfile.h" #include "ssh.h" -#include "buffer.h" +#include "sshbuf.h" #include "packet.h" -#include "uidswap.h" #include "compat.h" -#include "key.h" +#include "sshkey.h" #include "sshconnect.h" #include "hostfile.h" #include "log.h" @@ -82,8 +80,6 @@ static pid_t proxy_command_pid = 0; /* import */ extern Options options; extern char *__progname; -extern uid_t original_real_uid; -extern uid_t original_effective_uid; static int show_other_keys(struct hostkeys *, struct sshkey *); static void warn_changed_key(struct sshkey *); @@ -131,9 +127,6 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port, if ((pid = fork()) == 0) { char *argv[10]; - /* Child. Permanently give up superuser privileges. */ - permanently_drop_suid(original_real_uid); - close(sp[1]); /* Redirect stdin and stdout. */ if (sp[0] != 0) { @@ -213,9 +206,6 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port, if ((pid = fork()) == 0) { char *argv[10]; - /* Child. Permanently give up superuser privileges. */ - permanently_drop_suid(original_real_uid); - /* Redirect stdin and stdout. */ close(pin[1]); if (pin[0] != 0) { @@ -277,7 +267,7 @@ ssh_kill_proxy_command(void) #ifdef HAVE_IFADDRS_H /* * Search a interface address list (returned from getifaddrs(3)) for an - * address that matches the desired address family on the specifed interface. + * address that matches the desired address family on the specified interface. * Returns 0 and fills in *resultp and *rlenp on success. Returns -1 on failure. */ static int @@ -338,12 +328,12 @@ check_ifaddrs(const char *ifname, int af, const struct ifaddrs *ifaddrs, #endif /* - * Creates a (possibly privileged) socket for use as the ssh connection. + * Creates a socket for use as the ssh connection. */ static int -ssh_create_socket(int privileged, struct addrinfo *ai) +ssh_create_socket(struct addrinfo *ai) { - int sock, r, oerrno; + int sock, r; struct sockaddr_storage bindaddr; socklen_t bindaddrlen = 0; struct addrinfo hints, *res = NULL; @@ -360,8 +350,7 @@ ssh_create_socket(int privileged, struct addrinfo *ai) fcntl(sock, F_SETFD, FD_CLOEXEC); /* Bind the socket to an alternative local IP address */ - if (options.bind_address == NULL && options.bind_interface == NULL && - !privileged) + if (options.bind_address == NULL && options.bind_interface == NULL) return sock; if (options.bind_address != NULL) { @@ -410,22 +399,7 @@ ssh_create_socket(int privileged, struct addrinfo *ai) ssh_gai_strerror(r)); goto fail; } - /* - * If we are running as root and want to connect to a privileged - * port, bind our own socket to a privileged port. - */ - if (privileged) { - PRIV_START; - r = bindresvport_sa(sock, - bindaddrlen == 0 ? NULL : (struct sockaddr *)&bindaddr); - oerrno = errno; - PRIV_END; - if (r < 0) { - error("bindresvport_sa %s: %s", ntop, - strerror(oerrno)); - goto fail; - } - } else if (bind(sock, (struct sockaddr *)&bindaddr, bindaddrlen) != 0) { + if (bind(sock, (struct sockaddr *)&bindaddr, bindaddrlen) != 0) { error("bind %s: %s", ntop, strerror(errno)); goto fail; } @@ -515,9 +489,7 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, /* * Opens a TCP/IP connection to the remote server on the given host. * The address of the remote host will be returned in hostaddr. - * If port is 0, the default port will be used. If needpriv is true, - * a privileged port will be allocated to make the connection. - * This requires super-user privileges if needpriv is true. + * If port is 0, the default port will be used. * Connection_attempts specifies the maximum number of tries (one per * second). If proxy_command is non-NULL, it specifies the command (with %h * and %p substituted for host and port, respectively) to use to contact @@ -526,14 +498,14 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, static int ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, struct sockaddr_storage *hostaddr, u_short port, int family, - int connection_attempts, int *timeout_ms, int want_keepalive, int needpriv) + int connection_attempts, int *timeout_ms, int want_keepalive) { int on = 1; int oerrno, sock = -1, attempt; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; struct addrinfo *ai; - debug2("%s: needpriv %d", __func__, needpriv); + debug2("%s", __func__); memset(ntop, 0, sizeof(ntop)); memset(strport, 0, sizeof(strport)); @@ -565,7 +537,7 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, host, ntop, strport); /* Create a socket for connecting. */ - sock = ssh_create_socket(needpriv, ai); + sock = ssh_create_socket(ai); if (sock < 0) { /* Any error is already output */ errno = 0; @@ -615,12 +587,11 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, int ssh_connect(struct ssh *ssh, const char *host, struct addrinfo *addrs, struct sockaddr_storage *hostaddr, u_short port, int family, - int connection_attempts, int *timeout_ms, int want_keepalive, int needpriv) + int connection_attempts, int *timeout_ms, int want_keepalive) { if (options.proxy_command == NULL) { return ssh_connect_direct(ssh, host, addrs, hostaddr, port, - family, connection_attempts, timeout_ms, want_keepalive, - needpriv); + family, connection_attempts, timeout_ms, want_keepalive); } else if (strcmp(options.proxy_command, "-") == 0) { if ((ssh_packet_set_connection(ssh, STDIN_FILENO, STDOUT_FILENO)) == NULL) @@ -767,11 +738,11 @@ check_host_cert(const char *host, const struct sshkey *host_key) { const char *reason; - if (key_cert_check_authority(host_key, 1, 0, host, &reason) != 0) { + if (sshkey_cert_check_authority(host_key, 1, 0, host, &reason) != 0) { error("%s", reason); return 0; } - if (buffer_len(host_key->cert->critical) != 0) { + if (sshbuf_len(host_key->cert->critical) != 0) { error("Certificate for %s contains unsupported " "critical options(s)", host); return 0; @@ -1496,9 +1467,9 @@ show_other_keys(struct hostkeys *hostkeys, struct sshkey *key) logit("WARNING: %s key found for host %s\n" "in %s:%lu\n" "%s key fingerprint %s.", - key_type(found->key), + sshkey_type(found->key), found->host, found->file, found->line, - key_type(found->key), fp); + sshkey_type(found->key), fp); if (options.visual_host_key) logit("%s", ra); free(ra); @@ -1525,7 +1496,7 @@ warn_changed_key(struct sshkey *host_key) error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); error("It is also possible that a host key has just been changed."); error("The fingerprint for the %s key sent by the remote host is\n%s.", - key_type(host_key), fp); + sshkey_type(host_key), fp); error("Please contact your system administrator."); free(fp); diff --git a/sshconnect.h b/sshconnect.h index dd648b096e9..890d857330c 100644 --- a/sshconnect.h +++ b/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.32 2018/02/10 09:25:35 djm Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.35 2018/07/19 10:28:47 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -28,14 +28,13 @@ typedef struct Sensitive Sensitive; struct Sensitive { struct sshkey **keys; int nkeys; - int external_keysign; }; struct addrinfo; struct ssh; int ssh_connect(struct ssh *, const char *, struct addrinfo *, - struct sockaddr_storage *, u_short, int, int, int *, int, int); + struct sockaddr_storage *, u_short, int, int, int *, int); void ssh_kill_proxy_command(void); void ssh_login(Sensitive *, const char *, struct sockaddr *, u_short, @@ -58,22 +57,3 @@ void ssh_put_password(char *); int ssh_local_cmd(const char *); void maybe_add_key_to_agent(char *, const struct sshkey *, char *, char *); - -/* - * Macros to raise/lower permissions. - */ -#define PRIV_START do { \ - int save_errno = errno; \ - if (seteuid(original_effective_uid) != 0) \ - fatal("PRIV_START: seteuid: %s", \ - strerror(errno)); \ - errno = save_errno; \ -} while (0) - -#define PRIV_END do { \ - int save_errno = errno; \ - if (seteuid(original_real_uid) != 0) \ - fatal("PRIV_END: seteuid: %s", \ - strerror(errno)); \ - errno = save_errno; \ -} while (0) diff --git a/sshconnect2.c b/sshconnect2.c index 1f4a74cf46f..10e4f0a086e 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.270 2018/03/24 19:28:43 markus Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.284 2018/08/13 02:41:05 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -49,11 +49,11 @@ #include "xmalloc.h" #include "ssh.h" #include "ssh2.h" -#include "buffer.h" +#include "sshbuf.h" #include "packet.h" #include "compat.h" #include "cipher.h" -#include "key.h" +#include "sshkey.h" #include "kex.h" #include "myproposal.h" #include "sshconnect.h" @@ -158,7 +158,7 @@ void ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) { char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; - char *s; + char *s, *all_key; struct kex *kex; int r; @@ -178,9 +178,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; if (options.hostkeyalgorithms != NULL) { - if (kex_assemble_names(KEX_DEFAULT_PK_ALG, - &options.hostkeyalgorithms) != 0) + all_key = sshkey_alg_list(0, 0, 1, ','); + if (kex_assemble_names(&options.hostkeyalgorithms, + KEX_DEFAULT_PK_ALG, all_key) != 0) fatal("%s: kex_assemble_namelist", __func__); + free(all_key); myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(options.hostkeyalgorithms); } else { @@ -230,10 +232,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) #ifdef DEBUG_KEXDH /* send 1st encrypted/maced/compressed message */ - packet_start(SSH2_MSG_IGNORE); - packet_put_cstring("markus"); - packet_send(); - packet_write_wait(); + if ((r = sshpkt_start(ssh, SSH2_MSG_IGNORE)) != 0 || + (r = sshpkt_put_cstring(ssh, "markus")) != 0 || + (r = sshpkt_send(ssh)) != 0 || + (r = ssh_packet_write_wait(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); #endif } @@ -315,7 +318,7 @@ int input_gssapi_errtok(int, u_int32_t, struct ssh *); void userauth(Authctxt *, char *); -static int sign_and_send_pubkey(Authctxt *, Identity *); +static int sign_and_send_pubkey(struct ssh *ssh, Authctxt *, Identity *); static void pubkey_prepare(Authctxt *); static void pubkey_cleanup(Authctxt *); static void pubkey_reset(Authctxt *); @@ -455,6 +458,8 @@ input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh) void userauth(Authctxt *authctxt, char *authlist) { + struct ssh *ssh = active_state; /* XXX */ + if (authctxt->method != NULL && authctxt->method->cleanup != NULL) authctxt->method->cleanup(authctxt); @@ -474,7 +479,7 @@ userauth(Authctxt *authctxt, char *authlist) authctxt->method = method; /* reset the per method handler */ - dispatch_range(SSH2_MSG_USERAUTH_PER_METHOD_MIN, + ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_PER_METHOD_MIN, SSH2_MSG_USERAUTH_PER_METHOD_MAX, NULL); /* and try new method */ @@ -551,14 +556,16 @@ input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; char *authlist = NULL; - int partial; + u_char partial; + int r; if (authctxt == NULL) fatal("input_userauth_failure: no authentication context"); - authlist = packet_get_string(NULL); - partial = packet_get_char(); - packet_check_eom(); + if ((r = sshpkt_get_cstring(ssh, &authlist, NULL)) != 0 || + (r = sshpkt_get_u8(ssh, &partial)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + goto out; if (partial != 0) { verbose("Authenticated with partial success."); @@ -568,6 +575,9 @@ input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh) debug("Authentications that can continue: %s", authlist); userauth(authctxt, authlist); + authlist = NULL; + out: + free(authlist); return 0; } @@ -579,25 +589,27 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) struct sshkey *key = NULL; Identity *id = NULL; int pktype, sent = 0; - u_int alen, blen; - char *pkalg, *fp; - u_char *pkblob; + size_t blen; + char *pkalg = NULL, *fp; + u_char *pkblob = NULL; + int r; if (authctxt == NULL) fatal("input_userauth_pk_ok: no authentication context"); - pkalg = packet_get_string(&alen); - pkblob = packet_get_string(&blen); - packet_check_eom(); + if ((r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 || + (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + goto done; - debug("Server accepts key: pkalg %s blen %u", pkalg, blen); + debug("Server accepts key: pkalg %s blen %zu", pkalg, blen); - if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) { + if ((pktype = sshkey_type_from_name(pkalg)) == KEY_UNSPEC) { debug("unknown pkalg %s", pkalg); goto done; } - if ((key = key_from_blob(pkblob, blen)) == NULL) { - debug("no key from blob. pkalg %s", pkalg); + if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) { + debug("no key from blob. pkalg %s: %s", pkalg, ssh_err(r)); goto done; } if (key->type != pktype) { @@ -618,31 +630,33 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) * duplicate keys */ TAILQ_FOREACH_REVERSE(id, &authctxt->keys, idlist, next) { - if (key_equal(key, id->key)) { - sent = sign_and_send_pubkey(authctxt, id); + if (sshkey_equal(key, id->key)) { + sent = sign_and_send_pubkey(ssh, authctxt, id); break; } } -done: - key_free(key); + r = 0; + done: + sshkey_free(key); free(pkalg); free(pkblob); /* try another method if we did not send a packet */ - if (sent == 0) + if (r == 0 && sent == 0) userauth(authctxt, NULL); - return 0; + return r; } #ifdef GSSAPI int userauth_gssapi(Authctxt *authctxt) { + struct ssh *ssh = active_state; /* XXX */ Gssctxt *gssctxt = NULL; static gss_OID_set gss_supported = NULL; static u_int mech = 0; OM_uint32 min; - int ok = 0; + int r, ok = 0; /* Try one GSSAPI method at a time, rather than sending them all at * once. */ @@ -654,7 +668,7 @@ userauth_gssapi(Authctxt *authctxt) while (mech < gss_supported->count && !ok) { /* My DER encoding requires length<128 */ if (gss_supported->elements[mech].length < 128 && - ssh_gssapi_check_mechanism(&gssctxt, + ssh_gssapi_check_mechanism(&gssctxt, &gss_supported->elements[mech], authctxt->host)) { ok = 1; /* Mechanism works */ } else { @@ -667,25 +681,26 @@ userauth_gssapi(Authctxt *authctxt) authctxt->methoddata=(void *)gssctxt; - packet_start(SSH2_MSG_USERAUTH_REQUEST); - packet_put_cstring(authctxt->server_user); - packet_put_cstring(authctxt->service); - packet_put_cstring(authctxt->method->name); - - packet_put_int(1); - - packet_put_int((gss_supported->elements[mech].length) + 2); - packet_put_char(SSH_GSS_OIDTYPE); - packet_put_char(gss_supported->elements[mech].length); - packet_put_raw(gss_supported->elements[mech].elements, - gss_supported->elements[mech].length); - - packet_send(); + if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 || + (r = sshpkt_put_u32(ssh, 1)) != 0 || + (r = sshpkt_put_u32(ssh, + (gss_supported->elements[mech].length) + 2)) != 0 || + (r = sshpkt_put_u8(ssh, SSH_GSS_OIDTYPE)) != 0 || + (r = sshpkt_put_u8(ssh, + gss_supported->elements[mech].length)) != 0 || + (r = sshpkt_put(ssh, + gss_supported->elements[mech].elements, + gss_supported->elements[mech].length)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE, &input_gssapi_response); - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token); - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error); - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_RESPONSE, &input_gssapi_response); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok); mech++; /* Move along to next candidate */ @@ -701,44 +716,56 @@ process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok) gss_buffer_desc mic = GSS_C_EMPTY_BUFFER; gss_buffer_desc gssbuf; OM_uint32 status, ms, flags; - Buffer b; + int r; status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, recv_tok, &send_tok, &flags); if (send_tok.length > 0) { - if (GSS_ERROR(status)) - packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK); - else - packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN); + u_char type = GSS_ERROR(status) ? + SSH2_MSG_USERAUTH_GSSAPI_ERRTOK : + SSH2_MSG_USERAUTH_GSSAPI_TOKEN; + + if ((r = sshpkt_start(ssh, type)) != 0 || + (r = sshpkt_put_string(ssh, send_tok.value, + send_tok.length)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); - packet_put_string(send_tok.value, send_tok.length); - packet_send(); gss_release_buffer(&ms, &send_tok); } if (status == GSS_S_COMPLETE) { /* send either complete or MIC, depending on mechanism */ if (!(flags & GSS_C_INTEG_FLAG)) { - packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE); - packet_send(); + if ((r = sshpkt_start(ssh, + SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); } else { - ssh_gssapi_buildmic(&b, authctxt->server_user, + struct sshbuf *b; + + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + ssh_gssapi_buildmic(b, authctxt->server_user, authctxt->service, "gssapi-with-mic"); - gssbuf.value = buffer_ptr(&b); - gssbuf.length = buffer_len(&b); + if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL) + fatal("%s: sshbuf_mutable_ptr failed", __func__); + gssbuf.length = sshbuf_len(b); status = ssh_gssapi_sign(gssctxt, &gssbuf, &mic); if (!GSS_ERROR(status)) { - packet_start(SSH2_MSG_USERAUTH_GSSAPI_MIC); - packet_put_string(mic.value, mic.length); - - packet_send(); + if ((r = sshpkt_start(ssh, + SSH2_MSG_USERAUTH_GSSAPI_MIC)) != 0 || + (r = sshpkt_put_string(ssh, mic.value, + mic.length)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); } - buffer_free(&b); + sshbuf_free(b); gss_release_buffer(&ms, &mic); } } @@ -752,39 +779,43 @@ input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; Gssctxt *gssctxt; - int oidlen; - char *oidv; + size_t oidlen; + u_char *oidv = NULL; + int r; if (authctxt == NULL) fatal("input_gssapi_response: no authentication context"); gssctxt = authctxt->methoddata; /* Setup our OID */ - oidv = packet_get_string(&oidlen); + if ((r = sshpkt_get_string(ssh, &oidv, &oidlen)) != 0) + goto done; if (oidlen <= 2 || oidv[0] != SSH_GSS_OIDTYPE || oidv[1] != oidlen - 2) { - free(oidv); debug("Badly encoded mechanism OID received"); userauth(authctxt, NULL); - return 0; + goto ok; } if (!ssh_gssapi_check_oid(gssctxt, oidv + 2, oidlen - 2)) fatal("Server returned different OID than expected"); - packet_check_eom(); - - free(oidv); + if ((r = sshpkt_get_end(ssh)) != 0) + goto done; if (GSS_ERROR(process_gssapi_token(ssh, GSS_C_NO_BUFFER))) { /* Start again with next method on list */ debug("Trying to start again"); userauth(authctxt, NULL); - return 0; + goto ok; } - return 0; + ok: + r = 0; + done: + free(oidv); + return r; } /* ARGSUSED */ @@ -793,27 +824,31 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; gss_buffer_desc recv_tok; + u_char *p = NULL; + size_t len; OM_uint32 status; - u_int slen; + int r; if (authctxt == NULL) fatal("input_gssapi_response: no authentication context"); - recv_tok.value = packet_get_string(&slen); - recv_tok.length = slen; /* safe typecast */ - - packet_check_eom(); + if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + goto out; + recv_tok.value = p; + recv_tok.length = len; status = process_gssapi_token(ssh, &recv_tok); - free(recv_tok.value); - + /* Start again with the next method in the list */ if (GSS_ERROR(status)) { - /* Start again with the next method in the list */ userauth(authctxt, NULL); - return 0; + /* ok */ } - return 0; + r = 0; + out: + free(p); + return r; } /* ARGSUSED */ @@ -825,22 +860,26 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh) gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; gss_buffer_desc recv_tok; OM_uint32 ms; - u_int len; + u_char *p = NULL; + size_t len; + int r; if (authctxt == NULL) fatal("input_gssapi_response: no authentication context"); gssctxt = authctxt->methoddata; - recv_tok.value = packet_get_string(&len); - recv_tok.length = len; - - packet_check_eom(); + if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) { + free(p); + return r; + } /* Stick it into GSSAPI and see what it says */ + recv_tok.value = p; + recv_tok.length = len; (void)ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, &recv_tok, &send_tok, NULL); - - free(recv_tok.value); + free(p); gss_release_buffer(&ms, &send_tok); /* Server will be returning a failed packet after this one */ @@ -851,43 +890,50 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh) int input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh) { - char *msg; - char *lang; - - /* maj */(void)packet_get_int(); - /* min */(void)packet_get_int(); - msg=packet_get_string(NULL); - lang=packet_get_string(NULL); - - packet_check_eom(); + char *msg = NULL; + char *lang = NULL; + int r; + if ((r = sshpkt_get_u32(ssh, NULL)) != 0 || /* maj */ + (r = sshpkt_get_u32(ssh, NULL)) != 0 || /* min */ + (r = sshpkt_get_cstring(ssh, &msg, NULL)) != 0 || + (r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0) + goto out; + r = sshpkt_get_end(ssh); debug("Server GSSAPI Error:\n%s", msg); + out: free(msg); free(lang); - return 0; + return r; } #endif /* GSSAPI */ int userauth_none(Authctxt *authctxt) { + struct ssh *ssh = active_state; /* XXX */ + int r; + /* initial userauth request */ - packet_start(SSH2_MSG_USERAUTH_REQUEST); - packet_put_cstring(authctxt->server_user); - packet_put_cstring(authctxt->service); - packet_put_cstring(authctxt->method->name); - packet_send(); + if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); return 1; } int userauth_passwd(Authctxt *authctxt) { + struct ssh *ssh = active_state; /* XXX */ static int attempt = 0; char prompt[256]; char *password; const char *host = options.host_key_alias ? options.host_key_alias : authctxt->host; + int r; if (attempt++ >= options.number_of_password_prompts) return 0; @@ -898,18 +944,20 @@ userauth_passwd(Authctxt *authctxt) snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ", authctxt->server_user, host); password = read_passphrase(prompt, 0); - packet_start(SSH2_MSG_USERAUTH_REQUEST); - packet_put_cstring(authctxt->server_user); - packet_put_cstring(authctxt->service); - packet_put_cstring(authctxt->method->name); - packet_put_char(0); - packet_put_cstring(password); - explicit_bzero(password, strlen(password)); - free(password); - packet_add_padding(64); - packet_send(); - - dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, + if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 || + (r = sshpkt_put_u8(ssh, 0)) != 0 || + (r = sshpkt_put_cstring(ssh, password)) != 0 || + (r = sshpkt_add_padding(ssh, 64)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + + if (password) + freezero(password, strlen(password)); + + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, &input_userauth_passwd_changereq); return 1; @@ -923,9 +971,10 @@ int input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; - char *info, *lang, *password = NULL, *retype = NULL; + char *info = NULL, *lang = NULL, *password = NULL, *retype = NULL; char prompt[256]; const char *host; + int r; debug2("input_userauth_passwd_changereq"); @@ -934,24 +983,26 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh) "no authentication context"); host = options.host_key_alias ? options.host_key_alias : authctxt->host; - info = packet_get_string(NULL); - lang = packet_get_string(NULL); + if ((r = sshpkt_get_cstring(ssh, &info, NULL)) != 0 || + (r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0) + goto out; if (strlen(info) > 0) logit("%s", info); - free(info); - free(lang); - packet_start(SSH2_MSG_USERAUTH_REQUEST); - packet_put_cstring(authctxt->server_user); - packet_put_cstring(authctxt->service); - packet_put_cstring(authctxt->method->name); - packet_put_char(1); /* additional info */ + if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 || + (r = sshpkt_put_u8(ssh, 1)) != 0) /* additional info */ + goto out; + snprintf(prompt, sizeof(prompt), "Enter %.30s@%.128s's old password: ", authctxt->server_user, host); password = read_passphrase(prompt, 0); - packet_put_cstring(password); - explicit_bzero(password, strlen(password)); - free(password); + if ((r = sshpkt_put_cstring(ssh, password)) != 0) + goto out; + + freezero(password, strlen(password)); password = NULL; while (password == NULL) { snprintf(prompt, sizeof(prompt), @@ -960,99 +1011,113 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh) password = read_passphrase(prompt, RP_ALLOW_EOF); if (password == NULL) { /* bail out */ - return 0; + r = 0; + goto out; } snprintf(prompt, sizeof(prompt), "Retype %.30s@%.128s's new password: ", authctxt->server_user, host); retype = read_passphrase(prompt, 0); if (strcmp(password, retype) != 0) { - explicit_bzero(password, strlen(password)); - free(password); + freezero(password, strlen(password)); logit("Mismatch; try again, EOF to quit."); password = NULL; } - explicit_bzero(retype, strlen(retype)); - free(retype); + freezero(retype, strlen(retype)); } - packet_put_cstring(password); - explicit_bzero(password, strlen(password)); - free(password); - packet_add_padding(64); - packet_send(); + if ((r = sshpkt_put_cstring(ssh, password)) != 0 || + (r = sshpkt_add_padding(ssh, 64)) != 0 || + (r = sshpkt_send(ssh)) != 0) + goto out; - dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, &input_userauth_passwd_changereq); - return 0; -} - -static const char * -key_sign_encode(const struct sshkey *key) -{ - struct ssh *ssh = active_state; - - if (key->type == KEY_RSA) { - switch (ssh->kex->rsa_sha2) { - case 256: - return "rsa-sha2-256"; - case 512: - return "rsa-sha2-512"; - } - } - return key_ssh_name(key); + r = 0; + out: + if (password) + freezero(password, strlen(password)); + free(info); + free(lang); + return r; } /* - * Some agents will return ssh-rsa signatures when asked to make a - * rsa-sha2-* signature. Check what they actually gave back and warn the - * user if the agent has returned an unexpected type. + * Select an algorithm for publickey signatures. + * Returns algorithm (caller must free) or NULL if no mutual algorithm found. + * + * Call with ssh==NULL to ignore server-sig-algs extension list and + * only attempt with the key's base signature type. */ -static int -check_sigtype(const struct sshkey *key, const u_char *sig, size_t len) +static char * +key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) { - int r; - char *sigtype = NULL; - const char *alg = key_sign_encode(key); + char *allowed, *oallowed, *cp, *tmp, *alg = NULL; - if (sshkey_is_cert(key)) - return 0; - if ((r = sshkey_sigtype(sig, len, &sigtype)) != 0) - return r; - if (strcmp(sigtype, alg) != 0) { - logit("warning: agent returned different signature type %s " - "(expected %s)", sigtype, alg); + /* + * The signature algorithm will only differ from the key algorithm + * for RSA keys/certs and when the server advertises support for + * newer (SHA2) algorithms. + */ + if (ssh == NULL || ssh->kex->server_sig_algs == NULL || + (key->type != KEY_RSA && key->type != KEY_RSA_CERT)) { + /* Filter base key signature alg against our configuration */ + return match_list(sshkey_ssh_name(key), + options.pubkey_key_types, NULL); } - free(sigtype); - /* Incorrect signature types aren't an error ... yet */ - return 0; + + /* + * For RSA keys/certs, since these might have a different sig type: + * find the first entry in PubkeyAcceptedKeyTypes of the right type + * that also appears in the supported signature algorithms list from + * the server. + */ + oallowed = allowed = xstrdup(options.pubkey_key_types); + while ((cp = strsep(&allowed, ",")) != NULL) { + if (sshkey_type_from_name(cp) != key->type) + continue; + tmp = match_list(sshkey_sigalg_by_name(cp), ssh->kex->server_sig_algs, NULL); + if (tmp != NULL) + alg = xstrdup(cp); + free(tmp); + if (alg != NULL) + break; + } + free(oallowed); + return alg; } static int identity_sign(struct identity *id, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat) + const u_char *data, size_t datalen, u_int compat, const char *alg) { struct sshkey *prv; int r; - /* the agent supports this key */ + /* The agent supports this key. */ if (id->key != NULL && id->agent_fd != -1) { - if ((r = ssh_agent_sign(id->agent_fd, id->key, sigp, lenp, - data, datalen, key_sign_encode(id->key), compat)) != 0 || - (r = check_sigtype(id->key, *sigp, *lenp)) != 0) - return r; - return 0; + return ssh_agent_sign(id->agent_fd, id->key, sigp, lenp, + data, datalen, alg, compat); } /* - * we have already loaded the private key or - * the private key is stored in external hardware + * We have already loaded the private key or the private key is + * stored in external hardware. */ if (id->key != NULL && - (id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT))) - return (sshkey_sign(id->key, sigp, lenp, data, datalen, - key_sign_encode(id->key), compat)); + (id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT))) { + if ((r = sshkey_sign(id->key, sigp, lenp, data, datalen, + alg, compat)) != 0) + return r; + /* + * PKCS#11 tokens may not support all signature algorithms, + * so check what we get back. + */ + if ((r = sshkey_check_sigtype(*sigp, *lenp, alg)) != 0) + return r; + return 0; + } - /* load the private key from the file */ + /* Load the private key from the file. */ if ((prv = load_identity_file(id)) == NULL) return SSH_ERR_KEY_NOT_FOUND; if (id->key != NULL && !sshkey_equal_public(prv, id->key)) { @@ -1060,8 +1125,7 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp, __func__, id->filename); return SSH_ERR_KEY_NOT_FOUND; } - r = sshkey_sign(prv, sigp, lenp, data, datalen, - key_sign_encode(prv), compat); + r = sshkey_sign(prv, sigp, lenp, data, datalen, alg, compat); sshkey_free(prv); return r; } @@ -1086,57 +1150,35 @@ id_filename_matches(Identity *id, Identity *private_id) } static int -sign_and_send_pubkey(Authctxt *authctxt, Identity *id) +sign_and_send_pubkey(struct ssh *ssh, Authctxt *authctxt, Identity *id) { - Buffer b; - Identity *private_id; - u_char *blob, *signature; - size_t slen; - u_int bloblen, skip = 0; - int matched, ret = -1, have_sig = 1; - char *fp; + struct sshbuf *b = NULL; + Identity *private_id, *sign_id = NULL; + u_char *signature = NULL; + size_t slen = 0, skip = 0; + int r, fallback_sigtype, sent = 0; + char *alg = NULL, *fp = NULL; + const char *loc = ""; if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) return 0; - debug3("%s: %s %s", __func__, key_type(id->key), fp); - free(fp); - if (key_to_blob(id->key, &blob, &bloblen) == 0) { - /* we cannot handle this key */ - debug3("sign_and_send_pubkey: cannot handle key"); - return 0; - } - /* data to be signed */ - buffer_init(&b); - if (datafellows & SSH_OLD_SESSIONID) { - buffer_append(&b, session_id2, session_id2_len); - skip = session_id2_len; - } else { - buffer_put_string(&b, session_id2, session_id2_len); - skip = buffer_len(&b); - } - buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); - buffer_put_cstring(&b, authctxt->server_user); - buffer_put_cstring(&b, authctxt->service); - buffer_put_cstring(&b, authctxt->method->name); - buffer_put_char(&b, have_sig); - buffer_put_cstring(&b, key_sign_encode(id->key)); - buffer_put_string(&b, blob, bloblen); + debug3("%s: %s %s", __func__, sshkey_type(id->key), fp); /* * If the key is an certificate, try to find a matching private key * and use it to complete the signature. * If no such private key exists, fall back to trying the certificate * key itself in case it has a private half already loaded. + * This will try to set sign_id to the private key that will perform + * the signature. */ - if (key_is_cert(id->key)) { - matched = 0; + if (sshkey_is_cert(id->key)) { TAILQ_FOREACH(private_id, &authctxt->keys, next) { if (sshkey_equal_public(id->key, private_id->key) && id->key->type != private_id->key->type) { - id = private_id; - matched = 1; + sign_id = private_id; break; } } @@ -1147,18 +1189,18 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) * of keeping just a private key file and public * certificate on disk. */ - if (!matched && !id->isprivate && id->agent_fd == -1 && + if (sign_id == NULL && + !id->isprivate && id->agent_fd == -1 && (id->key->flags & SSHKEY_FLAG_EXT) == 0) { TAILQ_FOREACH(private_id, &authctxt->keys, next) { if (private_id->key == NULL && id_filename_matches(id, private_id)) { - id = private_id; - matched = 1; + sign_id = private_id; break; } } } - if (matched) { + if (sign_id != NULL) { debug2("%s: using private key \"%s\"%s for " "certificate", __func__, id->filename, id->agent_fd != -1 ? " from agent" : ""); @@ -1168,65 +1210,141 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) } } - /* generate signature */ - ret = identity_sign(id, &signature, &slen, - buffer_ptr(&b), buffer_len(&b), datafellows); - if (ret != 0) { - if (ret != SSH_ERR_KEY_NOT_FOUND) - error("%s: signing failed: %s", __func__, ssh_err(ret)); - free(blob); - buffer_free(&b); - return 0; + /* + * If the above didn't select another identity to do the signing + * then default to the one we started with. + */ + if (sign_id == NULL) + sign_id = id; + + /* assemble and sign data */ + for (fallback_sigtype = 0; fallback_sigtype <= 1; fallback_sigtype++) { + free(alg); + slen = 0; + signature = NULL; + if ((alg = key_sig_algorithm(fallback_sigtype ? NULL : ssh, + id->key)) == NULL) { + error("%s: no mutual signature supported", __func__); + goto out; + } + debug3("%s: signing using %s", __func__, alg); + + sshbuf_free(b); + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if (datafellows & SSH_OLD_SESSIONID) { + if ((r = sshbuf_put(b, session_id2, + session_id2_len)) != 0) { + fatal("%s: sshbuf_put: %s", + __func__, ssh_err(r)); + } + } else { + if ((r = sshbuf_put_string(b, session_id2, + session_id2_len)) != 0) { + fatal("%s: sshbuf_put_string: %s", + __func__, ssh_err(r)); + } + } + skip = sshbuf_len(b); + if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || + (r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 || + (r = sshbuf_put_cstring(b, authctxt->service)) != 0 || + (r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 || + (r = sshbuf_put_u8(b, 1)) != 0 || + (r = sshbuf_put_cstring(b, alg)) != 0 || + (r = sshkey_puts(id->key, b)) != 0) { + fatal("%s: assemble signed data: %s", + __func__, ssh_err(r)); + } + + /* generate signature */ + r = identity_sign(sign_id, &signature, &slen, + sshbuf_ptr(b), sshbuf_len(b), datafellows, alg); + if (r == 0) + break; + else if (r == SSH_ERR_KEY_NOT_FOUND) + goto out; /* soft failure */ + else if (r == SSH_ERR_SIGN_ALG_UNSUPPORTED && + !fallback_sigtype) { + if (sign_id->agent_fd != -1) + loc = "agent "; + else if ((sign_id->key->flags & SSHKEY_FLAG_EXT) != 0) + loc = "token "; + logit("%skey %s %s returned incorrect signature type", + loc, sshkey_type(id->key), fp); + continue; + } + error("%s: signing failed: %s", __func__, ssh_err(r)); + goto out; } -#ifdef DEBUG_PK - buffer_dump(&b); -#endif - free(blob); + if (slen == 0 || signature == NULL) /* shouldn't happen */ + fatal("%s: no signature", __func__); /* append signature */ - buffer_put_string(&b, signature, slen); - free(signature); + if ((r = sshbuf_put_string(b, signature, slen)) != 0) + fatal("%s: append signature: %s", __func__, ssh_err(r)); +#ifdef DEBUG_PK + sshbuf_dump(b, stderr); +#endif /* skip session id and packet type */ - if (buffer_len(&b) < skip + 1) - fatal("userauth_pubkey: internal error"); - buffer_consume(&b, skip + 1); + if ((r = sshbuf_consume(b, skip + 1)) != 0) + fatal("%s: consume: %s", __func__, ssh_err(r)); /* put remaining data from buffer into packet */ - packet_start(SSH2_MSG_USERAUTH_REQUEST); - packet_put_raw(buffer_ptr(&b), buffer_len(&b)); - buffer_free(&b); - packet_send(); + if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 || + (r = sshpkt_putb(ssh, b)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("%s: enqueue request: %s", __func__, ssh_err(r)); - return 1; + /* success */ + sent = 1; + + out: + free(fp); + free(alg); + sshbuf_free(b); + freezero(signature, slen); + return sent; } static int -send_pubkey_test(Authctxt *authctxt, Identity *id) +send_pubkey_test(struct ssh *ssh, Authctxt *authctxt, Identity *id) { - u_char *blob; - u_int bloblen, have_sig = 0; - - debug3("send_pubkey_test"); + u_char *blob = NULL; + char *alg = NULL; + size_t bloblen; + u_int have_sig = 0; + int sent = 0, r; + + if ((alg = key_sig_algorithm(ssh, id->key)) == NULL) { + debug("%s: no mutual signature algorithm", __func__); + goto out; + } - if (key_to_blob(id->key, &blob, &bloblen) == 0) { + if ((r = sshkey_to_blob(id->key, &blob, &bloblen)) != 0) { /* we cannot handle this key */ - debug3("send_pubkey_test: cannot handle key"); - return 0; + debug3("%s: cannot handle key", __func__); + goto out; } /* register callback for USERAUTH_PK_OK message */ - dispatch_set(SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok); - - packet_start(SSH2_MSG_USERAUTH_REQUEST); - packet_put_cstring(authctxt->server_user); - packet_put_cstring(authctxt->service); - packet_put_cstring(authctxt->method->name); - packet_put_char(have_sig); - packet_put_cstring(key_sign_encode(id->key)); - packet_put_string(blob, bloblen); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok); + + if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 || + (r = sshpkt_put_u8(ssh, have_sig)) != 0 || + (r = sshpkt_put_cstring(ssh, alg)) != 0 || + (r = sshpkt_put_string(ssh, blob, bloblen)) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + sent = 1; + + out: + free(alg); free(blob); - packet_send(); - return 1; + return sent; } static struct sshkey * @@ -1284,10 +1402,8 @@ load_identity_file(Identity *id) !(id->key && id->isprivate)) maybe_add_key_to_agent(id->filename, private, comment, passphrase); - if (i > 0) { - explicit_bzero(passphrase, strlen(passphrase)); - free(passphrase); - } + if (i > 0) + freezero(passphrase, strlen(passphrase)); free(comment); if (private != NULL || quit) break; @@ -1295,6 +1411,36 @@ load_identity_file(Identity *id) return private; } +static int +key_type_allowed_by_config(struct sshkey *key) +{ + if (match_pattern_list(sshkey_ssh_name(key), + options.pubkey_key_types, 0) == 1) + return 1; + + /* RSA keys/certs might be allowed by alternate signature types */ + switch (key->type) { + case KEY_RSA: + if (match_pattern_list("rsa-sha2-512", + options.pubkey_key_types, 0) == 1) + return 1; + if (match_pattern_list("rsa-sha2-256", + options.pubkey_key_types, 0) == 1) + return 1; + break; + case KEY_RSA_CERT: + if (match_pattern_list("rsa-sha2-512-cert-v01@openssh.com", + options.pubkey_key_types, 0) == 1) + return 1; + if (match_pattern_list("rsa-sha2-256-cert-v01@openssh.com", + options.pubkey_key_types, 0) == 1) + return 1; + break; + } + return 0; +} + + /* * try keys in the following order: * 1. certificates listed in the config file @@ -1334,7 +1480,7 @@ pubkey_prepare(Authctxt *authctxt) /* list of certificates specified by user */ for (i = 0; i < options.num_certificate_files; i++) { key = options.certificates[i]; - if (!key_is_cert(key) || key->cert == NULL || + if (!sshkey_is_cert(key) || key->cert == NULL || key->cert->type != SSH2_CERT_TYPE_USER) continue; id = xcalloc(1, sizeof(*id)); @@ -1408,8 +1554,7 @@ pubkey_prepare(Authctxt *authctxt) /* If IdentitiesOnly set and key not found then don't use it */ if (!found && options.identities_only) { TAILQ_REMOVE(&files, id, next); - explicit_bzero(id, sizeof(*id)); - free(id); + freezero(id, sizeof(*id)); } } /* append remaining keys from the config file */ @@ -1419,9 +1564,7 @@ pubkey_prepare(Authctxt *authctxt) } /* finally, filter by PubkeyAcceptedKeyTypes */ TAILQ_FOREACH_SAFE(id, preferred, next, id2) { - if (id->key != NULL && - match_pattern_list(sshkey_ssh_name(id->key), - options.pubkey_key_types, 0) != 1) { + if (id->key != NULL && !key_type_allowed_by_config(id->key)) { debug("Skipping %s key %s - " "not in PubkeyAcceptedKeyTypes", sshkey_ssh_name(id->key), id->filename); @@ -1467,10 +1610,10 @@ try_identity(Identity *id) { if (!id->key) return (0); - if (key_type_plain(id->key->type) == KEY_RSA && + if (sshkey_type_plain(id->key->type) == KEY_RSA && (datafellows & SSH_BUG_RSASIGMD5) != 0) { debug("Skipped %s key %s for RSA/MD5 server", - key_type(id->key), id->filename); + sshkey_type(id->key), id->filename); return (0); } return 1; @@ -1479,6 +1622,7 @@ try_identity(Identity *id) int userauth_pubkey(Authctxt *authctxt) { + struct ssh *ssh = active_state; /* XXX */ Identity *id; int sent = 0; char *fp; @@ -1506,7 +1650,7 @@ userauth_pubkey(Authctxt *authctxt) debug("Offering public key: %s %s %s", sshkey_type(id->key), fp, id->filename); free(fp); - sent = send_pubkey_test(authctxt, id); + sent = send_pubkey_test(ssh, authctxt, id); } } else { debug("Trying private key: %s", id->filename); @@ -1514,10 +1658,10 @@ userauth_pubkey(Authctxt *authctxt) if (id->key != NULL) { if (try_identity(id)) { id->isprivate = 1; - sent = sign_and_send_pubkey( + sent = sign_and_send_pubkey(ssh, authctxt, id); } - key_free(id->key); + sshkey_free(id->key); id->key = NULL; id->isprivate = 0; } @@ -1534,28 +1678,31 @@ userauth_pubkey(Authctxt *authctxt) int userauth_kbdint(Authctxt *authctxt) { + struct ssh *ssh = active_state; /* XXX */ static int attempt = 0; + int r; if (attempt++ >= options.number_of_password_prompts) return 0; /* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */ if (attempt > 1 && !authctxt->info_req_seen) { debug3("userauth_kbdint: disable: no info_req_seen"); - dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, NULL); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST, NULL); return 0; } debug2("userauth_kbdint"); - packet_start(SSH2_MSG_USERAUTH_REQUEST); - packet_put_cstring(authctxt->server_user); - packet_put_cstring(authctxt->service); - packet_put_cstring(authctxt->method->name); - packet_put_cstring(""); /* lang */ - packet_put_cstring(options.kbd_interactive_devices ? - options.kbd_interactive_devices : ""); - packet_send(); - - dispatch_set(SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req); + if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 || + (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 || + (r = sshpkt_put_cstring(ssh, "")) != 0 || /* lang */ + (r = sshpkt_put_cstring(ssh, options.kbd_interactive_devices ? + options.kbd_interactive_devices : "")) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); + + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req); return 1; } @@ -1566,9 +1713,11 @@ int input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; - char *name, *inst, *lang, *prompt, *response; + char *name = NULL, *inst = NULL, *lang = NULL, *prompt = NULL; + char *response = NULL; + u_char echo = 0; u_int num_prompts, i; - int echo = 0; + int r; debug2("input_userauth_info_req"); @@ -1577,44 +1726,52 @@ input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh) authctxt->info_req_seen = 1; - name = packet_get_string(NULL); - inst = packet_get_string(NULL); - lang = packet_get_string(NULL); + if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0 || + (r = sshpkt_get_cstring(ssh, &inst, NULL)) != 0 || + (r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0) + goto out; if (strlen(name) > 0) logit("%s", name); if (strlen(inst) > 0) logit("%s", inst); - free(name); - free(inst); - free(lang); - num_prompts = packet_get_int(); + if ((r = sshpkt_get_u32(ssh, &num_prompts)) != 0) + goto out; /* * Begin to build info response packet based on prompts requested. * We commit to providing the correct number of responses, so if * further on we run into a problem that prevents this, we have to * be sure and clean this up and send a correct error response. */ - packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE); - packet_put_int(num_prompts); + if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_INFO_RESPONSE)) != 0 || + (r = sshpkt_put_u32(ssh, num_prompts)) != 0) + goto out; debug2("input_userauth_info_req: num_prompts %d", num_prompts); for (i = 0; i < num_prompts; i++) { - prompt = packet_get_string(NULL); - echo = packet_get_char(); - + if ((r = sshpkt_get_cstring(ssh, &prompt, NULL)) != 0 || + (r = sshpkt_get_u8(ssh, &echo)) != 0) + goto out; response = read_passphrase(prompt, echo ? RP_ECHO : 0); - - packet_put_cstring(response); - explicit_bzero(response, strlen(response)); - free(response); + if ((r = sshpkt_put_cstring(ssh, response)) != 0) + goto out; + freezero(response, strlen(response)); free(prompt); + response = prompt = NULL; } - packet_check_eom(); /* done with parsing incoming message. */ - - packet_add_padding(64); - packet_send(); - return 0; + /* done with parsing incoming message. */ + if ((r = sshpkt_get_end(ssh)) != 0 || + (r = sshpkt_add_padding(ssh, 64)) != 0) + goto out; + r = sshpkt_send(ssh); + out: + if (response) + freezero(response, strlen(response)); + free(prompt); + free(name); + free(inst); + free(lang); + return r; } static int @@ -1655,7 +1812,6 @@ ssh_keysign(struct sshkey *key, u_char **sigp, size_t *lenp, if (pid == 0) { /* keep the socket on exec */ fcntl(sock, F_SETFD, 0); - permanently_drop_suid(getuid()); close(from[0]); if (dup2(from[1], STDOUT_FILENO) < 0) fatal("%s: dup2: %s", __func__, strerror(errno)); @@ -1735,7 +1891,7 @@ ssh_keysign(struct sshkey *key, u_char **sigp, size_t *lenp, int userauth_hostbased(Authctxt *authctxt) { - struct ssh *ssh = active_state; + struct ssh *ssh = active_state; /* XXX */ struct sshkey *private = NULL; struct sshbuf *b = NULL; u_char *sig = NULL, *keyblob = NULL; @@ -1822,7 +1978,7 @@ userauth_hostbased(Authctxt *authctxt) (r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 || (r = sshbuf_put_cstring(b, authctxt->service)) != 0 || (r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 || - (r = sshbuf_put_cstring(b, key_ssh_name(private))) != 0 || + (r = sshbuf_put_cstring(b, sshkey_ssh_name(private))) != 0 || (r = sshbuf_put_string(b, keyblob, keylen)) != 0 || (r = sshbuf_put_cstring(b, chost)) != 0 || (r = sshbuf_put_cstring(b, authctxt->local_user)) != 0) { @@ -1833,12 +1989,8 @@ userauth_hostbased(Authctxt *authctxt) #ifdef DEBUG_PK sshbuf_dump(b, stderr); #endif - if (authctxt->sensitive->external_keysign) - r = ssh_keysign(private, &sig, &siglen, - sshbuf_ptr(b), sshbuf_len(b)); - else if ((r = sshkey_sign(private, &sig, &siglen, - sshbuf_ptr(b), sshbuf_len(b), NULL, datafellows)) != 0) - debug("%s: sshkey_sign: %s", __func__, ssh_err(r)); + r = ssh_keysign(private, &sig, &siglen, + sshbuf_ptr(b), sshbuf_len(b)); if (r != 0) { error("sign using hostkey %s %s failed", sshkey_ssh_name(private), fp); @@ -1848,7 +2000,7 @@ userauth_hostbased(Authctxt *authctxt) (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 || (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 || (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 || - (r = sshpkt_put_cstring(ssh, key_ssh_name(private))) != 0 || + (r = sshpkt_put_cstring(ssh, sshkey_ssh_name(private))) != 0 || (r = sshpkt_put_string(ssh, keyblob, keylen)) != 0 || (r = sshpkt_put_cstring(ssh, chost)) != 0 || (r = sshpkt_put_cstring(ssh, authctxt->local_user)) != 0 || @@ -1860,10 +2012,8 @@ userauth_hostbased(Authctxt *authctxt) success = 1; out: - if (sig != NULL) { - explicit_bzero(sig, siglen); - free(sig); - } + if (sig != NULL) + freezero(sig, siglen); free(keyblob); free(lname); free(fp); @@ -1960,20 +2110,22 @@ static char * authmethods_get(void) { Authmethod *method = NULL; - Buffer b; + struct sshbuf *b; char *list; + int r; - buffer_init(&b); + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); for (method = authmethods; method->name != NULL; method++) { if (authmethod_is_enabled(method)) { - if (buffer_len(&b) > 0) - buffer_append(&b, ",", 1); - buffer_append(&b, method->name, strlen(method->name)); + if ((r = sshbuf_putf(b, "%s%s", + sshbuf_len(b) ? "," : "", method->name)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); } } - if ((list = sshbuf_dup_string(&b)) == NULL) + if ((list = sshbuf_dup_string(b)) == NULL) fatal("%s: sshbuf_dup_string failed", __func__); - buffer_free(&b); + sshbuf_free(b); return list; } - diff --git a/sshd.0 b/sshd.0 index 999d160bf8d..ac7e7070711 100644 --- a/sshd.0 +++ b/sshd.0 @@ -145,7 +145,7 @@ AUTHENTICATION Regardless of the authentication type, the account is checked to ensure that it is accessible. An account is not accessible if it is locked, listed in DenyUsers or its group is listed in DenyGroups . The - definition of a locked account is system dependant. Some platforms have + definition of a locked account is system dependent. Some platforms have their own account database (eg AIX) and some modify the passwd field ( M-bM-^@M-^X*LK*M-bM-^@M-^Y on Solaris and UnixWare, M-bM-^@M-^X*M-bM-^@M-^Y on HP-UX, containing M-bM-^@M-^XNologinM-bM-^@M-^Y on Tru64, a leading M-bM-^@M-^X*LOCKED*M-bM-^@M-^Y on FreeBSD and a leading M-bM-^@M-^X!M-bM-^@M-^Y on most @@ -341,14 +341,28 @@ AUTHORIZED_KEYS FILE FORMAT Forbids X11 forwarding when this key is used for authentication. Any X11 forward requests by the client will return an error. + permitlisten="[host:]port" + Limit remote port forwarding with the ssh(1) -R option such that + it may only listen on the specified host (optional) and port. + IPv6 addresses can be specified by enclosing the address in + square brackets. Multiple permitlisten options may be applied + separated by commas. Hostnames may include wildcards as + described in the PATTERNS section in ssh_config(5). A port + specification of * matches any port. Note that the setting of + GatewayPorts may further restrict listen addresses. Note that + ssh(1) will send a hostname of M-bM-^@M-^\localhostM-bM-^@M-^] if a listen host was + not specified when the forwarding was requested, and that this + name is treated differently to the explicit localhost addresses + M-bM-^@M-^\127.0.0.1M-bM-^@M-^] and M-bM-^@M-^\::1M-bM-^@M-^]. + permitopen="host:port" - Limit local port forwarding with ssh(1) -L such that it may only - connect to the specified host and port. IPv6 addresses can be - specified by enclosing the address in square brackets. Multiple - permitopen options may be applied separated by commas. No - pattern matching is performed on the specified hostnames, they - must be literal domains or addresses. A port specification of * - matches any port. + Limit local port forwarding with the ssh(1) -L option such that + it may only connect to the specified host and port. IPv6 + addresses can be specified by enclosing the address in square + brackets. Multiple permitopen options may be applied separated + by commas. No pattern matching is performed on the specified + hostnames, they must be literal domains or addresses. A port + specification of * matches any port. port-forwarding Enable port forwarding previously disabled by the restrict @@ -390,9 +404,11 @@ AUTHORIZED_KEYS FILE FORMAT ssh-rsa AAAAB3Nza...LiPk== user@example.net from="*.sales.example.net,!pc.sales.example.net" ssh-rsa AAAAB2...19Q== john@example.net - command="dump /home",no-pty,no-port-forwarding ssh-dss + command="dump /home",no-pty,no-port-forwarding ssh-rsa AAAAC3...51R== example.net - permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss + permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-rsa + AAAAB5...21S== + permitlisten="localhost:8080",permitopen="localhost:22000" ssh-rsa AAAAB5...21S== tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== jane@example.net @@ -634,4 +650,4 @@ AUTHORS versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support for privilege separation. -OpenBSD 6.2 March 14, 2018 OpenBSD 6.2 +OpenBSD 6.4 July 22, 2018 OpenBSD 6.4 diff --git a/sshd.8 b/sshd.8 index 968ba66bbe8..fb133c14b98 100644 --- a/sshd.8 +++ b/sshd.8 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.299 2018/03/14 06:56:20 jmc Exp $ -.Dd $Mdocdate: March 14 2018 $ +.\" $OpenBSD: sshd.8,v 1.304 2018/07/22 12:16:59 dtucker Exp $ +.Dd $Mdocdate: July 22 2018 $ .Dt SSHD 8 .Os .Sh NAME @@ -277,7 +277,7 @@ locked, listed in .Cm DenyUsers or its group is listed in .Cm DenyGroups -\&. The definition of a locked account is system dependant. Some platforms +\&. The definition of a locked account is system dependent. Some platforms have their own account database (eg AIX) and some modify the passwd field ( .Ql \&*LK\&* on Solaris and UnixWare, @@ -554,11 +554,37 @@ Disables execution of .It Cm no-X11-forwarding Forbids X11 forwarding when this key is used for authentication. Any X11 forward requests by the client will return an error. +.It Cm permitlisten="[host:]port" +Limit remote port forwarding with the +.Xr ssh 1 +.Fl R +option such that it may only listen on the specified host (optional) and port. +IPv6 addresses can be specified by enclosing the address in square brackets. +Multiple +.Cm permitlisten +options may be applied separated by commas. +Hostnames may include wildcards as described in the PATTERNS section in +.Xr ssh_config 5 . +A port specification of +.Cm * +matches any port. +Note that the setting of +.Cm GatewayPorts +may further restrict listen addresses. +Note that +.Xr ssh 1 +will send a hostname of +.Dq localhost +if a listen host was not specified when the forwarding was requested, and +that this name is treated differently to the explicit localhost addresses +.Dq 127.0.0.1 +and +.Dq ::1 . .It Cm permitopen="host:port" -Limit local port forwarding with +Limit local port forwarding with the .Xr ssh 1 .Fl L -such that it may only connect to the specified host and port. +option such that it may only connect to the specified host and port. IPv6 addresses can be specified by enclosing the address in square brackets. Multiple .Cm permitopen @@ -618,9 +644,11 @@ An example authorized_keys file: ssh-rsa AAAAB3Nza...LiPk== user@example.net from="*.sales.example.net,!pc.sales.example.net" ssh-rsa AAAAB2...19Q== john@example.net -command="dump /home",no-pty,no-port-forwarding ssh-dss +command="dump /home",no-pty,no-port-forwarding ssh-rsa AAAAC3...51R== example.net -permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss +permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-rsa +AAAAB5...21S== +permitlisten="localhost:8080",permitopen="localhost:22000" ssh-rsa AAAAB5...21S== tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== jane@example.net diff --git a/sshd.c b/sshd.c index fd95b681b7c..a738c3ab656 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.506 2018/03/03 03:15:51 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.514 2018/08/13 02:41:05 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -91,7 +91,7 @@ #include "sshpty.h" #include "packet.h" #include "log.h" -#include "buffer.h" +#include "sshbuf.h" #include "misc.h" #include "match.h" #include "servconf.h" @@ -99,7 +99,7 @@ #include "compat.h" #include "cipher.h" #include "digest.h" -#include "key.h" +#include "sshkey.h" #include "kex.h" #include "myproposal.h" #include "authfile.h" @@ -237,10 +237,10 @@ Authctxt *the_authctxt = NULL; struct sshauthopt *auth_opts = NULL; /* sshd_config buffer */ -Buffer cfg; +struct sshbuf *cfg; /* message to be displayed after login */ -Buffer loginmsg; +struct sshbuf *loginmsg; /* Unprivileged user */ struct passwd *privsep_pw = NULL; @@ -473,11 +473,11 @@ destroy_sensitive_data(void) for (i = 0; i < options.num_host_key_files; i++) { if (sensitive_data.host_keys[i]) { - key_free(sensitive_data.host_keys[i]); + sshkey_free(sensitive_data.host_keys[i]); sensitive_data.host_keys[i] = NULL; } if (sensitive_data.host_certificates[i]) { - key_free(sensitive_data.host_certificates[i]); + sshkey_free(sensitive_data.host_certificates[i]); sensitive_data.host_certificates[i] = NULL; } } @@ -489,11 +489,16 @@ demote_sensitive_data(void) { struct sshkey *tmp; u_int i; + int r; for (i = 0; i < options.num_host_key_files; i++) { if (sensitive_data.host_keys[i]) { - tmp = key_demote(sensitive_data.host_keys[i]); - key_free(sensitive_data.host_keys[i]); + if ((r = sshkey_demote(sensitive_data.host_keys[i], + &tmp)) != 0) + fatal("could not demote host %s key: %s", + sshkey_type(sensitive_data.host_keys[i]), + ssh_err(r)); + sshkey_free(sensitive_data.host_keys[i]); sensitive_data.host_keys[i] = tmp; } /* Certs do not need demotion */ @@ -649,7 +654,7 @@ privsep_postauth(Authctxt *authctxt) fatal("fork of unprivileged child failed"); else if (pmonitor->m_pid != 0) { verbose("User child is on pid %ld", (long)pmonitor->m_pid); - buffer_clear(&loginmsg); + sshbuf_reset(loginmsg); monitor_clear_keystate(pmonitor); monitor_child_postauth(pmonitor); @@ -681,45 +686,47 @@ privsep_postauth(Authctxt *authctxt) packet_set_authenticated(); } +static void +append_hostkey_type(struct sshbuf *b, const char *s) +{ + int r; + + if (match_pattern_list(s, options.hostkeyalgorithms, 0) != 1) { + debug3("%s: %s key not permitted by HostkeyAlgorithms", + __func__, s); + return; + } + if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) > 0 ? "," : "", s)) != 0) + fatal("%s: sshbuf_putf: %s", __func__, ssh_err(r)); +} + static char * list_hostkey_types(void) { - Buffer b; - const char *p; + struct sshbuf *b; + struct sshkey *key; char *ret; u_int i; - struct sshkey *key; - buffer_init(&b); + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); for (i = 0; i < options.num_host_key_files; i++) { key = sensitive_data.host_keys[i]; if (key == NULL) key = sensitive_data.host_pubkeys[i]; if (key == NULL) continue; - /* Check that the key is accepted in HostkeyAlgorithms */ - if (match_pattern_list(sshkey_ssh_name(key), - options.hostkeyalgorithms, 0) != 1) { - debug3("%s: %s key not permitted by HostkeyAlgorithms", - __func__, sshkey_ssh_name(key)); - continue; - } switch (key->type) { case KEY_RSA: + /* for RSA we also support SHA2 signatures */ + append_hostkey_type(b, "rsa-sha2-512"); + append_hostkey_type(b, "rsa-sha2-256"); + /* FALLTHROUGH */ case KEY_DSA: case KEY_ECDSA: case KEY_ED25519: case KEY_XMSS: - if (buffer_len(&b) > 0) - buffer_append(&b, ",", 1); - p = key_ssh_name(key); - buffer_append(&b, p, strlen(p)); - - /* for RSA we also support SHA2 signatures */ - if (key->type == KEY_RSA) { - p = ",rsa-sha2-512,rsa-sha2-256"; - buffer_append(&b, p, strlen(p)); - } + append_hostkey_type(b, sshkey_ssh_name(key)); break; } /* If the private key has a cert peer, then list that too */ @@ -728,21 +735,24 @@ list_hostkey_types(void) continue; switch (key->type) { case KEY_RSA_CERT: + /* for RSA we also support SHA2 signatures */ + append_hostkey_type(b, + "rsa-sha2-512-cert-v01@openssh.com"); + append_hostkey_type(b, + "rsa-sha2-256-cert-v01@openssh.com"); + /* FALLTHROUGH */ case KEY_DSA_CERT: case KEY_ECDSA_CERT: case KEY_ED25519_CERT: case KEY_XMSS_CERT: - if (buffer_len(&b) > 0) - buffer_append(&b, ",", 1); - p = key_ssh_name(key); - buffer_append(&b, p, strlen(p)); + append_hostkey_type(b, sshkey_ssh_name(key)); break; } } - if ((ret = sshbuf_dup_string(&b)) == NULL) + if ((ret = sshbuf_dup_string(b)) == NULL) fatal("%s: sshbuf_dup_string failed", __func__); - buffer_free(&b); - debug("list_hostkey_types: %s", ret); + sshbuf_free(b); + debug("%s: %s", __func__, ret); return ret; } @@ -809,7 +819,7 @@ get_hostkey_index(struct sshkey *key, int compare, struct ssh *ssh) u_int i; for (i = 0; i < options.num_host_key_files; i++) { - if (key_is_cert(key)) { + if (sshkey_is_cert(key)) { if (key == sensitive_data.host_certificates[i] || (compare && sensitive_data.host_certificates[i] && sshkey_equal(key, @@ -953,31 +963,33 @@ send_rexec_state(int fd, struct sshbuf *conf) } static void -recv_rexec_state(int fd, Buffer *conf) +recv_rexec_state(int fd, struct sshbuf *conf) { - Buffer m; - char *cp; - u_int len; + struct sshbuf *m; + u_char *cp, ver; + size_t len; + int r; debug3("%s: entering fd = %d", __func__, fd); - buffer_init(&m); - - if (ssh_msg_recv(fd, &m) == -1) + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if (ssh_msg_recv(fd, m) == -1) fatal("%s: ssh_msg_recv failed", __func__); - if (buffer_get_char(&m) != 0) + if ((r = sshbuf_get_u8(m, &ver)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (ver != 0) fatal("%s: rexec version mismatch", __func__); - - cp = buffer_get_string(&m, &len); - if (conf != NULL) - buffer_append(conf, cp, len); - free(cp); - + if ((r = sshbuf_get_string(m, &cp, &len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (conf != NULL && (r = sshbuf_put(conf, cp, len))) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); #if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) - rexec_recv_rng_seed(&m); + rexec_recv_rng_seed(m); #endif - buffer_free(&m); + free(cp); + sshbuf_free(m); debug3("%s: done", __func__); } @@ -1258,8 +1270,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) startup_pipe = -1; pid = getpid(); if (rexec_flag) { - send_rexec_state(config_s[0], - &cfg); + send_rexec_state(config_s[0], cfg); close(config_s[0]); } break; @@ -1305,7 +1316,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) close(startup_p[1]); if (rexec_flag) { - send_rexec_state(config_s[0], &cfg); + send_rexec_state(config_s[0], cfg); close(config_s[0]); close(config_s[1]); } @@ -1336,7 +1347,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) * return an error if any are found). Basically we are worried about * source routing; it can be used to pretend you are somebody * (ip-address) you are not. That itself may be "almost acceptable" - * under certain circumstances, but rhosts autentication is useless + * under certain circumstances, but rhosts authentication is useless * if source routing is accepted. Notice also that if we just dropped * source routing here, the other side could use IP spoofing to do * rest of the interaction and could still bypass security. So we @@ -1413,6 +1424,43 @@ set_process_rdomain(struct ssh *ssh, const char *name) #endif } +static void +accumulate_host_timing_secret(struct sshbuf *server_cfg, + const struct sshkey *key) +{ + static struct ssh_digest_ctx *ctx; + u_char *hash; + size_t len; + struct sshbuf *buf; + int r; + + if (ctx == NULL && (ctx = ssh_digest_start(SSH_DIGEST_SHA512)) == NULL) + fatal("%s: ssh_digest_start", __func__); + if (key == NULL) { /* finalize */ + /* add server config in case we are using agent for host keys */ + if (ssh_digest_update(ctx, sshbuf_ptr(server_cfg), + sshbuf_len(server_cfg)) != 0) + fatal("%s: ssh_digest_update", __func__); + len = ssh_digest_bytes(SSH_DIGEST_SHA512); + hash = xmalloc(len); + if (ssh_digest_final(ctx, hash, len) != 0) + fatal("%s: ssh_digest_final", __func__); + options.timing_secret = PEEK_U64(hash); + freezero(hash, len); + ssh_digest_free(ctx); + ctx = NULL; + return; + } + if ((buf = sshbuf_new()) == NULL) + fatal("%s could not allocate buffer", __func__); + if ((r = sshkey_private_serialize(key, buf)) != 0) + fatal("sshkey_private_serialize: %s", ssh_err(r)); + if (ssh_digest_update(ctx, sshbuf_ptr(buf), sshbuf_len(buf)) != 0) + fatal("%s: ssh_digest_update", __func__); + sshbuf_reset(buf); + sshbuf_free(buf); +} + /* * Main program for the daemon. */ @@ -1620,14 +1668,15 @@ main(int ac, char **av) "test mode (-T)"); /* Fetch our configuration */ - buffer_init(&cfg); + if ((cfg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); if (rexeced_flag) - recv_rexec_state(REEXEC_CONFIG_PASS_FD, &cfg); + recv_rexec_state(REEXEC_CONFIG_PASS_FD, cfg); else if (strcasecmp(config_file_name, "none") != 0) - load_server_config(config_file_name, &cfg); + load_server_config(config_file_name, cfg); parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, - &cfg, NULL); + cfg, NULL); seed_rng(); @@ -1714,11 +1763,18 @@ main(int ac, char **av) for (i = 0; i < options.num_host_key_files; i++) { if (options.host_key_files[i] == NULL) continue; - key = key_load_private(options.host_key_files[i], "", NULL); - pubkey = key_load_public(options.host_key_files[i], NULL); - + if ((r = sshkey_load_private(options.host_key_files[i], "", + &key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR) + error("Error loading host key \"%s\": %s", + options.host_key_files[i], ssh_err(r)); + if ((r = sshkey_load_public(options.host_key_files[i], + &pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR) + error("Error loading host key \"%s\": %s", + options.host_key_files[i], ssh_err(r)); if (pubkey == NULL && key != NULL) - pubkey = key_demote(key); + if ((r = sshkey_demote(key, &pubkey)) != 0) + fatal("Could not demote key: \"%s\": %s", + options.host_key_files[i], ssh_err(r)); sensitive_data.host_keys[i] = key; sensitive_data.host_pubkeys[i] = pubkey; @@ -1728,6 +1784,7 @@ main(int ac, char **av) keytype = pubkey->type; } else if (key != NULL) { keytype = key->type; + accumulate_host_timing_secret(cfg, key); } else { error("Could not load host key: %s", options.host_key_files[i]); @@ -1753,6 +1810,7 @@ main(int ac, char **av) key ? "private" : "agent", i, sshkey_ssh_name(pubkey), fp); free(fp); } + accumulate_host_timing_secret(cfg, NULL); if (!sensitive_data.have_ssh2_key) { logit("sshd: no hostkeys available -- exiting."); exit(1); @@ -1770,21 +1828,21 @@ main(int ac, char **av) for (i = 0; i < options.num_host_cert_files; i++) { if (options.host_cert_files[i] == NULL) continue; - key = key_load_public(options.host_cert_files[i], NULL); - if (key == NULL) { - error("Could not load host certificate: %s", - options.host_cert_files[i]); + if ((r = sshkey_load_public(options.host_cert_files[i], + &key, NULL)) != 0) { + error("Could not load host certificate \"%s\": %s", + options.host_cert_files[i], ssh_err(r)); continue; } - if (!key_is_cert(key)) { + if (!sshkey_is_cert(key)) { error("Certificate file is not a certificate: %s", options.host_cert_files[i]); - key_free(key); + sshkey_free(key); continue; } /* Find matching private key */ for (j = 0; j < options.num_host_key_files; j++) { - if (key_equal_public(key, + if (sshkey_equal_public(key, sensitive_data.host_keys[j])) { sensitive_data.host_certificates[j] = key; break; @@ -1793,12 +1851,12 @@ main(int ac, char **av) if (j >= options.num_host_key_files) { error("No matching private key for certificate: %s", options.host_cert_files[i]); - key_free(key); + sshkey_free(key); continue; } sensitive_data.host_certificates[j] = key; debug("host certificate: #%u type %d %s", j, key->type, - key_type(key)); + sshkey_type(key)); } if (privsep_chroot) { @@ -2065,7 +2123,7 @@ main(int ac, char **av) /* allocate authentication context */ authctxt = xcalloc(1, sizeof(*authctxt)); - authctxt->loginmsg = &loginmsg; + authctxt->loginmsg = loginmsg; /* XXX global for cleanup, access from other modules */ the_authctxt = authctxt; @@ -2075,7 +2133,8 @@ main(int ac, char **av) fatal("allocation failed"); /* prepare buffer to collect messages to display to user after login */ - buffer_init(&loginmsg); + if ((loginmsg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); auth_debug_reset(); if (use_privsep) { @@ -2178,26 +2237,21 @@ main(int ac, char **av) int sshd_hostkey_sign(struct sshkey *privkey, struct sshkey *pubkey, - u_char **signature, size_t *slen, const u_char *data, size_t dlen, + u_char **signature, size_t *slenp, const u_char *data, size_t dlen, const char *alg, u_int flag) { int r; - u_int xxx_slen, xxx_dlen = dlen; if (privkey) { - if (PRIVSEP(key_sign(privkey, signature, &xxx_slen, data, xxx_dlen, - alg) < 0)) + if (PRIVSEP(sshkey_sign(privkey, signature, slenp, data, dlen, + alg, datafellows)) < 0) fatal("%s: key_sign failed", __func__); - if (slen) - *slen = xxx_slen; } else if (use_privsep) { - if (mm_key_sign(pubkey, signature, &xxx_slen, data, xxx_dlen, - alg) < 0) + if (mm_sshkey_sign(pubkey, signature, slenp, data, dlen, + alg, datafellows) < 0) fatal("%s: pubkey_sign failed", __func__); - if (slen) - *slen = xxx_slen; } else { - if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slen, + if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slenp, data, dlen, alg, datafellows)) != 0) fatal("%s: ssh_agent_sign failed: %s", __func__, ssh_err(r)); diff --git a/sshd_config b/sshd_config index 3109d5d7375..19b7c91a154 100644 --- a/sshd_config +++ b/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $ +# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -91,7 +91,6 @@ AuthorizedKeysFile .ssh/authorized_keys #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes -#UseLogin no #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 diff --git a/sshd_config.0 b/sshd_config.0 index 95c17fc8ddf..0498495fe69 100644 --- a/sshd_config.0 +++ b/sshd_config.0 @@ -16,17 +16,17 @@ DESCRIPTION AcceptEnv Specifies what environment variables sent by the client will be - copied into the session's environ(7). See SendEnv in + copied into the session's environ(7). See SendEnv and SetEnv in ssh_config(5) for how to configure the client. The TERM - environment variable is always sent whenever the client requests - a pseudo-terminal as it is required by the protocol. Variables - are specified by name, which may contain the wildcard characters - M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y. Multiple environment variables may be separated by - whitespace or spread across multiple AcceptEnv directives. Be - warned that some environment variables could be used to bypass - restricted user environments. For this reason, care should be - taken in the use of this directive. The default is not to accept - any environment variables. + environment variable is always accepted whenever the client + requests a pseudo-terminal as it is required by the protocol. + Variables are specified by name, which may contain the wildcard + characters M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y. Multiple environment variables may be + separated by whitespace or spread across multiple AcceptEnv + directives. Be warned that some environment variables could be + used to bypass restricted user environments. For this reason, + care should be taken in the use of this directive. The default + is not to accept any environment variables. AddressFamily Specifies which address family should be used by sshd(8). Valid @@ -88,7 +88,7 @@ DESCRIPTION AuthenticationMethods Specifies the authentication methods that must be successfully completed for a user to be granted access. This option must be - followed by one or more comma-separated lists of authentication + followed by one or more lists of comma-separated authentication method names, or by the single string any to indicate the default behaviour of accepting any single authentication method. If the default is overridden, then successful authentication requires @@ -104,8 +104,8 @@ DESCRIPTION For keyboard interactive authentication it is also possible to restrict authentication to a specific device by appending a colon - followed by the device identifier bsdauth, pam, or skey, - depending on the server configuration. For example, + followed by the device identifier bsdauth or pam. depending on + the server configuration. For example, "keyboard-interactive:bsdauth" would restrict keyboard interactive authentication to the bsdauth device. @@ -120,7 +120,7 @@ DESCRIPTION The available authentication methods are: "gssapi-with-mic", "hostbased", "keyboard-interactive", "none" (used for access to - password-less accounts when PermitEmptyPassword is enabled), + password-less accounts when PermitEmptyPasswords is enabled), "password" and "publickey". AuthorizedKeysCommand @@ -382,11 +382,11 @@ DESCRIPTION HostbasedAcceptedKeyTypes Specifies the key types that will be accepted for hostbased - authentication as a comma-separated pattern list. Alternately if - the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the - specified key types will be appended to the default set instead - of replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y - character, then the specified key types (including wildcards) + authentication as a list of comma-separated patterns. + Alternately if the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, + then the specified key types will be appended to the default set + instead of replacing them. If the specified value begins with a + M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards) will be removed from the default set instead of replacing them. The default for this option is: @@ -394,9 +394,10 @@ DESCRIPTION ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, + rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, - ssh-ed25519,ssh-rsa + ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa The list of available key types may also be obtained using "ssh -Q key". @@ -449,9 +450,10 @@ DESCRIPTION ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, + rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, - ssh-ed25519,ssh-rsa + ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa The list of available key types may also be obtained using "ssh -Q key". @@ -478,8 +480,9 @@ DESCRIPTION If one argument is specified, it is used as the packet class unconditionally. If two values are specified, the first is automatically selected for interactive sessions and the second - for non-interactive sessions. The default is lowdelay for - interactive sessions and throughput for non-interactive sessions. + for non-interactive sessions. The default is af21 (Low-Latency + Data) for interactive sessions and cs1 (Lower Effort) for non- + interactive sessions. KbdInteractiveAuthentication Specifies whether to allow keyboard-interactive authentication. @@ -651,9 +654,9 @@ DESCRIPTION HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, IPQoS, KbdInteractiveAuthentication, KerberosAuthentication, LogLevel, MaxAuthTries, MaxSessions, PasswordAuthentication, - PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTTY, - PermitTunnel, PermitUserRC, PubkeyAcceptedKeyTypes, - PubkeyAuthentication, RekeyLimit, RevokedKeys, RDomain, + PermitEmptyPasswords, PermitListen, PermitOpen, PermitRootLogin, + PermitTTY, PermitTunnel, PermitUserRC, PubkeyAcceptedKeyTypes, + PubkeyAuthentication, RekeyLimit, RevokedKeys, RDomain, SetEnv, StreamLocalBindMask, StreamLocalBindUnlink, TrustedUserCAKeys, X11DisplayOffset, X11Forwarding and X11UseLocalHost. @@ -694,6 +697,28 @@ DESCRIPTION server allows login to accounts with empty password strings. The default is no. + PermitListen + Specifies the addresses/ports on which a remote TCP port + forwarding may listen. The listen specification must be one of + the following forms: + + PermitListen port + PermitListen host:port + + Multiple permissions may be specified by separating them with + whitespace. An argument of any can be used to remove all + restrictions and permit any listen requests. An argument of none + can be used to prohibit all listen requests. The host name may + contain wildcards as described in the PATTERNS section in + ssh_config(5). The wildcard M-bM-^@M-^X*M-bM-^@M-^Y can also be used in place of a + port number to allow all ports. By default all port forwarding + listen requests are permitted. Note that the GatewayPorts option + may further restrict which addresses may be listened on. Note + also that ssh(1) will request a listen host of M-bM-^@M-^\localhostM-bM-^@M-^] if no + listen host was specifically requested, and this this name is + treated differently to explicit localhost addresses of + M-bM-^@M-^\127.0.0.1M-bM-^@M-^] and M-bM-^@M-^\::1M-bM-^@M-^]. + PermitOpen Specifies the destinations to which TCP port forwarding is permitted. The forwarding specification must be one of the @@ -743,10 +768,12 @@ DESCRIPTION PermitUserEnvironment Specifies whether ~/.ssh/environment and environment= options in - ~/.ssh/authorized_keys are processed by sshd(8). The default is - no. Enabling environment processing may enable users to bypass - access restrictions in some configurations using mechanisms such - as LD_PRELOAD. + ~/.ssh/authorized_keys are processed by sshd(8). Valid options + are yes, no or a pattern-list specifying which environment + variable names to accept (for example "LANG,LC_*"). The default + is no. Enabling environment processing may enable users to + bypass access restrictions in some configurations using + mechanisms such as LD_PRELOAD. PermitUserRC Specifies whether any ~/.ssh/rc file is executed. The default is @@ -773,11 +800,11 @@ DESCRIPTION PubkeyAcceptedKeyTypes Specifies the key types that will be accepted for public key - authentication as a comma-separated pattern list. Alternately if - the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the - specified key types will be appended to the default set instead - of replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y - character, then the specified key types (including wildcards) + authentication as a list of comma-separated patterns. + Alternately if the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, + then the specified key types will be appended to the default set + instead of replacing them. If the specified value begins with a + M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards) will be removed from the default set instead of replacing them. The default for this option is: @@ -785,9 +812,10 @@ DESCRIPTION ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, + rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, - ssh-ed25519,ssh-rsa + ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa The list of available key types may also be obtained using "ssh -Q key". @@ -827,6 +855,13 @@ DESCRIPTION rdomain(4). If the routing domain is set to %D, then the domain in which the incoming connection was received will be applied. + SetEnv Specifies one or more environment variables to set in child + sessions started by sshd(8) as M-bM-^@M-^\NAME=VALUEM-bM-^@M-^]. The environment + value may be quoted (e.g. if it contains whitespace characters). + Environment variables set by SetEnv override the default + environment and any variables specified by the user via AcceptEnv + or PermitUserEnvironment. + StreamLocalBindMask Sets the octal file creation mode mask (umask) used when creating a Unix-domain socket file for local or remote port forwarding. @@ -1011,18 +1046,19 @@ TOKENS %s The serial number of the certificate. %T The type of the CA key. %t The key or certificate type. + %U The numeric user ID of the target user. %u The username. - AuthorizedKeysCommand accepts the tokens %%, %f, %h, %k, %t, and %u. + AuthorizedKeysCommand accepts the tokens %%, %f, %h, %k, %t, %U, and %u. - AuthorizedKeysFile accepts the tokens %%, %h, and %u. + AuthorizedKeysFile accepts the tokens %%, %h, %U, and %u. AuthorizedPrincipalsCommand accepts the tokens %%, %F, %f, %h, %i, %K, - %k, %s, %T, %t, and %u. + %k, %s, %T, %t, %U, and %u. - AuthorizedPrincipalsFile accepts the tokens %%, %h, and %u. + AuthorizedPrincipalsFile accepts the tokens %%, %h, %U, and %u. - ChrootDirectory accepts the tokens %%, %h, and %u. + ChrootDirectory accepts the tokens %%, %h, %U, and %u. RoutingDomain accepts the token %D. @@ -1043,4 +1079,4 @@ AUTHORS versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support for privilege separation. -OpenBSD 6.2 February 16, 2018 OpenBSD 6.2 +OpenBSD 6.4 July 20, 2018 OpenBSD 6.4 diff --git a/sshd_config.5 b/sshd_config.5 index e3c7c3936dd..e1b54ba20e3 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.263 2018/02/16 02:40:45 djm Exp $ -.Dd $Mdocdate: February 16 2018 $ +.\" $OpenBSD: sshd_config.5,v 1.281 2018/07/20 05:01:10 djm Exp $ +.Dd $Mdocdate: July 20 2018 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -66,12 +66,14 @@ the session's .Xr environ 7 . See .Cm SendEnv +and +.Cm SetEnv in .Xr ssh_config 5 for how to configure the client. The .Ev TERM -environment variable is always sent whenever the client +environment variable is always accepted whenever the client requests a pseudo-terminal as it is required by the protocol. Variables are specified by name, which may contain the wildcard characters .Ql * @@ -184,7 +186,7 @@ for more information on patterns. .It Cm AuthenticationMethods Specifies the authentication methods that must be successfully completed for a user to be granted access. -This option must be followed by one or more comma-separated lists of +This option must be followed by one or more lists of comma-separated authentication method names, or by the single string .Cm any to indicate the default behaviour of accepting any single authentication @@ -203,10 +205,9 @@ keyboard-interactive authentication before public key. For keyboard interactive authentication it is also possible to restrict authentication to a specific device by appending a colon followed by the device identifier -.Cm bsdauth , -.Cm pam , +.Cm bsdauth or -.Cm skey , +.Cm pam . depending on the server configuration. For example, .Qq keyboard-interactive:bsdauth @@ -231,7 +232,7 @@ The available authentication methods are: .Qq keyboard-interactive , .Qq none (used for access to password-less accounts when -.Cm PermitEmptyPassword +.Cm PermitEmptyPasswords is enabled), .Qq password and @@ -657,7 +658,7 @@ The default is .Cm yes . .It Cm HostbasedAcceptedKeyTypes Specifies the key types that will be accepted for hostbased authentication -as a comma-separated pattern list. +as a list of comma-separated patterns. Alternately if the specified value begins with a .Sq + character, then the specified key types will be appended to the default set @@ -672,9 +673,10 @@ ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, +rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,ssh-rsa +ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The list of available key types may also be obtained using @@ -749,9 +751,10 @@ ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, +rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,ssh-rsa +ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The list of available key types may also be obtained using @@ -816,9 +819,11 @@ If one argument is specified, it is used as the packet class unconditionally. If two values are specified, the first is automatically selected for interactive sessions and the second for non-interactive sessions. The default is -.Cm lowdelay +.Cm af21 +(Low-Latency Data) for interactive sessions and -.Cm throughput +.Cm cs1 +(Lower Effort) for non-interactive sessions. .It Cm KbdInteractiveAuthentication Specifies whether to allow keyboard-interactive authentication. @@ -1123,6 +1128,7 @@ Available keywords are .Cm MaxSessions , .Cm PasswordAuthentication , .Cm PermitEmptyPasswords , +.Cm PermitListen , .Cm PermitOpen , .Cm PermitRootLogin , .Cm PermitTTY , @@ -1133,6 +1139,7 @@ Available keywords are .Cm RekeyLimit , .Cm RevokedKeys , .Cm RDomain , +.Cm SetEnv , .Cm StreamLocalBindMask , .Cm StreamLocalBindUnlink , .Cm TrustedUserCAKeys , @@ -1182,6 +1189,48 @@ When password authentication is allowed, it specifies whether the server allows login to accounts with empty password strings. The default is .Cm no . +.It Cm PermitListen +Specifies the addresses/ports on which a remote TCP port forwarding may listen. +The listen specification must be one of the following forms: +.Pp +.Bl -item -offset indent -compact +.It +.Cm PermitListen +.Sm off +.Ar port +.Sm on +.It +.Cm PermitListen +.Sm off +.Ar host : port +.Sm on +.El +.Pp +Multiple permissions may be specified by separating them with whitespace. +An argument of +.Cm any +can be used to remove all restrictions and permit any listen requests. +An argument of +.Cm none +can be used to prohibit all listen requests. +The host name may contain wildcards as described in the PATTERNS section in +.Xr ssh_config 5 . +The wildcard +.Sq * +can also be used in place of a port number to allow all ports. +By default all port forwarding listen requests are permitted. +Note that the +.Cm GatewayPorts +option may further restrict which addresses may be listened on. +Note also that +.Xr ssh 1 +will request a listen host of +.Dq localhost +if no listen host was specifically requested, and this this name is +treated differently to explicit localhost addresses of +.Dq 127.0.0.1 +and +.Dq ::1 . .It Cm PermitOpen Specifies the destinations to which TCP port forwarding is permitted. The forwarding specification must be one of the following forms: @@ -1284,6 +1333,12 @@ options in .Pa ~/.ssh/authorized_keys are processed by .Xr sshd 8 . +Valid options are +.Cm yes , +.Cm no +or a pattern-list specifying which environment variable names to accept +(for example +.Qq LANG,LC_* ) . The default is .Cm no . Enabling environment processing may enable users to bypass access @@ -1330,7 +1385,7 @@ The default is .Cm yes . .It Cm PubkeyAcceptedKeyTypes Specifies the key types that will be accepted for public key authentication -as a comma-separated pattern list. +as a list of comma-separated patterns. Alternately if the specified value begins with a .Sq + character, then the specified key types will be appended to the default set @@ -1345,9 +1400,10 @@ ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, +rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, ssh-rsa-cert-v01@openssh.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,ssh-rsa +ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa .Ed .Pp The list of available key types may also be obtained using @@ -1402,6 +1458,21 @@ will be bound to this If the routing domain is set to .Cm \&%D , then the domain in which the incoming connection was received will be applied. +.It Cm SetEnv +Specifies one or more environment variables to set in child sessions started +by +.Xr sshd 8 +as +.Dq NAME=VALUE . +The environment value may be quoted (e.g. if it contains whitespace +characters). +Environment variables set by +.Cm SetEnv +override the default environment and any variables specified by the user +via +.Cm AcceptEnv +or +.Cm PermitUserEnvironment . .It Cm StreamLocalBindMask Sets the octal file creation mode mask .Pq umask @@ -1687,24 +1758,26 @@ The serial number of the certificate. The type of the CA key. .It %t The key or certificate type. +.It \&%U +The numeric user ID of the target user. .It %u The username. .El .Pp .Cm AuthorizedKeysCommand -accepts the tokens %%, %f, %h, %k, %t, and %u. +accepts the tokens %%, %f, %h, %k, %t, %U, and %u. .Pp .Cm AuthorizedKeysFile -accepts the tokens %%, %h, and %u. +accepts the tokens %%, %h, %U, and %u. .Pp .Cm AuthorizedPrincipalsCommand -accepts the tokens %%, %F, %f, %h, %i, %K, %k, %s, %T, %t, and %u. +accepts the tokens %%, %F, %f, %h, %i, %K, %k, %s, %T, %t, %U, and %u. .Pp .Cm AuthorizedPrincipalsFile -accepts the tokens %%, %h, and %u. +accepts the tokens %%, %h, %U, and %u. .Pp .Cm ChrootDirectory -accepts the tokens %%, %h, and %u. +accepts the tokens %%, %h, %U, and %u. .Pp .Cm RoutingDomain accepts the token %D. diff --git a/ssherr.c b/ssherr.c index 3c0009d69d8..8ad3d575019 100644 --- a/ssherr.c +++ b/ssherr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssherr.c,v 1.7 2017/09/12 06:32:08 djm Exp $ */ +/* $OpenBSD: ssherr.c,v 1.8 2018/07/03 11:39:54 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -139,6 +139,8 @@ ssh_err(int n) return "Invalid key length"; case SSH_ERR_NUMBER_TOO_LARGE: return "number is too large"; + case SSH_ERR_SIGN_ALG_UNSUPPORTED: + return "signature algorithm not supported"; default: return "unknown error"; } diff --git a/ssherr.h b/ssherr.h index c0b59211e83..348da5a2086 100644 --- a/ssherr.h +++ b/ssherr.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssherr.h,v 1.5 2017/09/12 06:32:08 djm Exp $ */ +/* $OpenBSD: ssherr.h,v 1.6 2018/07/03 11:39:54 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -79,6 +79,7 @@ #define SSH_ERR_PROTOCOL_ERROR -55 #define SSH_ERR_KEY_LENGTH -56 #define SSH_ERR_NUMBER_TOO_LARGE -57 +#define SSH_ERR_SIGN_ALG_UNSUPPORTED -58 /* Translate a numeric error code to a human-readable error string */ const char *ssh_err(int n); diff --git a/sshkey-xmss.c b/sshkey-xmss.c index 5d66ee79035..aaae7028928 100644 --- a/sshkey-xmss.c +++ b/sshkey-xmss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey-xmss.c,v 1.1 2018/02/23 15:58:38 markus Exp $ */ +/* $OpenBSD: sshkey-xmss.c,v 1.3 2018/07/09 21:59:10 markus Exp $ */ /* * Copyright (c) 2017 Markus Friedl. All rights reserved. * @@ -66,7 +66,7 @@ struct ssh_xmss_state { treehash_inst *treehash; u_int32_t idx; /* state read from file */ - u_int32_t maxidx; /* resticted # of signatures */ + u_int32_t maxidx; /* restricted # of signatures */ int have_state; /* .state file exists */ int lockfd; /* locked in sshkey_xmss_get_state() */ int allow_update; /* allow sshkey_xmss_update_state() */ @@ -583,7 +583,7 @@ sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr) } idx = PEEK_U32(k->xmss_sk); if (idx == state->idx) { - /* no signature happend, no need to update */ + /* no signature happened, no need to update */ ret = 0; goto done; } else if (idx != state->idx + 1) { @@ -625,7 +625,7 @@ sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr) close(fd); goto done; } - if (atomicio(vwrite, fd, (void *)sshbuf_ptr(enc), sshbuf_len(enc)) != + if (atomicio(vwrite, fd, sshbuf_mutable_ptr(enc), sshbuf_len(enc)) != sshbuf_len(enc)) { ret = SSH_ERR_SYSTEM_ERROR; PRINT("%s: write new state file data: %s", __func__, nstatefile); diff --git a/sshkey.c b/sshkey.c index 7712fba2363..72c08c7e022 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.64 2018/03/22 07:05:48 markus Exp $ */ +/* $OpenBSD: sshkey.c,v 1.66 2018/07/03 13:20:25 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -83,46 +83,64 @@ static int sshkey_from_blob_internal(struct sshbuf *buf, struct keytype { const char *name; const char *shortname; + const char *sigalg; int type; int nid; int cert; int sigonly; }; static const struct keytype keytypes[] = { - { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0, 0 }, - { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", + { "ssh-ed25519", "ED25519", NULL, KEY_ED25519, 0, 0, 0 }, + { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", NULL, KEY_ED25519_CERT, 0, 1, 0 }, #ifdef WITH_XMSS - { "ssh-xmss@openssh.com", "XMSS", KEY_XMSS, 0, 0, 0 }, - { "ssh-xmss-cert-v01@openssh.com", "XMSS-CERT", + { "ssh-xmss@openssh.com", "XMSS", NULL, KEY_XMSS, 0, 0, 0 }, + { "ssh-xmss-cert-v01@openssh.com", "XMSS-CERT", NULL, KEY_XMSS_CERT, 0, 1, 0 }, #endif /* WITH_XMSS */ #ifdef WITH_OPENSSL - { "ssh-rsa", "RSA", KEY_RSA, 0, 0, 0 }, - { "rsa-sha2-256", "RSA", KEY_RSA, 0, 0, 1 }, - { "rsa-sha2-512", "RSA", KEY_RSA, 0, 0, 1 }, - { "ssh-dss", "DSA", KEY_DSA, 0, 0, 0 }, + { "ssh-rsa", "RSA", NULL, KEY_RSA, 0, 0, 0 }, + { "rsa-sha2-256", "RSA", NULL, KEY_RSA, 0, 0, 1 }, + { "rsa-sha2-512", "RSA", NULL, KEY_RSA, 0, 0, 1 }, + { "ssh-dss", "DSA", NULL, KEY_DSA, 0, 0, 0 }, # ifdef OPENSSL_HAS_ECC - { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0, 0 }, - { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0, 0 }, + { "ecdsa-sha2-nistp256", "ECDSA", NULL, + KEY_ECDSA, NID_X9_62_prime256v1, 0, 0 }, + { "ecdsa-sha2-nistp384", "ECDSA", NULL, + KEY_ECDSA, NID_secp384r1, 0, 0 }, # ifdef OPENSSL_HAS_NISTP521 - { "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0, 0 }, + { "ecdsa-sha2-nistp521", "ECDSA", NULL, + KEY_ECDSA, NID_secp521r1, 0, 0 }, # endif /* OPENSSL_HAS_NISTP521 */ # endif /* OPENSSL_HAS_ECC */ - { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1, 0 }, - { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1, 0 }, + { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", NULL, + KEY_RSA_CERT, 0, 1, 0 }, + { "rsa-sha2-256-cert-v01@openssh.com", "RSA-CERT", + "ssh-rsa-sha2-256", KEY_RSA_CERT, 0, 1, 1 }, + { "rsa-sha2-512-cert-v01@openssh.com", "RSA-CERT", + "ssh-rsa-sha2-512", KEY_RSA_CERT, 0, 1, 1 }, + { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", NULL, + KEY_DSA_CERT, 0, 1, 0 }, + { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", NULL, + KEY_RSA_CERT, 0, 1, 0 }, + { "rsa-sha2-256-cert-v01@openssh.com", "RSA-CERT", + "ssh-rsa-sha2-256", KEY_RSA_CERT, 0, 1, 1 }, + { "rsa-sha2-512-cert-v01@openssh.com", "RSA-CERT", + "ssh-rsa-sha2-512", KEY_RSA_CERT, 0, 1, 1 }, + { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", NULL, + KEY_DSA_CERT, 0, 1, 0 }, # ifdef OPENSSL_HAS_ECC - { "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT", + { "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT", NULL, KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1, 0 }, - { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", + { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", NULL, KEY_ECDSA_CERT, NID_secp384r1, 1, 0 }, # ifdef OPENSSL_HAS_NISTP521 - { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", - KEY_ECDSA_CERT, NID_secp521r1, 1, 0 }, + { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", NULL, + KEY_ECDSA_CERT, NID_secp521r1, 1, 0 }, # endif /* OPENSSL_HAS_NISTP521 */ # endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ - { NULL, NULL, -1, -1, 0, 0 } + { NULL, NULL, NULL, -1, -1, 0, 0 } }; const char * @@ -2198,8 +2216,8 @@ sshkey_froms(struct sshbuf *buf, struct sshkey **keyp) return r; } -int -sshkey_sigtype(const u_char *sig, size_t siglen, char **sigtypep) +static int +get_sigtype(const u_char *sig, size_t siglen, char **sigtypep) { int r; struct sshbuf *b = NULL; @@ -2223,6 +2241,50 @@ sshkey_sigtype(const u_char *sig, size_t siglen, char **sigtypep) return r; } +/* + * Returns the expected signature algorithm for a given public key algorithm. + */ +const char * +sshkey_sigalg_by_name(const char *name) +{ + const struct keytype *kt; + + for (kt = keytypes; kt->type != -1; kt++) { + if (strcmp(kt->name, name) != 0) + continue; + if (kt->sigalg != NULL) + return kt->sigalg; + if (!kt->cert) + return kt->name; + return sshkey_ssh_name_from_type_nid( + sshkey_type_plain(kt->type), kt->nid); + } + return NULL; +} + +/* + * Verifies that the signature algorithm appearing inside the signature blob + * matches that which was requested. + */ +int +sshkey_check_sigtype(const u_char *sig, size_t siglen, + const char *requested_alg) +{ + const char *expected_alg; + char *sigtype = NULL; + int r; + + if (requested_alg == NULL) + return 0; + if ((expected_alg = sshkey_sigalg_by_name(requested_alg)) == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if ((r = get_sigtype(sig, siglen, &sigtype)) != 0) + return r; + r = strcmp(expected_alg, sigtype) == 0; + free(sigtype); + return r ? 0 : SSH_ERR_SIGN_ALG_UNSUPPORTED; +} + int sshkey_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, diff --git a/sshkey.h b/sshkey.h index 155cd45aea1..9060b2ecbbb 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.24 2018/02/23 15:58:38 markus Exp $ */ +/* $OpenBSD: sshkey.h,v 1.26 2018/07/03 13:20:25 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -191,11 +191,12 @@ int sshkey_puts_opts(const struct sshkey *, struct sshbuf *, int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); -int sshkey_sigtype(const u_char *, size_t, char **); int sshkey_sign(const struct sshkey *, u_char **, size_t *, const u_char *, size_t, const char *, u_int); int sshkey_verify(const struct sshkey *, const u_char *, size_t, const u_char *, size_t, const char *, u_int); +int sshkey_check_sigtype(const u_char *, size_t, const char *); +const char *sshkey_sigalg_by_name(const char *); /* for debug */ void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); diff --git a/sshlogin.c b/sshlogin.c index cea3e769740..1b2ee5f858f 100644 --- a/sshlogin.c +++ b/sshlogin.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshlogin.c,v 1.32 2015/12/26 20:51:35 guenther Exp $ */ +/* $OpenBSD: sshlogin.c,v 1.33 2018/07/09 21:26:02 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -55,13 +55,15 @@ #include #include +#include "sshlogin.h" +#include "ssherr.h" #include "loginrec.h" #include "log.h" -#include "buffer.h" +#include "sshbuf.h" #include "misc.h" #include "servconf.h" -extern Buffer loginmsg; +extern struct sshbuf *loginmsg; extern ServerOptions options; /* @@ -88,8 +90,9 @@ static void store_lastlog_message(const char *user, uid_t uid) { #ifndef NO_SSH_LASTLOG - char *time_string, hostname[HOST_NAME_MAX+1] = "", buf[512]; + char *time_string, hostname[HOST_NAME_MAX+1] = ""; time_t last_login_time; + int r; if (!options.print_lastlog) return; @@ -97,7 +100,9 @@ store_lastlog_message(const char *user, uid_t uid) # ifdef CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG time_string = sys_auth_get_lastlogin_msg(user, uid); if (time_string != NULL) { - buffer_append(&loginmsg, time_string, strlen(time_string)); + if ((r = sshbuf_put(loginmsg, + time_string, strlen(time_string))) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); free(time_string); } # else @@ -108,12 +113,13 @@ store_lastlog_message(const char *user, uid_t uid) time_string = ctime(&last_login_time); time_string[strcspn(time_string, "\n")] = '\0'; if (strcmp(hostname, "") == 0) - snprintf(buf, sizeof(buf), "Last login: %s\r\n", + r = sshbuf_putf(loginmsg, "Last login: %s\r\n", time_string); else - snprintf(buf, sizeof(buf), "Last login: %s from %s\r\n", + r = sshbuf_putf(loginmsg, "Last login: %s from %s\r\n", time_string, hostname); - buffer_append(&loginmsg, buf, strlen(buf)); + if (r != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } # endif /* CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG */ #endif /* NO_SSH_LASTLOG */ diff --git a/ttymodes.c b/ttymodes.c index f9fdb92defa..f0c2a5d37d3 100644 --- a/ttymodes.c +++ b/ttymodes.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ttymodes.c,v 1.33 2018/02/16 04:43:11 dtucker Exp $ */ +/* $OpenBSD: ttymodes.c,v 1.34 2018/07/09 21:20:26 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -55,8 +55,8 @@ #include "packet.h" #include "log.h" #include "compat.h" -#include "buffer.h" -#include "compat.h" +#include "sshbuf.h" +#include "ssherr.h" #define TTY_OP_END 0 /* @@ -276,17 +276,18 @@ special_char_decode(u_int c) * being constructed. */ void -tty_make_modes(int fd, struct termios *tiop) +ssh_tty_make_modes(struct ssh *ssh, int fd, struct termios *tiop) { struct termios tio; - int baud; - Buffer buf; + struct sshbuf *buf; + int r, ibaud, obaud; - buffer_init(&buf); + if ((buf = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); if (tiop == NULL) { if (fd == -1) { - debug("tty_make_modes: no fd or tio"); + debug("%s: no fd or tio", __func__); goto end; } if (tcgetattr(fd, &tio) == -1) { @@ -297,27 +298,29 @@ tty_make_modes(int fd, struct termios *tiop) tio = *tiop; /* Store input and output baud rates. */ - baud = speed_to_baud(cfgetospeed(&tio)); - buffer_put_char(&buf, TTY_OP_OSPEED); - buffer_put_int(&buf, baud); - baud = speed_to_baud(cfgetispeed(&tio)); - buffer_put_char(&buf, TTY_OP_ISPEED); - buffer_put_int(&buf, baud); + obaud = speed_to_baud(cfgetospeed(&tio)); + ibaud = speed_to_baud(cfgetispeed(&tio)); + if ((r = sshbuf_put_u8(buf, TTY_OP_OSPEED)) != 0 || + (r = sshbuf_put_u32(buf, obaud)) != 0 || + (r = sshbuf_put_u8(buf, TTY_OP_ISPEED)) != 0 || + (r = sshbuf_put_u32(buf, ibaud)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); /* Store values of mode flags. */ #define TTYCHAR(NAME, OP) \ - buffer_put_char(&buf, OP); \ - buffer_put_int(&buf, special_char_encode(tio.c_cc[NAME])); + if ((r = sshbuf_put_u8(buf, OP)) != 0 || \ + (r = sshbuf_put_u32(buf, \ + special_char_encode(tio.c_cc[NAME]))) != 0) \ + fatal("%s: buffer error: %s", __func__, ssh_err(r)); \ #define SSH_TTYMODE_IUTF8 42 /* for SSH_BUG_UTF8TTYMODE */ #define TTYMODE(NAME, FIELD, OP) \ if (OP == SSH_TTYMODE_IUTF8 && (datafellows & SSH_BUG_UTF8TTYMODE)) { \ debug3("%s: SSH_BUG_UTF8TTYMODE", __func__); \ - } else { \ - buffer_put_char(&buf, OP); \ - buffer_put_int(&buf, ((tio.FIELD & NAME) != 0)); \ - } + } else if ((r = sshbuf_put_u8(buf, OP)) != 0 || \ + (r = sshbuf_put_u32(buf, ((tio.FIELD & NAME) != 0))) != 0) \ + fatal("%s: buffer error: %s", __func__, ssh_err(r)); \ #include "ttymodes.h" @@ -326,9 +329,10 @@ tty_make_modes(int fd, struct termios *tiop) end: /* Mark end of mode data. */ - buffer_put_char(&buf, TTY_OP_END); - packet_put_string(buffer_ptr(&buf), buffer_len(&buf)); - buffer_free(&buf); + if ((r = sshbuf_put_u8(buf, TTY_OP_END)) != 0 || + (r = sshpkt_put_stringb(ssh, buf)) != 0) + fatal("%s: packet error: %s", __func__, ssh_err(r)); + sshbuf_free(buf); } /* @@ -336,16 +340,24 @@ tty_make_modes(int fd, struct termios *tiop) * manner from a packet being read. */ void -tty_parse_modes(int fd, int *n_bytes_ptr) +ssh_tty_parse_modes(struct ssh *ssh, int fd) { struct termios tio; - int opcode, baud; - int n_bytes = 0; - int failure = 0; - - *n_bytes_ptr = packet_get_int(); - if (*n_bytes_ptr == 0) + struct sshbuf *buf; + const u_char *data; + u_char opcode; + u_int baud, u; + int r, failure = 0; + size_t len; + + if ((r = sshpkt_get_string_direct(ssh, &data, &len)) != 0) + fatal("%s: packet error: %s", __func__, ssh_err(r)); + if (len == 0) + return; + if ((buf = sshbuf_from(data, len)) == NULL) { + error("%s: sshbuf_from failed", __func__); return; + } /* * Get old attributes for the terminal. We will modify these @@ -357,42 +369,48 @@ tty_parse_modes(int fd, int *n_bytes_ptr) failure = -1; } - for (;;) { - n_bytes += 1; - opcode = packet_get_char(); + while (sshbuf_len(buf) > 0) { + if ((r = sshbuf_get_u8(buf, &opcode)) != 0) + fatal("%s: packet error: %s", __func__, ssh_err(r)); switch (opcode) { case TTY_OP_END: goto set; case TTY_OP_ISPEED: - n_bytes += 4; - baud = packet_get_int(); + if ((r = sshbuf_get_u32(buf, &baud)) != 0) + fatal("%s: packet error: %s", + __func__, ssh_err(r)); if (failure != -1 && cfsetispeed(&tio, baud_to_speed(baud)) == -1) error("cfsetispeed failed for %d", baud); break; case TTY_OP_OSPEED: - n_bytes += 4; - baud = packet_get_int(); + if ((r = sshbuf_get_u32(buf, &baud)) != 0) + fatal("%s: packet error: %s", + __func__, ssh_err(r)); if (failure != -1 && cfsetospeed(&tio, baud_to_speed(baud)) == -1) error("cfsetospeed failed for %d", baud); break; #define TTYCHAR(NAME, OP) \ - case OP: \ - n_bytes += 4; \ - tio.c_cc[NAME] = special_char_decode(packet_get_int()); \ - break; + case OP: \ + if ((r = sshbuf_get_u32(buf, &u)) != 0) \ + fatal("%s: packet error: %s", __func__, \ + ssh_err(r)); \ + tio.c_cc[NAME] = special_char_decode(u); \ + break; #define TTYMODE(NAME, FIELD, OP) \ - case OP: \ - n_bytes += 4; \ - if (packet_get_int()) \ - tio.FIELD |= NAME; \ - else \ - tio.FIELD &= ~NAME; \ - break; + case OP: \ + if ((r = sshbuf_get_u32(buf, &u)) != 0) \ + fatal("%s: packet error: %s", __func__, \ + ssh_err(r)); \ + if (u) \ + tio.FIELD |= NAME; \ + else \ + tio.FIELD &= ~NAME; \ + break; #include "ttymodes.h" @@ -410,11 +428,12 @@ tty_parse_modes(int fd, int *n_bytes_ptr) * to stop. */ if (opcode > 0 && opcode < 160) { - n_bytes += 4; - (void) packet_get_int(); + if ((r = sshbuf_get_u32(buf, NULL)) != 0) + fatal("%s: packet error: %s", __func__, + ssh_err(r)); break; } else { - logit("parse_tty_modes: unknown opcode %d", + logit("%s: unknown opcode %d", __func__, opcode); goto set; } @@ -422,10 +441,10 @@ tty_parse_modes(int fd, int *n_bytes_ptr) } set: - if (*n_bytes_ptr != n_bytes) { - *n_bytes_ptr = n_bytes; - logit("parse_tty_modes: n_bytes_ptr != n_bytes: %d %d", - *n_bytes_ptr, n_bytes); + len = sshbuf_len(buf); + sshbuf_free(buf); + if (len > 0) { + logit("%s: %zu bytes left", __func__, len); return; /* Don't process bytes passed */ } if (failure == -1) diff --git a/uidswap.c b/uidswap.c index 8bf6b244e5c..49f76d818a8 100644 --- a/uidswap.c +++ b/uidswap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.c,v 1.39 2015/06/24 01:49:19 dtucker Exp $ */ +/* $OpenBSD: uidswap.c,v 1.41 2018/07/18 11:34:04 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -49,6 +49,7 @@ static gid_t saved_egid = 0; /* Saved effective uid. */ static int privileged = 0; static int temporarily_use_uid_effective = 0; +static uid_t user_groups_uid; static gid_t *saved_egroups = NULL, *user_groups = NULL; static int saved_egroupslen = -1, user_groupslen = -1; @@ -92,10 +93,11 @@ temporarily_use_uid(struct passwd *pw) fatal("getgroups: %.100s", strerror(errno)); } else { /* saved_egroupslen == 0 */ free(saved_egroups); + saved_egroups = NULL; } /* set and save the user's groups */ - if (user_groupslen == -1) { + if (user_groupslen == -1 || user_groups_uid != pw->pw_uid) { if (initgroups(pw->pw_name, pw->pw_gid) < 0) fatal("initgroups: %s: %.100s", pw->pw_name, strerror(errno)); @@ -110,7 +112,9 @@ temporarily_use_uid(struct passwd *pw) fatal("getgroups: %.100s", strerror(errno)); } else { /* user_groupslen == 0 */ free(user_groups); + user_groups = NULL; } + user_groups_uid = pw->pw_uid; } /* Set the effective uid to the given (unprivileged) uid. */ if (setgroups(user_groupslen, user_groups) < 0) @@ -131,37 +135,6 @@ temporarily_use_uid(struct passwd *pw) strerror(errno)); } -void -permanently_drop_suid(uid_t uid) -{ -#ifndef NO_UID_RESTORATION_TEST - uid_t old_uid = getuid(); -#endif - - debug("permanently_drop_suid: %u", (u_int)uid); - if (setresuid(uid, uid, uid) < 0) - fatal("setresuid %u: %.100s", (u_int)uid, strerror(errno)); - -#ifndef NO_UID_RESTORATION_TEST - /* - * Try restoration of UID if changed (test clearing of saved uid). - * - * Note that we don't do this on Cygwin, or on Solaris-based platforms - * where fine-grained privileges are available (the user might be - * deliberately allowed the right to setuid back to root). - */ - if (old_uid != uid && - (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) - fatal("%s: was able to restore old [e]uid", __func__); -#endif - - /* Verify UID drop was successful */ - if (getuid() != uid || geteuid() != uid) { - fatal("%s: euid incorrect uid:%u euid:%u (should be %u)", - __func__, (u_int)getuid(), (u_int)geteuid(), (u_int)uid); - } -} - /* * Restores to the original (privileged) uid. */ diff --git a/uidswap.h b/uidswap.h index 1c1163d7545..4ac91aa0471 100644 --- a/uidswap.h +++ b/uidswap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.h,v 1.13 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: uidswap.h,v 1.14 2018/07/18 11:34:05 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -15,4 +15,3 @@ void temporarily_use_uid(struct passwd *); void restore_uid(void); void permanently_set_uid(struct passwd *); -void permanently_drop_suid(uid_t); diff --git a/umac.c b/umac.c index eab83107239..ccae39f3094 100644 --- a/umac.c +++ b/umac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: umac.c,v 1.16 2017/12/12 15:06:12 naddy Exp $ */ +/* $OpenBSD: umac.c,v 1.17 2018/04/10 00:10:49 djm Exp $ */ /* ----------------------------------------------------------------------- * * umac.c -- C Implementation UMAC Message Authentication @@ -65,7 +65,7 @@ /* #define AES_IMPLEMENTAION 1 1 = OpenSSL, 2 = Barreto, 3 = Gladman */ /* #define SSE2 0 Is SSE2 is available? */ /* #define RUN_TESTS 0 Run basic correctness/speed tests */ -/* #define UMAC_AE_SUPPORT 0 Enable auhthenticated encrytion */ +/* #define UMAC_AE_SUPPORT 0 Enable authenticated encryption */ /* ---------------------------------------------------------------------- */ /* -- Global Includes --------------------------------------------------- */ @@ -295,9 +295,9 @@ static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8]) * Before beginning another hash calculation the nh_reset() routine * must be called. The single-buffer routine, nh(), is equivalent to * the sequence of calls nh_update() and nh_final(); however it is - * optimized and should be prefered whenever the multiple-buffer interface + * optimized and should be preferred whenever the multiple-buffer interface * is not necessary. When using either interface, it is the client's - * responsability to pass no more than L1_KEY_LEN bytes per hash result. + * responsibility to pass no more than L1_KEY_LEN bytes per hash result. * * The routine nh_init() initializes the nh_ctx data structure and * must be called once, before any other PDF routine. @@ -319,8 +319,8 @@ static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8]) typedef struct { UINT8 nh_key [L1_KEY_LEN + L1_KEY_SHIFT * (STREAMS - 1)]; /* NH Key */ UINT8 data [HASH_BUF_BYTES]; /* Incoming data buffer */ - int next_data_empty; /* Bookeeping variable for data buffer. */ - int bytes_hashed; /* Bytes (out of L1_KEY_LEN) incorperated. */ + int next_data_empty; /* Bookkeeping variable for data buffer. */ + int bytes_hashed; /* Bytes (out of L1_KEY_LEN) incorporated. */ UINT64 state[STREAMS]; /* on-line state */ } nh_ctx; @@ -851,7 +851,7 @@ static void poly_hash(uhash_ctx_t hc, UINT32 data_in[]) /* The final step in UHASH is an inner-product hash. The poly hash - * produces a result not neccesarily WORD_LEN bytes long. The inner- + * produces a result not necessarily WORD_LEN bytes long. The inner- * product hash breaks the polyhash output into 16-bit chunks and * multiplies each with a 36 bit key. */ diff --git a/utf8.c b/utf8.c index bc131385f53..db7cb8f35ed 100644 --- a/utf8.c +++ b/utf8.c @@ -1,4 +1,4 @@ -/* $OpenBSD: utf8.c,v 1.7 2017/05/31 09:15:42 deraadt Exp $ */ +/* $OpenBSD: utf8.c,v 1.8 2018/08/21 13:56:27 schwarze Exp $ */ /* * Copyright (c) 2016 Ingo Schwarze * @@ -53,6 +53,8 @@ static int vasnmprintf(char **, size_t, int *, const char *, va_list); * For state-dependent encodings, recovery is impossible. * For arbitrary encodings, replacement of non-printable * characters would be non-trivial and too fragile. + * The comments indicate what nl_langinfo(CODESET) + * returns for US-ASCII on various operating systems. */ static int @@ -60,9 +62,12 @@ dangerous_locale(void) { char *loc; loc = nl_langinfo(CODESET); - return strcmp(loc, "US-ASCII") != 0 && strcmp(loc, "UTF-8") != 0 && - strcmp(loc, "ANSI_X3.4-1968") != 0 && strcmp(loc, "646") != 0 && - strcmp(loc, "") != 0; + return strcmp(loc, "UTF-8") != 0 && + strcmp(loc, "US-ASCII") != 0 && /* OpenBSD */ + strcmp(loc, "ANSI_X3.4-1968") != 0 && /* Linux */ + strcmp(loc, "ISO8859-1") != 0 && /* AIX */ + strcmp(loc, "646") != 0 && /* Solaris, NetBSD */ + strcmp(loc, "") != 0; /* Solaris 6 */ } static int diff --git a/version.h b/version.h index ea52b26f5e3..f1bbf00f38b 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ -/* $OpenBSD: version.h,v 1.81 2018/03/24 19:29:03 markus Exp $ */ +/* $OpenBSD: version.h,v 1.82 2018/07/03 11:42:12 djm Exp $ */ -#define SSH_VERSION "OpenSSH_7.7" +#define SSH_VERSION "OpenSSH_7.8" #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE diff --git a/xmss_wots.c b/xmss_wots.c index b4702ed8d88..ed904cd754d 100644 --- a/xmss_wots.c +++ b/xmss_wots.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xmss_wots.c,v 1.2 2018/02/26 03:56:44 dtucker Exp $ */ +/* $OpenBSD: xmss_wots.c,v 1.3 2018/04/10 00:10:49 djm Exp $ */ /* wots.c version 20160722 Andreas Hülsing @@ -65,7 +65,7 @@ static void expand_seed(unsigned char *outseeds, const unsigned char *inseed, co * Computes the chaining function. * out and in have to be n-byte arrays * - * interpretes in as start-th value of the chain + * interprets in as start-th value of the chain * addr has to contain the address of the chain */ static void gen_chain(unsigned char *out, const unsigned char *in, unsigned int start, unsigned int steps, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8]) -- 2.45.0