From 4cd7c95976a636a1fc0cdbf23632c5b6ff18cee0 Mon Sep 17 00:00:00 2001 From: des Date: Thu, 28 Feb 2013 18:43:50 +0000 Subject: [PATCH] Pull in OpenSSH 6.1 from head. git-svn-id: svn://svn.freebsd.org/base/stable/9@247485 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- crypto/openssh/ChangeLog | 1110 ++++++++++++++++- crypto/openssh/INSTALL | 12 +- crypto/openssh/LICENCE | 1 + crypto/openssh/PROTOCOL.certkeys | 15 +- crypto/openssh/PROTOCOL.mux | 39 +- crypto/openssh/README | 4 +- crypto/openssh/WARNING.RNG | 95 -- crypto/openssh/aclocal.m4 | 30 +- crypto/openssh/addrmatch.c | 4 +- crypto/openssh/audit-bsm.c | 79 +- crypto/openssh/audit-linux.c | 2 +- crypto/openssh/auth-krb5.c | 12 +- crypto/openssh/auth-options.c | 18 +- crypto/openssh/auth-passwd.c | 3 +- crypto/openssh/auth-rsa.c | 70 +- crypto/openssh/auth-skey.c | 1 + crypto/openssh/auth.c | 31 +- crypto/openssh/auth.h | 6 +- crypto/openssh/auth2-gss.c | 4 +- crypto/openssh/auth2-pubkey.c | 24 +- crypto/openssh/auth2.c | 46 +- crypto/openssh/authfd.c | 5 +- crypto/openssh/authfile.c | 156 ++- crypto/openssh/authfile.h | 4 +- crypto/openssh/channels.c | 336 +++-- crypto/openssh/channels.h | 25 +- crypto/openssh/clientloop.c | 168 ++- crypto/openssh/clientloop.h | 11 +- crypto/openssh/compat.c | 3 +- crypto/openssh/compat.h | 3 +- crypto/openssh/config.guess | 21 +- crypto/openssh/config.h | 83 +- crypto/openssh/config.h.in | 88 +- crypto/openssh/defines.h | 39 +- crypto/openssh/dh.c | 4 +- crypto/openssh/dns.c | 103 +- crypto/openssh/dns.h | 15 +- crypto/openssh/entropy.c | 244 ++-- crypto/openssh/entropy.h | 3 +- crypto/openssh/gss-serv.c | 4 +- crypto/openssh/jpake.c | 4 +- crypto/openssh/kex.c | 6 +- crypto/openssh/key.c | 15 +- crypto/openssh/key.h | 5 +- crypto/openssh/log.c | 35 +- crypto/openssh/log.h | 8 +- crypto/openssh/loginrec.c | 5 - crypto/openssh/mac.c | 9 +- crypto/openssh/misc.c | 17 +- crypto/openssh/misc.h | 3 +- crypto/openssh/moduli | 455 ++++--- crypto/openssh/moduli.5 | 40 +- crypto/openssh/moduli.c | 81 +- crypto/openssh/monitor.c | 154 ++- crypto/openssh/monitor.h | 4 +- crypto/openssh/monitor_wrap.c | 46 +- crypto/openssh/monitor_wrap.h | 3 +- crypto/openssh/mux.c | 298 ++++- crypto/openssh/myproposal.h | 19 +- .../openssh/openbsd-compat/bsd-cygwin_util.c | 18 +- .../openssh/openbsd-compat/bsd-cygwin_util.h | 14 +- crypto/openssh/openbsd-compat/bsd-misc.h | 7 +- crypto/openssh/openbsd-compat/getcwd.c | 2 +- crypto/openssh/openbsd-compat/getgrouplist.c | 2 +- .../openssh/openbsd-compat/getrrsetbyname.c | 4 +- crypto/openssh/openbsd-compat/glob.c | 69 +- crypto/openssh/openbsd-compat/inet_ntop.c | 8 +- crypto/openssh/openbsd-compat/mktemp.c | 239 ++-- .../openssh/openbsd-compat/openbsd-compat.h | 4 +- .../openssh/openbsd-compat/openssl-compat.c | 6 +- .../openssh/openbsd-compat/openssl-compat.h | 15 +- crypto/openssh/openbsd-compat/port-linux.c | 29 +- crypto/openssh/openbsd-compat/port-linux.h | 2 +- crypto/openssh/openbsd-compat/setenv.c | 123 +- crypto/openssh/openbsd-compat/sha2.c | 2 +- crypto/openssh/openbsd-compat/sha2.h | 2 +- crypto/openssh/openbsd-compat/strlcpy.c | 10 +- crypto/openssh/packet.c | 61 +- crypto/openssh/packet.h | 4 +- crypto/openssh/pathnames.h | 2 +- crypto/openssh/readconf.c | 154 ++- crypto/openssh/readconf.h | 22 +- crypto/openssh/roaming.h | 7 +- crypto/openssh/roaming_client.c | 4 +- crypto/openssh/roaming_common.c | 4 +- crypto/openssh/sandbox-darwin.c | 98 ++ crypto/openssh/sandbox-null.c | 72 ++ crypto/openssh/sandbox-rlimit.c | 95 ++ crypto/openssh/sandbox-systrace.c | 198 +++ crypto/openssh/scp.1 | 8 +- crypto/openssh/scp.c | 14 +- crypto/openssh/servconf.c | 551 +++++--- crypto/openssh/servconf.h | 53 +- crypto/openssh/serverloop.c | 20 +- crypto/openssh/session.c | 13 +- crypto/openssh/sftp-client.c | 21 +- crypto/openssh/sftp-glob.c | 6 +- crypto/openssh/sftp-server.c | 6 +- crypto/openssh/sftp.1 | 14 +- crypto/openssh/sftp.c | 17 +- crypto/openssh/ssh-add.1 | 9 +- crypto/openssh/ssh-add.c | 64 +- crypto/openssh/ssh-agent.1 | 4 +- crypto/openssh/ssh-agent.c | 41 +- crypto/openssh/ssh-ecdsa.c | 3 +- crypto/openssh/ssh-keygen.1 | 50 +- crypto/openssh/ssh-keygen.c | 219 +++- crypto/openssh/ssh-keyscan.c | 5 +- crypto/openssh/ssh-keysign.c | 24 +- crypto/openssh/ssh-pkcs11-client.c | 4 +- crypto/openssh/ssh-pkcs11-helper.c | 7 +- crypto/openssh/ssh-pkcs11.c | 14 + crypto/openssh/ssh-rand-helper.8 | 94 -- crypto/openssh/ssh-rand-helper.c | 932 -------------- crypto/openssh/ssh-sandbox.h | 23 + crypto/openssh/ssh.1 | 43 +- crypto/openssh/ssh.c | 262 ++-- crypto/openssh/ssh_config | 2 +- crypto/openssh/ssh_config.5 | 75 +- crypto/openssh/ssh_namespace.h | 15 +- crypto/openssh/sshconnect.c | 79 +- crypto/openssh/sshconnect2.c | 12 +- crypto/openssh/sshd.8 | 22 +- crypto/openssh/sshd.c | 135 +- crypto/openssh/sshd_config | 16 +- crypto/openssh/sshd_config.5 | 42 +- crypto/openssh/umac.c | 4 +- crypto/openssh/version.c | 95 -- crypto/openssh/version.h | 14 +- secure/lib/libssh/Makefile | 2 - secure/usr.sbin/sshd/Makefile | 3 +- 131 files changed, 5417 insertions(+), 3025 deletions(-) delete mode 100644 crypto/openssh/WARNING.RNG mode change 100755 => 100644 crypto/openssh/openbsd-compat/sha2.c mode change 100755 => 100644 crypto/openssh/openbsd-compat/sha2.h create mode 100644 crypto/openssh/sandbox-darwin.c create mode 100644 crypto/openssh/sandbox-null.c create mode 100644 crypto/openssh/sandbox-rlimit.c create mode 100644 crypto/openssh/sandbox-systrace.c delete mode 100644 crypto/openssh/ssh-rand-helper.8 delete mode 100644 crypto/openssh/ssh-rand-helper.c create mode 100644 crypto/openssh/ssh-sandbox.h delete mode 100644 crypto/openssh/version.c diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index f51d17e03..f8e600847 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,13 +1,1089 @@ -20110403 +20120828 + - (djm) Release openssh-6.1 + +20120828 + - (dtucker) [openbsd-compat/bsd-cygwin_util.h] define WIN32_LEAN_AND_MEAN + for compatibility with future mingw-w64 headers. Patch from vinschen at + redhat com. + +20120822 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - [contrib/suse/openssh.spec] Prepare for 5.8p2 release. - - (djm) [version.h] crank version - - Release 5.8p2 - -20110329 - - (djm) [entropy.c] closefrom() before running ssh-rand-helper; leftover fds - noticed by tmraz AT redhat.com - + [contrib/suse/openssh.spec] Update version numbers + +20120731 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2012/07/06 06:38:03 + [ssh-keygen.c] + missing full stop in usage(); + - djm@cvs.openbsd.org 2012/07/10 02:19:15 + [servconf.c servconf.h sshd.c sshd_config] + Turn on systrace sandboxing of pre-auth sshd by default for new installs + by shipping a config that overrides the current UsePrivilegeSeparation=yes + default. Make it easier to flip the default in the future by adding too. + prodded markus@ feedback dtucker@ "get it in" deraadt@ + - dtucker@cvs.openbsd.org 2012/07/13 01:35:21 + [servconf.c] + handle long comments in config files better. bz#2025, ok markus + - markus@cvs.openbsd.org 2012/07/22 18:19:21 + [version.h] + openssh 6.1 + +20120720 + - (dtucker) Import regened moduli file. + +20120706 + - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is + not available. Allows use of sshd compiled on host with a filter-capable + kernel on hosts that lack the support. bz#2011 ok dtucker@ + - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no + unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT + esperi.org.uk; ok dtucker@ +- (djm) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2012/07/06 00:41:59 + [moduli.c ssh-keygen.1 ssh-keygen.c] + Add options to specify starting line number and number of lines to process + when screening moduli candidates. This allows processing of different + parts of a candidate moduli file in parallel. man page help jmc@, ok djm@ + - djm@cvs.openbsd.org 2012/07/06 01:37:21 + [mux.c] + fix memory leak of passed-in environment variables and connection + context when new session message is malformed; bz#2003 from Bert.Wesarg + AT googlemail.com + - djm@cvs.openbsd.org 2012/07/06 01:47:38 + [ssh.c] + move setting of tty_flag to after config parsing so RequestTTY options + are correctly picked up. bz#1995 patch from przemoc AT gmail.com; + ok dtucker@ + +20120704 + - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for + platforms that don't have it. "looks good" tim@ + +20120703 + - (dtucker) [configure.ac] Detect platforms that can't use select(2) with + setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those. + - (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not + setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its + benefit is minor, so it's not worth disabling the sandbox if it doesn't + work. + +20120702 +- (dtucker) OpenBSD CVS Sync + - naddy@cvs.openbsd.org 2012/06/29 13:57:25 + [ssh_config.5 sshd_config.5] + match the documented MAC order of preference to the actual one; + ok dtucker@ + - markus@cvs.openbsd.org 2012/06/30 14:35:09 + [sandbox-systrace.c sshd.c] + fix a during the load of the sandbox policies (child can still make + the read-syscall and wait forever for systrace-answers) by replacing + the read/write synchronisation with SIGSTOP/SIGCONT; + report and help hshoexer@; ok djm@, dtucker@ + - dtucker@cvs.openbsd.org 2012/07/02 08:50:03 + [ssh.c] + set interactive ToS for forwarded X11 sessions. ok djm@ + - dtucker@cvs.openbsd.org 2012/07/02 12:13:26 + [ssh-pkcs11-helper.c sftp-client.c] + fix a couple of "assigned but not used" warnings. ok markus@ + - dtucker@cvs.openbsd.org 2012/07/02 14:37:06 + [regress/connect-privsep.sh] + remove exit from end of test since it prevents reporting failure + - (dtucker) [regress/reexec.sh regress/sftp-cmds.sh regress/test-exec.sh] + Move cygwin detection to test-exec and use to skip reexec test on cygwin. + - (dtucker) [regress/test-exec.sh] Correct uname for cygwin/w2k. + +20120629 + - OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2012/06/21 00:16:07 + [addrmatch.c] + fix strlcpy truncation check. from carsten at debian org, ok markus + - dtucker@cvs.openbsd.org 2012/06/22 12:30:26 + [monitor.c sshconnect2.c] + remove dead code following 'for (;;)' loops. + From Steve.McClellan at radisys com, ok markus@ + - dtucker@cvs.openbsd.org 2012/06/22 14:36:33 + [sftp.c] + Remove unused variable leftover from tab-completion changes. + From Steve.McClellan at radisys com, ok markus@ + - dtucker@cvs.openbsd.org 2012/06/26 11:02:30 + [sandbox-systrace.c] + Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation + sandbox" since malloc now uses it. From johnw.mail at gmail com. + - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 + [mac.c myproposal.h ssh_config.5 sshd_config.5] + Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed + from draft6 of the spec and will not be in the RFC when published. Patch + from mdb at juniper net via bz#2023, ok markus. + - naddy@cvs.openbsd.org 2012/06/29 13:57:25 + [ssh_config.5 sshd_config.5] + match the documented MAC order of preference to the actual one; ok dtucker@ + - dtucker@cvs.openbsd.org 2012/05/13 01:42:32 + [regress/addrmatch.sh] + Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests + to match. Feedback and ok djm@ markus@. + - djm@cvs.openbsd.org 2012/06/01 00:47:35 + [regress/multiplex.sh regress/forwarding.sh] + append to rather than truncate test log; bz#2013 from openssh AT + roumenpetrov.info + - djm@cvs.openbsd.org 2012/06/01 00:52:52 + [regress/sftp-cmds.sh] + don't delete .* on cleanup due to unintended env expansion; pointed out in + bz#2014 by openssh AT roumenpetrov.info + - dtucker@cvs.openbsd.org 2012/06/26 12:06:59 + [regress/connect-privsep.sh] + test sandbox with every malloc option + - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 + [regress/try-ciphers.sh regress/cipher-speed.sh] + Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed + from draft6 of the spec and will not be in the RFC when published. Patch + from mdb at juniper net via bz#2023, ok markus. + - (dtucker) [myproposal.h] Remove trailing backslash to fix compile error. + - (dtucker) [key.c] ifdef out sha256 key types on platforms that don't have + the required functions in libcrypto. + +20120628 + - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null + pointer deref in the client when built with LDNS and using DNSSEC with a + CNAME. Patch from gregdlg+mr at hochet info. + +20120622 + - (dtucker) [contrib/cygwin/ssh-host-config] Ensure that user sshd runs as + can logon as a service. Patch from vinschen at redhat com. + +20120620 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/12/02 00:41:56 + [mux.c] + fix bz#1948: ssh -f doesn't fork for multiplexed connection. + ok dtucker@ + - djm@cvs.openbsd.org 2011/12/04 23:16:12 + [mux.c] + revert: + > revision 1.32 + > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 + > fix bz#1948: ssh -f doesn't fork for multiplexed connection. + > ok dtucker@ + it interacts badly with ControlPersist + - djm@cvs.openbsd.org 2012/01/07 21:11:36 + [mux.c] + fix double-free in new session handler + NB. Id sync only + - djm@cvs.openbsd.org 2012/05/23 03:28:28 + [dns.c dns.h key.c key.h ssh-keygen.c] + add support for RFC6594 SSHFP DNS records for ECDSA key types. + patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@ + - djm@cvs.openbsd.org 2012/06/01 00:49:35 + [PROTOCOL.mux] + correct types of port numbers (integers, not strings); bz#2004 from + bert.wesarg AT googlemail.com + - djm@cvs.openbsd.org 2012/06/01 01:01:22 + [mux.c] + fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg + AT googlemail.com + - dtucker@cvs.openbsd.org 2012/06/18 11:43:53 + [jpake.c] + correct sizeof usage. patch from saw at online.de, ok deraadt + - dtucker@cvs.openbsd.org 2012/06/18 11:49:58 + [ssh_config.5] + RSA instead of DSA twice. From Steve.McClellan at radisys com + - dtucker@cvs.openbsd.org 2012/06/18 12:07:07 + [ssh.1 sshd.8] + Remove mention of 'three' key files since there are now four. From + Steve.McClellan at radisys com. + - dtucker@cvs.openbsd.org 2012/06/18 12:17:18 + [ssh.1] + Clarify description of -W. Noted by Steve.McClellan at radisys com, + ok jmc + - markus@cvs.openbsd.org 2012/06/19 18:25:28 + [servconf.c servconf.h sshd_config.5] + sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups} + this allows 'Match LocalPort 1022' combined with 'AllowUser bauer' + ok djm@ (back in March) + - jmc@cvs.openbsd.org 2012/06/19 21:35:54 + [sshd_config.5] + tweak previous; ok markus + - djm@cvs.openbsd.org 2012/06/20 04:42:58 + [clientloop.c serverloop.c] + initialise accept() backoff timer to avoid EINVAL from select(2) in + rekeying + +20120519 + - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. Patch + from cjwatson at debian org. + - (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find + pkg-config so it does the right thing when cross-compiling. Patch from + cjwatson at debian org. +- (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2012/05/13 01:42:32 + [servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5] + Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests + to match. Feedback and ok djm@ markus@. + - dtucker@cvs.openbsd.org 2012/05/19 06:30:30 + [sshd_config.5] + Document PermitOpen none. bz#2001, patch from Loganaden Velvindron + +20120504 + - (dtucker) [configure.ac] Include rather than + to fix building on some plaforms. Fom bowman at math utah edu and + des at des no. + +20120427 + - (dtucker) [regress/addrmatch.sh] skip tests when running on a non-ipv6 + platform rather than exiting early, so that we still clean up and return + success or failure to test-exec.sh + +20120426 + - (djm) [auth-passwd.c] Handle crypt() returning NULL; from Paul Wouters + via Niels + - (djm) [auth-krb5.c] Save errno across calls that might modify it; + ok dtucker@ + +20120423 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2012/04/23 08:18:17 + [channels.c] + fix function proto/source mismatch + +20120422 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2012/02/29 11:21:26 + [ssh-keygen.c] + allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@ + - guenther@cvs.openbsd.org 2012/03/15 03:10:27 + [session.c] + root should always be excluded from the test for /etc/nologin instead + of having it always enforced even when marked as ignorenologin. This + regressed when the logic was incompletely flipped around in rev 1.251 + ok halex@ millert@ + - djm@cvs.openbsd.org 2012/03/28 07:23:22 + [PROTOCOL.certkeys] + explain certificate extensions/crit split rationale. Mention requirement + that each appear at most once per cert. + - dtucker@cvs.openbsd.org 2012/03/29 23:54:36 + [channels.c channels.h servconf.c] + Add PermitOpen none option based on patch from Loganaden Velvindron + (bz #1949). ok djm@ + - djm@cvs.openbsd.org 2012/04/11 13:16:19 + [channels.c channels.h clientloop.c serverloop.c] + don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a + while; ok deraadt@ markus@ + - djm@cvs.openbsd.org 2012/04/11 13:17:54 + [auth.c] + Support "none" as an argument for AuthorizedPrincipalsFile to indicate + no file should be read. + - djm@cvs.openbsd.org 2012/04/11 13:26:40 + [sshd.c] + don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a + while; ok deraadt@ markus@ + - djm@cvs.openbsd.org 2012/04/11 13:34:17 + [ssh-keyscan.1 ssh-keyscan.c] + now that sshd defaults to offering ECDSA keys, ssh-keyscan should also + look for them by default; bz#1971 + - djm@cvs.openbsd.org 2012/04/12 02:42:32 + [servconf.c servconf.h sshd.c sshd_config sshd_config.5] + VersionAddendum option to allow server operators to append some arbitrary + text to the SSH-... banner; ok deraadt@ "don't care" markus@ + - djm@cvs.openbsd.org 2012/04/12 02:43:55 + [sshd_config sshd_config.5] + mention AuthorizedPrincipalsFile=none default + - djm@cvs.openbsd.org 2012/04/20 03:24:23 + [sftp.c] + setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...) + - jmc@cvs.openbsd.org 2012/04/20 16:26:22 + [ssh.1] + use "brackets" instead of "braces", for consistency; + +20120420 + - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] Update for release 6.0 + - (djm) [README] Update URL to release notes. + - (djm) Release openssh-6.0 + +20120419 + - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil + contains openpty() but not login() + +20120404 + - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox + mode for Linux's new seccomp filter; patch from Will Drewry; feedback + and ok dtucker@ + +20120330 + - (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNING + file from spec file. From crighter at nuclioss com. + - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running + openssh binaries on a newer fix release than they were compiled on. + with and ok dtucker@ + - (djm) [openbsd-compat/bsd-cygwin_util.h] #undef _WIN32 to avoid incorrect + assumptions when building on Cygwin; patch from Corinna Vinschen + +20120309 + - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux + systems where sshd is run in te wrong context. Patch from Sven + Vermeulen; ok dtucker@ + - (djm) [packet.c] bz#1963: Fix IPQoS not being set on non-mapped v4-in-v6 + addressed connections. ok dtucker@ + +20120224 + - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM + audit breakage in Solaris 11. Patch from Magnus Johansson. + +20120215 + - (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type for + unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c + ok dtucker@ + - (tim) [defines.h] move chunk introduced in 1.125 before MAXPATHLEN so + it actually works. + - (tim) [regress/keytype.sh] stderr redirection needs to be inside back quote + to work. Spotted by Angel Gonzalez + +20120214 + - (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list of + preserved Cygwin environment variables; from Corinna Vinschen + +20120211 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2012/01/05 00:16:56 + [monitor.c] + memleak on error path + - djm@cvs.openbsd.org 2012/01/07 21:11:36 + [mux.c] + fix double-free in new session handler + - miod@cvs.openbsd.org 2012/01/08 13:17:11 + [ssh-ecdsa.c] + Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron, + ok markus@ + - miod@cvs.openbsd.org 2012/01/16 20:34:09 + [ssh-pkcs11-client.c] + Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow. + While there, be sure to buffer_clear() between send_msg() and recv_msg(). + ok markus@ + - dtucker@cvs.openbsd.org 2012/01/18 21:46:43 + [clientloop.c] + Ensure that $DISPLAY contains only valid characters before using it to + extract xauth data so that it can't be used to play local shell + metacharacter games. Report from r00t_ati at ihteam.net, ok markus. + - markus@cvs.openbsd.org 2012/01/25 19:26:43 + [packet.c] + do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying; + ok dtucker@, djm@ + - markus@cvs.openbsd.org 2012/01/25 19:36:31 + [authfile.c] + memleak in key_load_file(); from Jan Klemkow + - markus@cvs.openbsd.org 2012/01/25 19:40:09 + [packet.c packet.h] + packet_read_poll() is not used anymore. + - markus@cvs.openbsd.org 2012/02/09 20:00:18 + [version.h] + move from 6.0-beta to 6.0 + +20120206 + - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms + that don't support ECC. Patch from Phil Oleson + +20111219 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/12/02 00:41:56 + [mux.c] + fix bz#1948: ssh -f doesn't fork for multiplexed connection. + ok dtucker@ + - djm@cvs.openbsd.org 2011/12/02 00:43:57 + [mac.c] + fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before + HMAC_init (this change in policy seems insane to me) + ok dtucker@ + - djm@cvs.openbsd.org 2011/12/04 23:16:12 + [mux.c] + revert: + > revision 1.32 + > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 + > fix bz#1948: ssh -f doesn't fork for multiplexed connection. + > ok dtucker@ + it interacts badly with ControlPersist + - djm@cvs.openbsd.org 2011/12/07 05:44:38 + [auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c] + fix some harmless and/or unreachable int overflows; + reported Xi Wang, ok markus@ + +20111125 + - OpenBSD CVS Sync + - oga@cvs.openbsd.org 2011/11/16 12:24:28 + [sftp.c] + Don't leak list in complete_cmd_parse if there are no commands found. + Discovered when I was ``borrowing'' this code for something else. + ok djm@ + +20111121 + - (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@ + +20111104 + - (dtucker) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/10/18 05:15:28 + [ssh.c] + ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@ + - djm@cvs.openbsd.org 2011/10/18 23:37:42 + [ssh-add.c] + add -k to usage(); reminded by jmc@ + - djm@cvs.openbsd.org 2011/10/19 00:06:10 + [moduli.c] + s/tmpfile/tmp/ to make this -Wshadow clean + - djm@cvs.openbsd.org 2011/10/19 10:39:48 + [umac.c] + typo in comment; patch from Michael W. Bombardieri + - djm@cvs.openbsd.org 2011/10/24 02:10:46 + [ssh.c] + bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh + was incorrectly requesting the forward in both the control master and + slave. skip requesting it in the master to fix. ok markus@ + - djm@cvs.openbsd.org 2011/10/24 02:13:13 + [session.c] + bz#1859: send tty break to pty master instead of (probably already + closed) slave side; "looks good" markus@ + - dtucker@cvs.openbsd.org 011/11/04 00:09:39 + [moduli] + regenerated moduli file; ok deraadt + - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in + openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c] + bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library + which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr) + with some rework from myself and djm. ok djm. + +20111025 + - (dtucker) [contrib/cygwin/Makefile] Continue if installing a doc file + fails. Patch from Corinna Vinschen. + +20111018 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/10/04 14:17:32 + [sftp-glob.c] + silence error spam for "ls */foo" in directory with files; bz#1683 + - dtucker@cvs.openbsd.org 2011/10/16 11:02:46 + [moduli.c ssh-keygen.1 ssh-keygen.c] + Add optional checkpoints for moduli screening. feedback & ok deraadt + - jmc@cvs.openbsd.org 2011/10/16 15:02:41 + [ssh-keygen.c] + put -K in the right place (usage()); + - stsp@cvs.openbsd.org 2011/10/16 15:51:39 + [moduli.c] + add missing includes to unbreak tree; fix from rpointel + - djm@cvs.openbsd.org 2011/10/18 04:58:26 + [auth-options.c key.c] + remove explict search for \0 in packet strings, this job is now done + implicitly by buffer_get_cstring; ok markus + - djm@cvs.openbsd.org 2011/10/18 05:00:48 + [ssh-add.1 ssh-add.c] + new "ssh-add -k" option to load plain keys (skipping certificates); + "looks ok" markus@ + +20111001 + - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2011/09/23 00:22:04 + [channels.c auth-options.c servconf.c channels.h sshd.8] + Add wildcard support to PermitOpen, allowing things like "PermitOpen + localhost:*". bz #1857, ok djm markus. + - markus@cvs.openbsd.org 2011/09/23 07:45:05 + [mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c + version.h] + unbreak remote portforwarding with dynamic allocated listen ports: + 1) send the actual listen port in the open message (instead of 0). + this allows multiple forwardings with a dynamic listen port + 2) update the matching permit-open entry, so we can identify where + to connect to + report: den at skbkontur.ru and P. Szczygielski + feedback and ok djm@ + - djm@cvs.openbsd.org 2011/09/25 05:44:47 + [auth2-pubkey.c] + improve the AuthorizedPrincipalsFile debug log message to include + file and line number + - dtucker@cvs.openbsd.org 2011/09/30 00:47:37 + [sshd.c] + don't attempt privsep cleanup when not using privsep; ok markus@ + - djm@cvs.openbsd.org 2011/09/30 21:22:49 + [sshd.c] + fix inverted test that caused logspam; spotted by henning@ + +20110929 + - (djm) [configure.ac defines.h] No need to detect sizeof(char); patch + from des AT des.no + - (dtucker) [configure.ac openbsd-compat/Makefile.in + openbsd-compat/strnlen.c] Add strnlen to the compat library. + +20110923 + - (djm) [openbsd-compat/getcwd.c] Remove OpenBSD rcsid marker since we no + longer want to sync this file (OpenBSD uses a __getcwd syscall now, we + want this longhand version) + - (djm) [openbsd-compat/getgrouplist.c] Remove OpenBSD rcsid marker: the + upstream version is YPified and we don't want this + - (djm) [openbsd-compat/mktemp.c] forklift upgrade to -current version. + The file was totally rewritten between what we had in tree and -current. + - (djm) [openbsd-compat/sha2.c openbsd-compat/sha2.h] Remove OpenBSD rcsid + marker. The upstream API has changed (function and structure names) + enough to put it out of sync with other providers of this interface. + - (djm) [openbsd-compat/setenv.c] Forklift upgrade, including inclusion + of static __findenv() function from upstream setenv.c + - OpenBSD CVS Sync + - millert@cvs.openbsd.org 2006/05/05 15:27:38 + [openbsd-compat/strlcpy.c] + Convert do {} while loop -> while {} for clarity. No binary change + on most architectures. From Oliver Smith. OK deraadt@ and henning@ + - tobias@cvs.openbsd.org 2007/10/21 11:09:30 + [openbsd-compat/mktemp.c] + Comment fix about time consumption of _gettemp. + FreeBSD did this in revision 1.20. + OK deraadt@, krw@ + - deraadt@cvs.openbsd.org 2008/07/22 21:47:45 + [openbsd-compat/mktemp.c] + use arc4random_uniform(); ok djm millert + - millert@cvs.openbsd.org 2008/08/21 16:54:44 + [openbsd-compat/mktemp.c] + Remove useless code, the kernel will set errno appropriately if an + element in the path does not exist. OK deraadt@ pvalchev@ + - otto@cvs.openbsd.org 2008/12/09 19:38:38 + [openbsd-compat/inet_ntop.c] + fix inet_ntop(3) prototype; ok millert@ libc to be bumbed very soon + +20110922 + - OpenBSD CVS Sync + - pyr@cvs.openbsd.org 2011/05/12 07:15:10 + [openbsd-compat/glob.c] + When the max number of items for a directory has reached GLOB_LIMIT_READDIR + an error is returned but closedir() is not called. + spotted and fix provided by Frank Denis obsd-tech@pureftpd.org + ok otto@, millert@ + - stsp@cvs.openbsd.org 2011/09/20 10:18:46 + [glob.c] + In glob(3), limit recursion during matching attempts. Similar to + fnmatch fix. Also collapse consecutive '*' (from NetBSD). + ok miod deraadt + - djm@cvs.openbsd.org 2011/09/22 06:27:29 + [glob.c] + fix GLOB_KEEPSTAT without GLOB_NOSORT; the implicit sort was being + applied only to the gl_pathv vector and not the corresponding gl_statv + array. reported in OpenSSH bz#1935; feedback and okay matthew@ + - djm@cvs.openbsd.org 2011/08/26 01:45:15 + [ssh.1] + Add some missing ssh_config(5) options that can be used in ssh(1)'s + -o argument. Patch from duclare AT guu.fi + - djm@cvs.openbsd.org 2011/09/05 05:56:13 + [scp.1 sftp.1] + mention ControlPersist and KbdInteractiveAuthentication in the -o + verbiage in these pages too (prompted by jmc@) + - djm@cvs.openbsd.org 2011/09/05 05:59:08 + [misc.c] + fix typo in IPQoS parsing: there is no "AF14" class, but there is + an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk + - jmc@cvs.openbsd.org 2011/09/05 07:01:44 + [scp.1] + knock out a useless Ns; + - deraadt@cvs.openbsd.org 2011/09/07 02:18:31 + [ssh-keygen.1] + typo (they vs the) found by Lawrence Teo + - djm@cvs.openbsd.org 2011/09/09 00:43:00 + [ssh_config.5 sshd_config.5] + fix typo in IPQoS parsing: there is no "AF14" class, but there is + an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk + - djm@cvs.openbsd.org 2011/09/09 00:44:07 + [PROTOCOL.mux] + MUX_C_CLOSE_FWD includes forward type in message (though it isn't + implemented anyway) + - djm@cvs.openbsd.org 2011/09/09 22:37:01 + [scp.c] + suppress adding '--' to remote commandlines when the first argument + does not start with '-'. saves breakage on some difficult-to-upgrade + embedded/router platforms; feedback & ok dtucker ok markus + - djm@cvs.openbsd.org 2011/09/09 22:38:21 + [sshd.c] + kill the preauth privsep child on fatal errors in the monitor; + ok markus@ + - djm@cvs.openbsd.org 2011/09/09 22:46:44 + [channels.c channels.h clientloop.h mux.c ssh.c] + support for cancelling local and remote port forwards via the multiplex + socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request + the cancellation of the specified forwardings; ok markus@ + - markus@cvs.openbsd.org 2011/09/10 22:26:34 + [channels.c channels.h clientloop.c ssh.1] + support cancellation of local/dynamic forwardings from ~C commandline; + ok & feedback djm@ + - okan@cvs.openbsd.org 2011/09/11 06:59:05 + [ssh.1] + document new -O cancel command; ok djm@ + - markus@cvs.openbsd.org 2011/09/11 16:07:26 + [sftp-client.c] + fix leaks in do_hardlink() and do_readlink(); bz#1921 + from Loganaden Velvindron + - markus@cvs.openbsd.org 2011/09/12 08:46:15 + [sftp-client.c] + fix leak in do_lsreaddir(); ok djm + - djm@cvs.openbsd.org 2011/09/22 06:29:03 + [sftp.c] + don't let remote_glob() implicitly sort its results in do_globbed_ls() - + in all likelihood, they will be resorted anyway + +20110909 + - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng. From + Colin Watson. + +20110906 + - (djm) [README version.h] Correct version + - (djm) [contrib/redhat/openssh.spec] Correct restorcon => restorecon + - (djm) Respin OpenSSH-5.9p1 release + +20110905 + - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] Update version numbers. + +20110904 + - (djm) [regress/connect-privsep.sh regress/test-exec.sh] demote fatal + regress errors for the sandbox to warnings. ok tim dtucker + - (dtucker) [ssh-keygen.c ssh-pkcs11.c] Bug #1929: add null implementations + ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen + support. + +20110829 + - (djm) [openbsd-compat/port-linux.c] Suppress logging when attempting + to switch SELinux context away from unconfined_t, based on patch from + Jan Chadima; bz#1919 ok dtucker@ + +20110827 + - (dtucker) [auth-skey.c] Add log.h to fix build --with-skey. + +20110818 + - (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze + +20110817 + - (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs for + OpenSSL 0.9.7. ok djm + - (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h] + binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen + - (djm) [configure.ac] error out if the host lacks the necessary bits for + an explicitly requested sandbox type + - (djm) [contrib/ssh-copy-id] Missing backlslash; spotted by + bisson AT archlinux.org + - (djm) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2011/06/03 05:35:10 + [regress/cfgmatch.sh] + use OBJ to find test configs, patch from Tim Rice + - markus@cvs.openbsd.org 2011/06/30 22:44:43 + [regress/connect-privsep.sh] + test with sandbox enabled; ok djm@ + - djm@cvs.openbsd.org 2011/08/02 01:23:41 + [regress/cipher-speed.sh regress/try-ciphers.sh] + add SHA256/SHA512 based HMAC modes + - (djm) [regress/cipher-speed.sh regress/try-ciphers.sh] disable HMAC-SHA2 + MAC tests for platforms that hack EVP_SHA2 support + +20110812 + - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context + change error by reporting old and new context names Patch from + jchadima at redhat. + - (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init] + [contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES + init scrips from imorgan AT nas.nasa.gov; bz#1920 + - (djm) [contrib/ssh-copy-id] Fix failure for cases where the path to the + identify file contained whitespace. bz#1828 patch from gwenael.lambrouin + AT gmail.com; ok dtucker@ + +20110807 + - (dtucker) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2008/06/26 06:59:39 + [moduli.5] + tweak previous; + - sobrado@cvs.openbsd.org 2009/10/28 08:56:54 + [moduli.5] + "Diffie-Hellman" is the usual spelling for the cryptographic protocol + first published by Whitfield Diffie and Martin Hellman in 1976. + ok jmc@ + - jmc@cvs.openbsd.org 2010/10/14 20:41:28 + [moduli.5] + probabalistic -> probabilistic; from naddy + - dtucker@cvs.openbsd.org 2011/08/07 12:55:30 + [sftp.1] + typo, fix from Laurent Gautrot + +20110805 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/06/23 23:35:42 + [monitor.c] + ignore EINTR errors from poll() + - tedu@cvs.openbsd.org 2011/07/06 18:09:21 + [authfd.c] + bzero the agent address. the kernel was for a while very cranky about + these things. evne though that's fixed, always good to initialize + memory. ok deraadt djm + - djm@cvs.openbsd.org 2011/07/29 14:42:45 + [sandbox-systrace.c] + fail open(2) with EPERM rather than SIGKILLing the whole process. libc + will call open() to do strerror() when NLS is enabled; + feedback and ok markus@ + - markus@cvs.openbsd.org 2011/08/01 19:18:15 + [gss-serv.c] + prevent post-auth resource exhaustion (int overflow leading to 4GB malloc); + report Adam Zabrock; ok djm@, deraadt@ + - djm@cvs.openbsd.org 2011/08/02 01:22:11 + [mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5] + Add new SHA256 and SHA512 based HMAC modes from + http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt + Patch from mdb AT juniper.net; feedback and ok markus@ + - djm@cvs.openbsd.org 2011/08/02 23:13:01 + [version.h] + crank now, release later + - djm@cvs.openbsd.org 2011/08/02 23:15:03 + [ssh.c] + typo in comment + +20110624 + - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for + Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing + markus@ + +20110623 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/06/22 21:47:28 + [servconf.c] + reuse the multistate option arrays to pretty-print options for "sshd -T" + - djm@cvs.openbsd.org 2011/06/22 21:57:01 + [servconf.c servconf.h sshd.c sshd_config.5] + [configure.ac Makefile.in] + introduce sandboxing of the pre-auth privsep child using systrace(4). + + This introduces a new "UsePrivilegeSeparation=sandbox" option for + sshd_config that applies mandatory restrictions on the syscalls the + privsep child can perform. This prevents a compromised privsep child + from being used to attack other hosts (by opening sockets and proxying) + or probing local kernel attack surface. + + The sandbox is implemented using systrace(4) in unsupervised "fast-path" + mode, where a list of permitted syscalls is supplied. Any syscall not + on the list results in SIGKILL being sent to the privsep child. Note + that this requires a kernel with the new SYSTR_POLICY_KILL option. + + UsePrivilegeSeparation=sandbox will become the default in the future + so please start testing it now. + + feedback dtucker@; ok markus@ + - djm@cvs.openbsd.org 2011/06/22 22:08:42 + [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c] + hook up a channel confirm callback to warn the user then requested X11 + forwarding was refused by the server; ok markus@ + - djm@cvs.openbsd.org 2011/06/23 09:34:13 + [sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c] + [sandbox-null.c] + rename sandbox.h => ssh-sandbox.h to make things easier for portable + - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support + setrlimit(2) + +20110620 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/06/04 00:10:26 + [ssh_config.5] + explain IdentifyFile's semantics a little better, prompted by bz#1898 + ok dtucker jmc + - markus@cvs.openbsd.org 2011/06/14 22:49:18 + [authfile.c] + make sure key_parse_public/private_rsa1() no longer consumes its input + buffer. fixes ssh-add for passphrase-protected ssh1-keys; + noted by naddy@; ok djm@ + - djm@cvs.openbsd.org 2011/06/17 21:44:31 + [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c] + make the pre-auth privsep slave log via a socketpair shared with the + monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@ + - djm@cvs.openbsd.org 2011/06/17 21:46:16 + [sftp-server.c] + the protocol version should be unsigned; bz#1913 reported by mb AT + smartftp.com + - djm@cvs.openbsd.org 2011/06/17 21:47:35 + [servconf.c] + factor out multi-choice option parsing into a parse_multistate label + and some support structures; ok dtucker@ + - djm@cvs.openbsd.org 2011/06/17 21:57:25 + [clientloop.c] + setproctitle for a mux master that has been gracefully stopped; + bz#1911 from Bert.Wesarg AT googlemail.com + +20110603 + - (dtucker) [README version.h contrib/caldera/openssh.spec + contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version + bumps from the 5.8p2 branch into HEAD. ok djm. + - (tim) [configure.ac defines.h] Run test program to detect system mail + directory. Add --with-maildir option to override. Fixed OpenServer 6 + getting it wrong. Fixed many systems having MAIL=/var/mail//username + ok dtucker + - (dtucker) [monitor.c] Remove the !HAVE_SOCKETPAIR case. We use socketpair + unconditionally in other places and the survey data we have does not show + any systems that use it. "nuke it" djm@ + - (djm) [configure.ac] enable setproctitle emulation for OS X + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/06/03 00:54:38 + [ssh.c] + bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg + AT googlemail.com; ok dtucker@ + NB. includes additional portability code to enable setproctitle emulation + on platforms that don't support it. + - dtucker@cvs.openbsd.org 2011/06/03 01:37:40 + [ssh-agent.c] + Check current parent process ID against saved one to determine if the parent + has exited, rather than attempting to send a zero signal, since the latter + won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn + Gillmor, ok djm@ + - dtucker@cvs.openbsd.org 2011/05/31 02:01:58 + [regress/dynamic-forward.sh] + back out revs 1.6 and 1.5 since it's not reliable + - dtucker@cvs.openbsd.org 2011/05/31 02:03:34 + [regress/dynamic-forward.sh] + work around startup and teardown races; caught by deraadt + - dtucker@cvs.openbsd.org 2011/06/03 00:29:52 + [regress/dynamic-forward.sh] + Retry establishing the port forwarding after a small delay, should make + the tests less flaky when the previous test is slow to shut down and free + up the port. + - (tim) [regress/cfgmatch.sh] Build/test out of tree fix. + +20110529 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/05/23 03:30:07 + [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c] + [pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5] + allow AuthorizedKeysFile to specify multiple files, separated by spaces. + Bring back authorized_keys2 as a default search path (to avoid breaking + existing users of this file), but override this in sshd_config so it will + be no longer used on fresh installs. Maybe in 2015 we can remove it + entierly :) + + feedback and ok markus@ dtucker@ + - djm@cvs.openbsd.org 2011/05/23 03:33:38 + [auth.c] + make secure_filename() spam debug logs less + - djm@cvs.openbsd.org 2011/05/23 03:52:55 + [sshconnect.c] + remove extra newline + - jmc@cvs.openbsd.org 2011/05/23 07:10:21 + [sshd.8 sshd_config.5] + tweak previous; ok djm + - djm@cvs.openbsd.org 2011/05/23 07:24:57 + [authfile.c] + read in key comments for v.2 keys (though note that these are not + passed over the agent protocol); bz#439, based on patch from binder + AT arago.de; ok markus@ + - djm@cvs.openbsd.org 2011/05/24 07:15:47 + [readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c] + Remove undocumented legacy options UserKnownHostsFile2 and + GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile + accept multiple paths per line and making their defaults include + known_hosts2; ok markus + - djm@cvs.openbsd.org 2011/05/23 03:31:31 + [regress/cfgmatch.sh] + include testing of multiple/overridden AuthorizedKeysFiles + refactor to simply daemon start/stop and get rid of racy constructs + +20110520 + - (djm) [session.c] call setexeccon() before executing passwd for pw + changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@ + - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options + options, we should corresponding -W-option when trying to determine + whether it is accepted. Also includes a warning fix on the program + fragment uses (bad main() return type). + bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@ + - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/05/15 08:09:01 + [authfd.c monitor.c serverloop.c] + use FD_CLOEXEC consistently; patch from zion AT x96.org + - djm@cvs.openbsd.org 2011/05/17 07:13:31 + [key.c] + fatal() if asked to generate a legacy ECDSA cert (these don't exist) + and fix the regress test that was trying to generate them :) + - djm@cvs.openbsd.org 2011/05/20 00:55:02 + [servconf.c] + the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile + and AuthorizedPrincipalsFile were not being correctly applied in + Match blocks, despite being overridable there; ok dtucker@ + - dtucker@cvs.openbsd.org 2011/05/20 02:00:19 + [servconf.c] + Add comment documenting what should be after the preauth check. ok djm + - djm@cvs.openbsd.org 2011/05/20 03:25:45 + [monitor.c monitor_wrap.c servconf.c servconf.h] + use a macro to define which string options to copy between configs + for Match. This avoids problems caused by forgetting to keep three + code locations in perfect sync and ordering + + "this is at once beautiful and horrible" + ok dtucker@ + - djm@cvs.openbsd.org 2011/05/17 07:13:31 + [regress/cert-userkey.sh] + fatal() if asked to generate a legacy ECDSA cert (these don't exist) + and fix the regress test that was trying to generate them :) + - djm@cvs.openbsd.org 2011/05/20 02:43:36 + [cert-hostkey.sh] + another attempt to generate a v00 ECDSA key that broke the test + ID sync only - portable already had this somehow + - dtucker@cvs.openbsd.org 2011/05/20 05:19:50 + [dynamic-forward.sh] + Prevent races in dynamic forwarding test; ok djm + - dtucker@cvs.openbsd.org 2011/05/20 06:32:30 + [dynamic-forward.sh] + fix dumb error in dynamic-forward test + +20110515 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/05/05 05:12:08 + [mux.c] + gracefully fall back when ControlPath is too large for a + sockaddr_un. ok markus@ as part of a larger diff + - dtucker@cvs.openbsd.org 2011/05/06 01:03:35 + [sshd_config] + clarify language about overriding defaults. bz#1892, from Petr Cerny + - djm@cvs.openbsd.org 2011/05/06 01:09:53 + [sftp.1] + mention that IPv6 addresses must be enclosed in square brackets; + bz#1845 + - djm@cvs.openbsd.org 2011/05/06 02:05:41 + [sshconnect2.c] + fix memory leak; bz#1849 ok dtucker@ + - djm@cvs.openbsd.org 2011/05/06 21:14:05 + [packet.c packet.h] + set traffic class for IPv6 traffic as we do for IPv4 TOS; + patch from lionel AT mamane.lu via Colin Watson in bz#1855; + ok markus@ + - djm@cvs.openbsd.org 2011/05/06 21:18:02 + [ssh.c ssh_config.5] + add a %L expansion (short-form of the local host name) for ControlPath; + sync some more expansions with LocalCommand; ok markus@ + - djm@cvs.openbsd.org 2011/05/06 21:31:38 + [readconf.c ssh_config.5] + support negated Host matching, e.g. + + Host *.example.org !c.example.org + User mekmitasdigoat + + Will match "a.example.org", "b.example.org", but not "c.example.org" + ok markus@ + - djm@cvs.openbsd.org 2011/05/06 21:34:32 + [clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5] + Add a RequestTTY ssh_config option to allow configuration-based + control over tty allocation (like -t/-T); ok markus@ + - djm@cvs.openbsd.org 2011/05/06 21:38:58 + [ssh.c] + fix dropping from previous diff + - djm@cvs.openbsd.org 2011/05/06 22:20:10 + [PROTOCOL.mux] + fix numbering; from bert.wesarg AT googlemail.com + - jmc@cvs.openbsd.org 2011/05/07 23:19:39 + [ssh_config.5] + - tweak previous + - come consistency fixes + ok djm + - jmc@cvs.openbsd.org 2011/05/07 23:20:25 + [ssh.1] + +.It RequestTTY + - djm@cvs.openbsd.org 2011/05/08 12:52:01 + [PROTOCOL.mux clientloop.c clientloop.h mux.c] + improve our behaviour when TTY allocation fails: if we are in + RequestTTY=auto mode (the default), then do not treat at TTY + allocation error as fatal but rather just restore the local TTY + to cooked mode and continue. This is more graceful on devices that + never allocate TTYs. + + If RequestTTY is set to "yes" or "force", then failure to allocate + a TTY is fatal. + + ok markus@ + - djm@cvs.openbsd.org 2011/05/10 05:46:46 + [authfile.c] + despam debug() logs by detecting that we are trying to load a private key + in key_try_load_public() and returning early; ok markus@ + - djm@cvs.openbsd.org 2011/05/11 04:47:06 + [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h] + remove support for authorized_keys2; it is a relic from the early days + of protocol v.2 support and has been undocumented for many years; + ok markus@ + - djm@cvs.openbsd.org 2011/05/13 00:05:36 + [authfile.c] + warn on unexpected key type in key_parse_private_type() + - (djm) [packet.c] unbreak portability #endif + +20110510 + - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix + --with-ssl-engine which was broken with the change from deprecated + SSLeay_add_all_algorithms(). ok djm + +20110506 + - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototype + for closefrom() in test code. Report from Dan Wallis via Gentoo. + +20110505 + - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS + definitions. From des AT des.no + - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac] + [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c] + [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c] + [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh] + [regress/README.regress] Remove ssh-rand-helper and all its + tentacles. PRNGd seeding has been rolled into entropy.c directly. + Thanks to tim@ for testing on affected platforms. + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/03/10 02:52:57 + [auth2-gss.c auth2.c auth.h] + allow GSSAPI authentication to detect when a server-side failure causes + authentication failure and don't count such failures against MaxAuthTries; + bz#1244 from simon AT sxw.org.uk; ok markus@ before lock + - okan@cvs.openbsd.org 2011/03/15 10:36:02 + [ssh-keyscan.c] + use timerclear macro + ok djm@ + - stevesk@cvs.openbsd.org 2011/03/23 15:16:22 + [ssh-keygen.1 ssh-keygen.c] + Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) + for which host keys do not exist, generate the host keys with the + default key file path, an empty passphrase, default bits for the key + type, and default comment. This will be used by /etc/rc to generate + new host keys. Idea from deraadt. + ok deraadt + - stevesk@cvs.openbsd.org 2011/03/23 16:24:56 + [ssh-keygen.1] + -q not used in /etc/rc now so remove statement. + - stevesk@cvs.openbsd.org 2011/03/23 16:50:04 + [ssh-keygen.c] + remove -d, documentation removed >10 years ago; ok markus + - jmc@cvs.openbsd.org 2011/03/24 15:29:30 + [ssh-keygen.1] + zap trailing whitespace; + - stevesk@cvs.openbsd.org 2011/03/24 22:14:54 + [ssh-keygen.c] + use strcasecmp() for "clear" cert permission option also; ok djm + - stevesk@cvs.openbsd.org 2011/03/29 18:54:17 + [misc.c misc.h servconf.c] + print ipqos friendly string for sshd -T; ok markus + # sshd -Tf sshd_config|grep ipqos + ipqos lowdelay throughput + - djm@cvs.openbsd.org 2011/04/12 04:23:50 + [ssh-keygen.c] + fix -Wshadow + - djm@cvs.openbsd.org 2011/04/12 05:32:49 + [sshd.c] + exit with 0 status on SIGTERM; bz#1879 + - djm@cvs.openbsd.org 2011/04/13 04:02:48 + [ssh-keygen.1] + improve wording; bz#1861 + - djm@cvs.openbsd.org 2011/04/13 04:09:37 + [ssh-keygen.1] + mention valid -b sizes for ECDSA keys; bz#1862 + - djm@cvs.openbsd.org 2011/04/17 22:42:42 + [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c] + allow graceful shutdown of multiplexing: request that a mux server + removes its listener socket and refuse future multiplexing requests; + ok markus@ + - djm@cvs.openbsd.org 2011/04/18 00:46:05 + [ssh-keygen.c] + certificate options are supposed to be packed in lexical order of + option name (though we don't actually enforce this at present). + Move one up that was out of sequence + - djm@cvs.openbsd.org 2011/05/04 21:15:29 + [authfile.c authfile.h ssh-add.c] + allow "ssh-add - < key"; feedback and ok markus@ + - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE + so autoreconf 2.68 is happy. + - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@ + 20110221 - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the Cygwin-specific service installer script ssh-host-config. The actual @@ -19,6 +1095,13 @@ The new script also is more thorough to inform the user why the script failed. Patch from vinschen at redhat com. +20110218 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/02/16 00:31:14 + [ssh-keysign.c] + make hostbased auth with ECDSA keys work correctly. Based on patch + by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock) + 20110206 - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in selinux code. Patch from Leonardo Chiquitto @@ -46,6 +1129,14 @@ succeeded before using its result. Patch from cjwatson AT debian.org; bz#1851 +20110127 + - (tim) [config.guess config.sub] Sync with upstream. + - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete + AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with + AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white + space changes for consistency/readability. Makes autoconf 2.68 happy. + "Nice work" djm + 20110125 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to @@ -1256,4 +2347,3 @@ (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate) ok markus@ - diff --git a/crypto/openssh/INSTALL b/crypto/openssh/INSTALL index 09dfd666d..7c6046932 100644 --- a/crypto/openssh/INSTALL +++ b/crypto/openssh/INSTALL @@ -16,9 +16,7 @@ The remaining items are optional. NB. If you operating system supports /dev/random, you should configure OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of -/dev/random, or failing that, either prngd or egd. If you don't have -any of these you will have to rely on ssh-rand-helper, which is inferior -to a good kernel-based solution or prngd. +/dev/random, or failing that, either prngd or egd PRNGD: @@ -82,6 +80,12 @@ these multi-platform ports: http://www.thrysoee.dk/editline/ http://sourceforge.net/projects/libedit/ +LDNS: + +LDNS is a DNS BSD-licensed resolver library which supports DNSSEC. + +http://nlnetlabs.nl/projects/ldns/ + Autoconf: If you modify configure.ac or configure doesn't exist (eg if you checked @@ -262,4 +266,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.85 2010/02/11 22:34:22 djm Exp $ +$Id: INSTALL,v 1.87 2011/11/04 00:25:25 dtucker Exp $ diff --git a/crypto/openssh/LICENCE b/crypto/openssh/LICENCE index 120d6fd54..f52387139 100644 --- a/crypto/openssh/LICENCE +++ b/crypto/openssh/LICENCE @@ -207,6 +207,7 @@ OpenSSH contains no GPL code. The SCO Group Daniel Walsh Red Hat, Inc + Simon Vallet / Genoscope * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/openssh/PROTOCOL.certkeys b/crypto/openssh/PROTOCOL.certkeys index 2f9764981..c98591093 100644 --- a/crypto/openssh/PROTOCOL.certkeys +++ b/crypto/openssh/PROTOCOL.certkeys @@ -162,6 +162,13 @@ extensions is a set of zero or more optional extensions. These extensions are not critical, and an implementation that encounters one that it does not recognise may safely ignore it. +Generally, critical options are used to control features that restrict +access where extensions are used to enable features that grant access. +This ensures that certificates containing unknown restrictions do not +inadvertently grant access while allowing new protocol features to be +enabled via extensions without breaking certificates' backwards +compatibility. + The reserved field is currently unused and is ignored in this version of the protocol. @@ -189,7 +196,7 @@ is a sequence of zero or more tuples: string data Options must be lexically ordered by "name" if they appear in the -sequence. +sequence. Each named option may only appear once in a certificate. The name field identifies the option and the data field encodes option-specific information (see below). All options are @@ -220,7 +227,9 @@ Extensions The extensions section of the certificate specifies zero or more non-critical certificate extensions. The encoding and ordering of -extensions in this field is identical to that of the critical options. +extensions in this field is identical to that of the critical options, +as is the requirement that each name appear only once. + If an implementation does not recognise an extension, then it should ignore it. @@ -253,4 +262,4 @@ permit-user-rc empty Flag indicating that execution of of this script will not be permitted if this option is not present. -$OpenBSD: PROTOCOL.certkeys,v 1.8 2010/08/31 11:54:45 djm Exp $ +$OpenBSD: PROTOCOL.certkeys,v 1.9 2012/03/28 07:23:22 djm Exp $ diff --git a/crypto/openssh/PROTOCOL.mux b/crypto/openssh/PROTOCOL.mux index 2a5817bd7..b5832561c 100644 --- a/crypto/openssh/PROTOCOL.mux +++ b/crypto/openssh/PROTOCOL.mux @@ -73,6 +73,13 @@ non-multiplexed ssh(1) connection. Two additional cases that the client must cope with are it receiving a signal itself and the server disconnecting without sending an exit message. +A master may also send a MUX_S_TTY_ALLOC_FAIL before MUX_S_EXIT_MESSAGE +if remote TTY allocation was unsuccessful. The client may use this to +return its local tty to "cooked" mode. + + uint32 MUX_S_TTY_ALLOC_FAIL + uint32 session id + 3. Health checks The client may request a health check/PID report from a server: @@ -103,9 +110,9 @@ A client may request the master to establish a port forward: uint32 request id uint32 forwarding type string listen host - string listen port + uint32 listen port string connect host - string connect port + uint32 connect port forwarding type may be MUX_FWD_LOCAL, MUX_FWD_REMOTE, MUX_FWD_DYNAMIC. @@ -126,10 +133,11 @@ A client may request the master to close a port forward: uint32 MUX_C_CLOSE_FWD uint32 request id + uint32 forwarding type string listen host - string listen port + uint32 listen port string connect host - string connect port + uint32 connect port A server may reply with a MUX_S_OK, a MUX_S_PERMISSION_DENIED or a MUX_S_FAILURE. @@ -149,10 +157,21 @@ The client then sends its standard input and output file descriptors The contents of "reserved" are currently ignored. -A server may reply with a MUX_S_SESSION_OPEED, a MUX_S_PERMISSION_DENIED +A server may reply with a MUX_S_SESSION_OPENED, a MUX_S_PERMISSION_DENIED or a MUX_S_FAILURE. -8. Status messages +8. Requesting shutdown of mux listener + +A client may request the master to stop accepting new multiplexing requests +and remove its listener socket. + + uint32 MUX_C_STOP_LISTENING + uint32 request id + +A server may reply with a MUX_S_OK, a MUX_S_PERMISSION_DENIED or a +MUX_S_FAILURE. + +9. Status messages The MUX_S_OK message is empty: @@ -169,7 +188,7 @@ The MUX_S_PERMISSION_DENIED and MUX_S_FAILURE include a reason: uint32 client request id string reason -9. Protocol numbers +10. Protocol numbers #define MUX_MSG_HELLO 0x00000001 #define MUX_C_NEW_SESSION 0x10000002 @@ -178,6 +197,7 @@ The MUX_S_PERMISSION_DENIED and MUX_S_FAILURE include a reason: #define MUX_C_OPEN_FWD 0x10000006 #define MUX_C_CLOSE_FWD 0x10000007 #define MUX_C_NEW_STDIO_FWD 0x10000008 +#define MUX_C_STOP_LISTENING 0x10000009 #define MUX_S_OK 0x80000001 #define MUX_S_PERMISSION_DENIED 0x80000002 #define MUX_S_FAILURE 0x80000003 @@ -185,6 +205,7 @@ The MUX_S_PERMISSION_DENIED and MUX_S_FAILURE include a reason: #define MUX_S_ALIVE 0x80000005 #define MUX_S_SESSION_OPENED 0x80000006 #define MUX_S_REMOTE_PORT 0x80000007 +#define MUX_S_TTY_ALLOC_FAIL 0x80000008 #define MUX_FWD_LOCAL 1 #define MUX_FWD_REMOTE 2 @@ -192,12 +213,10 @@ The MUX_S_PERMISSION_DENIED and MUX_S_FAILURE include a reason: XXX TODO XXX extended status (e.g. report open channels / forwards) -XXX graceful close (delete listening socket, but keep existing sessions active) XXX lock (maybe) XXX watch in/out traffic (pre/post crypto) XXX inject packet (what about replies) XXX server->client error/warning notifications -XXX port0 rfwd (need custom response message) XXX send signals via mux -$OpenBSD: PROTOCOL.mux,v 1.4 2011/01/31 21:42:15 djm Exp $ +$OpenBSD: PROTOCOL.mux,v 1.9 2012/06/01 00:49:35 djm Exp $ diff --git a/crypto/openssh/README b/crypto/openssh/README index 960abf989..81cb922be 100644 --- a/crypto/openssh/README +++ b/crypto/openssh/README @@ -1,4 +1,4 @@ -See http://www.openssh.com/txt/release-5.8p2 for the release notes. +See http://www.openssh.com/txt/release-6.1 for the release notes. - A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html @@ -62,4 +62,4 @@ References - [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html -$Id: README,v 1.75.4.2 2011/05/03 00:04:21 djm Exp $ +$Id: README,v 1.81 2012/08/22 11:57:13 djm Exp $ diff --git a/crypto/openssh/WARNING.RNG b/crypto/openssh/WARNING.RNG deleted file mode 100644 index 97da74ff7..000000000 --- a/crypto/openssh/WARNING.RNG +++ /dev/null @@ -1,95 +0,0 @@ -This document contains a description of portable OpenSSH's random -number collection code. An alternate reading of this text could -well be titled "Why I should pressure my system vendor to supply -/dev/random in their OS". - -Why is this important? OpenSSH depends on good, unpredictable numbers -for generating keys, performing digital signatures and forming -cryptographic challenges. If the random numbers that it uses are -predictable, then the strength of the whole system is compromised. - -A particularly pernicious problem arises with DSA keys (used by the -ssh2 protocol). Performing a DSA signature (which is required for -authentication), entails the use of a 160 bit random number. If an -attacker can predict this number, then they can deduce your *private* -key and impersonate you or your hosts. - -If you are using the builtin random number support (configure will -tell you if this is the case), then read this document in its entirety. -Alternately, you can use Lutz Jaenicke's PRNGd - a small daemon which -collects random numbers and makes them available by a socket. - -Please also request that your OS vendor provides a kernel-based random -number collector (/dev/random) in future versions of your operating -systems by default. - -On to the description... - -The portable OpenSSH contains random number collection support for -systems which lack a kernel entropy pool (/dev/random). - -This collector (as of 3.1 and beyond) comes as an external application -that allows the local admin to decide on how to implement entropy -collection. - -The default entropy collector operates by executing the programs listed -in ($etcdir)/ssh_prng_cmds, reading their output and adding it to the -PRNG supplied by OpenSSL (which is hash-based). It also stirs in the -output of several system calls and timings from the execution of the -programs that it runs. - -The ssh_prng_cmds file also specifies a 'rate' for each program. This -represents the number of bits of randomness per byte of output from -the specified program. - -The random number code will also read and save a seed file to -~/.ssh/prng_seed. This contents of this file are added to the random -number generator at startup. The goal here is to maintain as much -randomness between sessions as possible. - -The default entropy collection code has two main problems: - -1. It is slow. - -Executing each program in the list can take a large amount of time, -especially on slower machines. Additionally some program can take a -disproportionate time to execute. - -Tuning the random helper can be done by running ./ssh-random-helper in -very verbose mode ("-vvv") and identifying the commands that are taking -excessive amounts of time or hanging altogher. Any problem commands can -be modified or removed from ssh_prng_cmds. - -The default entropy collector will timeout programs which take too long -to execute, the actual timeout used can be adjusted with the ---with-entropy-timeout configure option. OpenSSH will not try to -re-execute programs which have not been found, have had a non-zero -exit status or have timed out more than a couple of times. - -2. Estimating the real 'rate' of program outputs is non-trivial - -The shear volume of the task is problematic: there are currently -around 50 commands in the ssh_prng_cmds list, portable OpenSSH -supports at least 12 different OSs. That is already 600 sets of data -to be analysed, without taking into account the numerous differences -between versions of each OS. - -On top of this, the different commands can produce varying amounts of -usable data depending on how busy the machine is, how long it has been -up and various other factors. - -To make matters even more complex, some of the commands are reporting -largely the same data as other commands (eg. the various "ps" calls). - - -How to avoid the default entropy code? - -The best way is to read the OpenSSL documentation and recompile OpenSSL -to use prngd or egd. Some platforms (like earily solaris) have 3rd -party /dev/random devices that can be also used for this task. - -If you are forced to use ssh-rand-helper consider still downloading -prngd/egd and configure OpenSSH using --with-prngd-port=xx or ---with-prngd-socket=xx (refer to INSTALL for more information). - -$Id: WARNING.RNG,v 1.8 2005/05/26 01:47:54 djm Exp $ diff --git a/crypto/openssh/aclocal.m4 b/crypto/openssh/aclocal.m4 index b68a47080..9bdea5ec2 100644 --- a/crypto/openssh/aclocal.m4 +++ b/crypto/openssh/aclocal.m4 @@ -1,8 +1,26 @@ -dnl $Id: aclocal.m4,v 1.6 2005/09/19 16:33:39 tim Exp $ +dnl $Id: aclocal.m4,v 1.8 2011/05/20 01:45:25 djm Exp $ dnl dnl OpenSSH-specific autoconf macros dnl +dnl OSSH_CHECK_CFLAG_COMPILE(check_flag[, define_flag]) +dnl Check that $CC accepts a flag 'check_flag'. If it is supported append +dnl 'define_flag' to $CFLAGS. If 'define_flag' is not specified, then append +dnl 'check_flag'. +AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{ + AC_MSG_CHECKING([if $CC supports $1]) + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $1" + _define_flag="$2" + test "x$_define_flag" = "x" && _define_flag="$1" + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], + [ AC_MSG_RESULT([yes]) + CFLAGS="$saved_CFLAGS $_define_flag"], + [ AC_MSG_RESULT([no]) + CFLAGS="$saved_CFLAGS" ] + ) +}]) + dnl OSSH_CHECK_HEADER_FOR_FIELD(field, header, symbol) dnl Does AC_EGREP_HEADER on 'header' for the string 'field' @@ -33,16 +51,6 @@ AC_DEFUN(OSSH_CHECK_HEADER_FOR_FIELD, [ fi ]) -dnl OSSH_PATH_ENTROPY_PROG(variablename, command): -dnl Tidiness function, sets 'undef' if not found, and does the AC_SUBST -AC_DEFUN(OSSH_PATH_ENTROPY_PROG, [ - AC_PATH_PROG($1, $2) - if test -z "[$]$1" ; then - $1="undef" - fi - AC_SUBST($1) -]) - dnl Check for socklen_t: historically on BSD it is an int, and in dnl POSIX 1g it is a type of its own, but some platforms use different dnl types for the argument to getsockopt, getpeername, etc. So we diff --git a/crypto/openssh/addrmatch.c b/crypto/openssh/addrmatch.c index 5b6773cce..388603cae 100644 --- a/crypto/openssh/addrmatch.c +++ b/crypto/openssh/addrmatch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: addrmatch.c,v 1.5 2010/02/26 20:29:54 djm Exp $ */ +/* $OpenBSD: addrmatch.c,v 1.6 2012/06/21 00:16:07 dtucker Exp $ */ /* * Copyright (c) 2004-2008 Damien Miller @@ -318,7 +318,7 @@ addr_pton_cidr(const char *p, struct xaddr *n, u_int *l) char addrbuf[64], *mp, *cp; /* Don't modify argument */ - if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) > sizeof(addrbuf)) + if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) >= sizeof(addrbuf)) return -1; if ((mp = strchr(addrbuf, '/')) != NULL) { diff --git a/crypto/openssh/audit-bsm.c b/crypto/openssh/audit-bsm.c index f196d4f1e..613559140 100644 --- a/crypto/openssh/audit-bsm.c +++ b/crypto/openssh/audit-bsm.c @@ -1,4 +1,4 @@ -/* $Id: audit-bsm.c,v 1.7 2011/01/17 10:15:29 dtucker Exp $ */ +/* $Id: audit-bsm.c,v 1.8 2012/02/23 23:40:43 dtucker Exp $ */ /* * TODO @@ -45,6 +45,10 @@ #include #include +#ifdef BROKEN_BSM_API +#include +#endif + #include "ssh.h" #include "log.h" #include "key.h" @@ -114,6 +118,12 @@ extern int aug_daemon_session(void); extern Authctxt *the_authctxt; static AuditInfoTermID ssh_bsm_tid; +#ifdef BROKEN_BSM_API +/* For some reason this constant is no longer defined + in Solaris 11. */ +#define BSM_TEXTBUFSZ 256 +#endif + /* Below is the low-level BSM interface code */ /* @@ -161,6 +171,65 @@ aug_get_machine(char *host, u_int32_t *addr, u_int32_t *type) } #endif +#ifdef BROKEN_BSM_API +/* + In Solaris 11 the audit daemon has been moved to SMF. In the process + they simply dropped getacna() from the API, since it read from a now + non-existent config file. This function re-implements getacna() to + read from the SMF repository instead. + */ +int +getacna(char *auditstring, int len) +{ + scf_handle_t *handle = NULL; + scf_property_t *property = NULL; + scf_value_t *value = NULL; + int ret = 0; + + handle = scf_handle_create(SCF_VERSION); + if (handle == NULL) + return -2; /* The man page for getacna on Solaris 10 states + we should return -2 in case of error and set + errno to indicate the error. We don't bother + with errno here, though, since the only use + of this function below doesn't check for errors + anyway. + */ + + ret = scf_handle_bind(handle); + if (ret == -1) + return -2; + + property = scf_property_create(handle); + if (property == NULL) + return -2; + + ret = scf_handle_decode_fmri(handle, + "svc:/system/auditd:default/:properties/preselection/naflags", + NULL, NULL, NULL, NULL, property, 0); + if (ret == -1) + return -2; + + value = scf_value_create(handle); + if (value == NULL) + return -2; + + ret = scf_property_get_value(property, value); + if (ret == -1) + return -2; + + ret = scf_value_get_astring(value, auditstring, len); + if (ret == -1) + return -2; + + scf_value_destroy(value); + scf_property_destroy(property); + scf_handle_destroy(handle); + + return 0; +} +#endif + /* * Check if the specified event is selected (enabled) for auditing. * Returns 1 if the event is selected, 0 if not and -1 on failure. @@ -213,7 +282,15 @@ bsm_audit_record(int typ, char *string, au_event_t event_no) (void) au_write(ad, au_to_text(string)); (void) au_write(ad, AUToReturnFunc(typ, rc)); +#ifdef BROKEN_BSM_API + /* The last argument is the event modifier flags. For + some seemingly undocumented reason it was added in + Solaris 11. */ + rc = au_close(ad, AU_TO_WRITE, event_no, 0); +#else rc = au_close(ad, AU_TO_WRITE, event_no); +#endif + if (rc < 0) error("BSM audit: %s failed to write \"%s\" record: %s", __func__, string, strerror(errno)); diff --git a/crypto/openssh/audit-linux.c b/crypto/openssh/audit-linux.c index 20174d700..4e97386ce 100644 --- a/crypto/openssh/audit-linux.c +++ b/crypto/openssh/audit-linux.c @@ -1,4 +1,4 @@ -/* $Id$ */ +/* $Id: audit-linux.c 221420 2011-05-04 07:34:44Z des $ */ /* * Copyright 2010 Red Hat, Inc. All rights reserved. diff --git a/crypto/openssh/auth-krb5.c b/crypto/openssh/auth-krb5.c index d019fe202..922c66c66 100644 --- a/crypto/openssh/auth-krb5.c +++ b/crypto/openssh/auth-krb5.c @@ -226,7 +226,7 @@ krb5_cleanup_proc(Authctxt *authctxt) #ifndef HEIMDAL krb5_error_code ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { - int tmpfd, ret; + int tmpfd, ret, oerrno; char ccname[40]; mode_t old_umask; @@ -237,16 +237,18 @@ ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { old_umask = umask(0177); tmpfd = mkstemp(ccname + strlen("FILE:")); + oerrno = errno; umask(old_umask); if (tmpfd == -1) { - logit("mkstemp(): %.100s", strerror(errno)); - return errno; + logit("mkstemp(): %.100s", strerror(oerrno)); + return oerrno; } if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { - logit("fchmod(): %.100s", strerror(errno)); + oerrno = errno; + logit("fchmod(): %.100s", strerror(oerrno)); close(tmpfd); - return errno; + return oerrno; } close(tmpfd); diff --git a/crypto/openssh/auth-options.c b/crypto/openssh/auth-options.c index eae45cf2b..0e67bd8c0 100644 --- a/crypto/openssh/auth-options.c +++ b/crypto/openssh/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.54 2010/12/24 21:41:48 djm Exp $ */ +/* $OpenBSD: auth-options.c,v 1.56 2011/10/18 04:58:26 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -341,7 +341,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) goto bad_option; } host = cleanhostname(host); - if (p == NULL || (port = a2port(p)) <= 0) { + if (p == NULL || (port = permitopen_port(p)) < 0) { debug("%.100s, line %lu: Bad permitopen port " "<%.100s>", file, linenum, p ? p : ""); auth_debug_add("%.100s, line %lu: " @@ -452,10 +452,6 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, buffer_append(&data, data_blob, dlen); debug3("found certificate option \"%.100s\" len %u", name, dlen); - if (strlen(name) != nlen) { - error("Certificate constraint name contains \\0"); - goto out; - } found = 0; if ((which & OPTIONS_EXTENSIONS) != 0) { if (strcmp(name, "permit-X11-forwarding") == 0) { @@ -485,11 +481,6 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, "corrupt", name); goto out; } - if (strlen(command) != clen) { - error("force-command constraint " - "contains \\0"); - goto out; - } if (*cert_forced_command != NULL) { error("Certificate has multiple " "force-command options"); @@ -506,11 +497,6 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, "\"%s\" corrupt", name); goto out; } - if (strlen(allowed) != clen) { - error("source-address constraint " - "contains \\0"); - goto out; - } if ((*cert_source_address_done)++) { error("Certificate has multiple " "source-address options"); diff --git a/crypto/openssh/auth-passwd.c b/crypto/openssh/auth-passwd.c index b1c6ce092..68bbd18dd 100644 --- a/crypto/openssh/auth-passwd.c +++ b/crypto/openssh/auth-passwd.c @@ -209,6 +209,7 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) * Authentication is accepted if the encrypted passwords * are identical. */ - return (strcmp(encrypted_password, pw_password) == 0); + return encrypted_password != NULL && + strcmp(encrypted_password, pw_password) == 0; } #endif diff --git a/crypto/openssh/auth-rsa.c b/crypto/openssh/auth-rsa.c index 4edaab056..4ab46cd51 100644 --- a/crypto/openssh/auth-rsa.c +++ b/crypto/openssh/auth-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rsa.c,v 1.79 2010/12/03 23:55:27 djm Exp $ */ +/* $OpenBSD: auth-rsa.c,v 1.80 2011/05/23 03:30:07 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -160,44 +160,27 @@ auth_rsa_challenge_dialog(Key *key) return (success); } -/* - * check if there's user key matching client_n, - * return key if login is allowed, NULL otherwise - */ - -int -auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) +static int +rsa_key_allowed_in_file(struct passwd *pw, char *file, + const BIGNUM *client_n, Key **rkey) { - char line[SSH_MAX_PUBKEY_BYTES], *file; + char line[SSH_MAX_PUBKEY_BYTES]; int allowed = 0; u_int bits; FILE *f; u_long linenum = 0; Key *key; - /* Temporarily use the user's uid. */ - temporarily_use_uid(pw); - - /* The authorized keys. */ - file = authorized_keys_file(pw); debug("trying public RSA key file %s", file); - f = auth_openkeyfile(file, pw, options.strict_modes); - if (!f) { - xfree(file); - restore_uid(); - return (0); - } - - /* Flag indicating whether the key is allowed. */ - allowed = 0; - - key = key_new(KEY_RSA1); + if ((f = auth_openkeyfile(file, pw, options.strict_modes)) == NULL) + return 0; /* * Go though the accepted keys, looking for the current key. If * found, perform a challenge-response dialog to verify that the * user really has the corresponding private key. */ + key = key_new(KEY_RSA1); while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { char *cp; char *key_options; @@ -235,7 +218,10 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) } /* cp now points to the comment part. */ - /* Check if the we have found the desired key (identified by its modulus). */ + /* + * Check if the we have found the desired key (identified + * by its modulus). + */ if (BN_cmp(key->rsa->n, client_n) != 0) continue; @@ -264,11 +250,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) break; } - /* Restore the privileged uid. */ - restore_uid(); - /* Close the file. */ - xfree(file); fclose(f); /* return key if allowed */ @@ -276,7 +258,33 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) *rkey = key; else key_free(key); - return (allowed); + + return allowed; +} + +/* + * check if there's user key matching client_n, + * return key if login is allowed, NULL otherwise + */ + +int +auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) +{ + char *file; + u_int i, allowed = 0; + + temporarily_use_uid(pw); + + for (i = 0; !allowed && i < options.num_authkeys_files; i++) { + file = expand_authorized_keys( + options.authorized_keys_files[i], pw); + allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey); + xfree(file); + } + + restore_uid(); + + return allowed; } /* diff --git a/crypto/openssh/auth-skey.c b/crypto/openssh/auth-skey.c index cb43dba48..3536ec8fa 100644 --- a/crypto/openssh/auth-skey.c +++ b/crypto/openssh/auth-skey.c @@ -39,6 +39,7 @@ #include "hostfile.h" #include "auth.h" #include "ssh-gss.h" +#include "log.h" #include "monitor_wrap.h" static void * diff --git a/crypto/openssh/auth.c b/crypto/openssh/auth.c index 23c39e587..7fb1068fc 100644 --- a/crypto/openssh/auth.c +++ b/crypto/openssh/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.91 2010/11/29 23:45:51 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.96 2012/05/13 01:42:32 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -332,7 +332,7 @@ auth_root_allowed(char *method) * * This returns a buffer allocated by xmalloc. */ -static char * +char * expand_authorized_keys(const char *filename, struct passwd *pw) { char *file, ret[MAXPATHLEN]; @@ -355,22 +355,11 @@ expand_authorized_keys(const char *filename, struct passwd *pw) return (xstrdup(ret)); } -char * -authorized_keys_file(struct passwd *pw) -{ - return expand_authorized_keys(options.authorized_keys_file, pw); -} - -char * -authorized_keys_file2(struct passwd *pw) -{ - return expand_authorized_keys(options.authorized_keys_file2, pw); -} - char * authorized_principals_file(struct passwd *pw) { - if (options.authorized_principals_file == NULL) + if (options.authorized_principals_file == NULL || + strcasecmp(options.authorized_principals_file, "none") == 0) return NULL; return expand_authorized_keys(options.authorized_principals_file, pw); } @@ -469,7 +458,6 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, } strlcpy(buf, cp, sizeof(buf)); - debug3("secure_filename: checking '%s'", buf); if (stat(buf, &st) < 0 || (st.st_uid != 0 && st.st_uid != uid) || (st.st_mode & 022) != 0) { @@ -479,11 +467,9 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, } /* If are past the homedir then we can stop */ - if (comparehome && strcmp(homedir, buf) == 0) { - debug3("secure_filename: terminating check at '%s'", - buf); + if (comparehome && strcmp(homedir, buf) == 0) break; - } + /* * dirname should always complete with a "/" path, * but we can be paranoid and check for "." too @@ -560,9 +546,10 @@ getpwnamallow(const char *user) #endif #endif struct passwd *pw; + struct connection_info *ci = get_connection_info(1, options.use_dns); - parse_server_match_config(&options, user, - get_canonical_hostname(options.use_dns), get_remote_ipaddr()); + ci->user = user; + parse_server_match_config(&options, ci); #if defined(_AIX) && defined(HAVE_SETAUTHDB) aix_setauthdb(user); diff --git a/crypto/openssh/auth.h b/crypto/openssh/auth.h index 77317aee6..0d786c4d5 100644 --- a/crypto/openssh/auth.h +++ b/crypto/openssh/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.66 2010/05/07 11:30:29 djm Exp $ */ +/* $OpenBSD: auth.h,v 1.69 2011/05/23 03:30:07 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -53,6 +53,7 @@ struct Authctxt { int valid; /* user exists and is allowed to login */ int attempt; int failures; + int server_caused_failure; int force_pwchange; char *user; /* username sent by the client */ char *service; @@ -167,8 +168,7 @@ char *get_challenge(Authctxt *); int verify_response(Authctxt *, const char *); void abandon_challenge_response(Authctxt *); -char *authorized_keys_file(struct passwd *); -char *authorized_keys_file2(struct passwd *); +char *expand_authorized_keys(const char *, struct passwd *pw); char *authorized_principals_file(struct passwd *); FILE *auth_openkeyfile(const char *, struct passwd *, int); diff --git a/crypto/openssh/auth2-gss.c b/crypto/openssh/auth2-gss.c index 0e08d889c..0d59b2177 100644 --- a/crypto/openssh/auth2-gss.c +++ b/crypto/openssh/auth2-gss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-gss.c,v 1.16 2007/10/29 00:52:45 dtucker Exp $ */ +/* $OpenBSD: auth2-gss.c,v 1.17 2011/03/10 02:52:57 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -102,6 +102,7 @@ userauth_gssapi(Authctxt *authctxt) if (!present) { xfree(doid); + authctxt->server_caused_failure = 1; return (0); } @@ -109,6 +110,7 @@ userauth_gssapi(Authctxt *authctxt) if (ctxt != NULL) ssh_gssapi_delete_ctx(&ctxt); xfree(doid); + authctxt->server_caused_failure = 1; return (0); } diff --git a/crypto/openssh/auth2-pubkey.c b/crypto/openssh/auth2-pubkey.c index 7d2141355..5bccb5d76 100644 --- a/crypto/openssh/auth2-pubkey.c +++ b/crypto/openssh/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.27 2010/11/20 05:12:38 deraadt Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.30 2011/09/25 05:44:47 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -238,8 +238,9 @@ match_principals_file(char *file, struct passwd *pw, struct KeyCert *cert) } for (i = 0; i < cert->nprincipals; i++) { if (strcmp(cp, cert->principals[i]) == 0) { - debug3("matched principal from file \"%.100s\"", - cert->principals[i]); + debug3("matched principal \"%.100s\" " + "from file \"%s\" on line %lu", + cert->principals[i], file, linenum); if (auth_parse_options(pw, line_opts, file, linenum) != 1) continue; @@ -436,7 +437,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key) int user_key_allowed(struct passwd *pw, Key *key) { - int success; + u_int success, i; char *file; if (auth_key_is_revoked(key)) @@ -448,16 +449,13 @@ user_key_allowed(struct passwd *pw, Key *key) if (success) return success; - file = authorized_keys_file(pw); - success = user_key_allowed2(pw, key, file); - xfree(file); - if (success) - return success; + for (i = 0; !success && i < options.num_authkeys_files; i++) { + file = expand_authorized_keys( + options.authorized_keys_files[i], pw); + success = user_key_allowed2(pw, key, file); + xfree(file); + } - /* try suffix "2" for backward compat, too */ - file = authorized_keys_file2(pw); - success = user_key_allowed2(pw, key, file); - xfree(file); return success; } diff --git a/crypto/openssh/auth2.c b/crypto/openssh/auth2.c index 827f034e4..234ca3b6f 100644 --- a/crypto/openssh/auth2.c +++ b/crypto/openssh/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.122 2010/08/31 09:58:37 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.124 2011/12/07 05:44:38 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -115,7 +115,7 @@ auth2_read_banner(void) close(fd); return (NULL); } - if (st.st_size > 1*1024*1024) { + if (st.st_size <= 0 || st.st_size > 1*1024*1024) { close(fd); return (NULL); } @@ -223,8 +223,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) login_cap_t *lc; const char *from_host, *from_ip; - from_host = get_canonical_hostname(options.use_dns); - from_ip = get_remote_ipaddr(); + from_host = get_canonical_hostname(options.use_dns); + from_ip = get_remote_ipaddr(); #endif if (authctxt == NULL) @@ -272,23 +272,23 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) } #ifdef HAVE_LOGIN_CAP - if (authctxt->pw != NULL) { - lc = login_getpwclass(authctxt->pw); - if (lc == NULL) - lc = login_getclassbyname(NULL, authctxt->pw); - if (!auth_hostok(lc, from_host, from_ip)) { - logit("Denied connection for %.200s from %.200s [%.200s].", - authctxt->pw->pw_name, from_host, from_ip); - packet_disconnect("Sorry, you are not allowed to connect."); - } - if (!auth_timeok(lc, time(NULL))) { - logit("LOGIN %.200s REFUSED (TIME) FROM %.200s", - authctxt->pw->pw_name, from_host); - packet_disconnect("Logins not available right now."); - } - login_close(lc); - lc = NULL; - } + if (authctxt->pw != NULL) { + lc = login_getpwclass(authctxt->pw); + if (lc == NULL) + lc = login_getclassbyname(NULL, authctxt->pw); + if (!auth_hostok(lc, from_host, from_ip)) { + logit("Denied connection for %.200s from %.200s [%.200s].", + authctxt->pw->pw_name, from_host, from_ip); + packet_disconnect("Sorry, you are not allowed to connect."); + } + if (!auth_timeok(lc, time(NULL))) { + logit("LOGIN %.200s REFUSED (TIME) FROM %.200s", + authctxt->pw->pw_name, from_host); + packet_disconnect("Logins not available right now."); + } + login_close(lc); + lc = NULL; + } #endif /* HAVE_LOGIN_CAP */ /* reset state */ @@ -304,6 +304,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) #endif authctxt->postponed = 0; + authctxt->server_caused_failure = 0; /* try to authenticate user */ m = authmethod_lookup(method); @@ -376,7 +377,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) } else { /* Allow initial try of "none" auth without failure penalty */ - if (authctxt->attempt > 1 || strcmp(method, "none") != 0) + if (!authctxt->server_caused_failure && + (authctxt->attempt > 1 || strcmp(method, "none") != 0)) authctxt->failures++; if (authctxt->failures >= options.max_authtries) { #ifdef SSH_AUDIT_EVENTS diff --git a/crypto/openssh/authfd.c b/crypto/openssh/authfd.c index c11c3f5a8..f037e838b 100644 --- a/crypto/openssh/authfd.c +++ b/crypto/openssh/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.84 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: authfd.c,v 1.86 2011/07/06 18:09:21 tedu Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -102,6 +102,7 @@ ssh_get_authentication_socket(void) if (!authsocket) return -1; + bzero(&sunaddr, sizeof(sunaddr)); sunaddr.sun_family = AF_UNIX; strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path)); @@ -110,7 +111,7 @@ ssh_get_authentication_socket(void) return -1; /* close on exec */ - if (fcntl(sock, F_SETFD, 1) == -1) { + if (fcntl(sock, F_SETFD, FD_CLOEXEC) == -1) { close(sock); return -1; } diff --git a/crypto/openssh/authfile.c b/crypto/openssh/authfile.c index f2aec267a..7dd449690 100644 --- a/crypto/openssh/authfile.c +++ b/crypto/openssh/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.87 2010/11/29 18:57:04 markus Exp $ */ +/* $OpenBSD: authfile.c,v 1.93 2012/01/25 19:36:31 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -69,6 +69,8 @@ #include "misc.h" #include "atomicio.h" +#define MAX_KEY_FILE_SIZE (1024 * 1024) + /* Version identification string for SSH v1 identity files. */ static const char authfile_id_string[] = "SSH PRIVATE KEY FILE FORMAT 1.1\n"; @@ -277,6 +279,7 @@ static Key * key_parse_public_rsa1(Buffer *blob, char **commentp) { Key *pub; + Buffer copy; /* Check that it is at least big enough to contain the ID string. */ if (buffer_len(blob) < sizeof(authfile_id_string)) { @@ -293,31 +296,33 @@ key_parse_public_rsa1(Buffer *blob, char **commentp) debug3("Incorrect RSA1 identifier"); return NULL; } - buffer_consume(blob, sizeof(authfile_id_string)); + buffer_init(©); + buffer_append(©, buffer_ptr(blob), buffer_len(blob)); + buffer_consume(©, sizeof(authfile_id_string)); /* Skip cipher type and reserved data. */ - (void) buffer_get_char(blob); /* cipher type */ - (void) buffer_get_int(blob); /* reserved */ + (void) buffer_get_char(©); /* cipher type */ + (void) buffer_get_int(©); /* reserved */ /* Read the public key from the buffer. */ - (void) buffer_get_int(blob); + (void) buffer_get_int(©); pub = key_new(KEY_RSA1); - buffer_get_bignum(blob, pub->rsa->n); - buffer_get_bignum(blob, pub->rsa->e); + buffer_get_bignum(©, pub->rsa->n); + buffer_get_bignum(©, pub->rsa->e); if (commentp) - *commentp = buffer_get_string(blob, NULL); + *commentp = buffer_get_string(©, NULL); /* The encrypted private part is not parsed by this function. */ - buffer_clear(blob); + buffer_free(©); return pub; } -/* Load the contents of a key file into a buffer */ -static int +/* Load a key from a fd into a buffer */ +int key_load_file(int fd, const char *filename, Buffer *blob) { + u_char buf[1024]; size_t len; - u_char *cp; struct stat st; if (fstat(fd, &st) < 0) { @@ -325,30 +330,45 @@ key_load_file(int fd, const char *filename, Buffer *blob) filename == NULL ? "" : filename, filename == NULL ? "" : " ", strerror(errno)); - close(fd); return 0; } - if (st.st_size > 1*1024*1024) { + if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && + st.st_size > MAX_KEY_FILE_SIZE) { + toobig: error("%s: key file %.200s%stoo large", __func__, filename == NULL ? "" : filename, filename == NULL ? "" : " "); - close(fd); return 0; } - len = (size_t)st.st_size; /* truncated */ - - buffer_init(blob); - cp = buffer_append_space(blob, len); - - if (atomicio(read, fd, cp, len) != len) { - debug("%s: read from key file %.200s%sfailed: %.100s", __func__, - filename == NULL ? "" : filename, - filename == NULL ? "" : " ", - strerror(errno)); + buffer_clear(blob); + for (;;) { + if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) { + if (errno == EPIPE) + break; + debug("%s: read from key file %.200s%sfailed: %.100s", + __func__, filename == NULL ? "" : filename, + filename == NULL ? "" : " ", strerror(errno)); + buffer_clear(blob); + bzero(buf, sizeof(buf)); + return 0; + } + buffer_append(blob, buf, len); + if (buffer_len(blob) > MAX_KEY_FILE_SIZE) { + buffer_clear(blob); + bzero(buf, sizeof(buf)); + goto toobig; + } + } + bzero(buf, sizeof(buf)); + if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && + st.st_size != buffer_len(blob)) { + debug("%s: key file %.200s%schanged size while reading", + __func__, filename == NULL ? "" : filename, + filename == NULL ? "" : " "); buffer_clear(blob); - close(fd); return 0; } + return 1; } @@ -403,6 +423,7 @@ key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp) CipherContext ciphercontext; Cipher *cipher; Key *prv = NULL; + Buffer copy; /* Check that it is at least big enough to contain the ID string. */ if (buffer_len(blob) < sizeof(authfile_id_string)) { @@ -419,41 +440,44 @@ key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp) debug3("Incorrect RSA1 identifier"); return NULL; } - buffer_consume(blob, sizeof(authfile_id_string)); + buffer_init(©); + buffer_append(©, buffer_ptr(blob), buffer_len(blob)); + buffer_consume(©, sizeof(authfile_id_string)); /* Read cipher type. */ - cipher_type = buffer_get_char(blob); - (void) buffer_get_int(blob); /* Reserved data. */ + cipher_type = buffer_get_char(©); + (void) buffer_get_int(©); /* Reserved data. */ /* Read the public key from the buffer. */ - (void) buffer_get_int(blob); + (void) buffer_get_int(©); prv = key_new_private(KEY_RSA1); - buffer_get_bignum(blob, prv->rsa->n); - buffer_get_bignum(blob, prv->rsa->e); + buffer_get_bignum(©, prv->rsa->n); + buffer_get_bignum(©, prv->rsa->e); if (commentp) - *commentp = buffer_get_string(blob, NULL); + *commentp = buffer_get_string(©, NULL); else - (void)buffer_get_string_ptr(blob, NULL); + (void)buffer_get_string_ptr(©, NULL); /* Check that it is a supported cipher. */ cipher = cipher_by_number(cipher_type); if (cipher == NULL) { debug("Unsupported RSA1 cipher %d", cipher_type); + buffer_free(©); goto fail; } /* Initialize space for decrypted data. */ buffer_init(&decrypted); - cp = buffer_append_space(&decrypted, buffer_len(blob)); + cp = buffer_append_space(&decrypted, buffer_len(©)); /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */ cipher_set_key_string(&ciphercontext, cipher, passphrase, CIPHER_DECRYPT); cipher_crypt(&ciphercontext, cp, - buffer_ptr(blob), buffer_len(blob)); + buffer_ptr(©), buffer_len(©)); cipher_cleanup(&ciphercontext); memset(&ciphercontext, 0, sizeof(ciphercontext)); - buffer_clear(blob); + buffer_free(©); check1 = buffer_get_char(&decrypted); check2 = buffer_get_char(&decrypted); @@ -606,7 +630,7 @@ key_perm_ok(int fd, const char *filename) error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); error("Permissions 0%3.3o for '%s' are too open.", (u_int)st.st_mode & 0777, filename); - error("It is recommended that your private key files are NOT accessible by others."); + error("It is required that your private key files are NOT accessible by others."); error("This private key will be ignored."); return 0; } @@ -626,6 +650,7 @@ key_parse_private_type(Buffer *blob, int type, const char *passphrase, case KEY_UNSPEC: return key_parse_private_pem(blob, type, passphrase, commentp); default: + error("%s: cannot parse key type %d", __func__, type); break; } return NULL; @@ -669,12 +694,35 @@ key_load_private_type(int type, const char *filename, const char *passphrase, return ret; } +Key * +key_parse_private(Buffer *buffer, const char *filename, + const char *passphrase, char **commentp) +{ + Key *pub, *prv; + + /* it's a SSH v1 key if the public key part is readable */ + pub = key_parse_public_rsa1(buffer, commentp); + if (pub == NULL) { + prv = key_parse_private_type(buffer, KEY_UNSPEC, + passphrase, NULL); + /* use the filename as a comment for PEM */ + if (commentp && prv) + *commentp = xstrdup(filename); + } else { + key_free(pub); + /* key_parse_public_rsa1() has already loaded the comment */ + prv = key_parse_private_type(buffer, KEY_RSA1, passphrase, + NULL); + } + return prv; +} + Key * key_load_private(const char *filename, const char *passphrase, char **commentp) { - Key *pub, *prv; - Buffer buffer, pubcopy; + Key *prv; + Buffer buffer; int fd; fd = open(filename, O_RDONLY); @@ -697,23 +745,7 @@ key_load_private(const char *filename, const char *passphrase, } close(fd); - buffer_init(&pubcopy); - buffer_append(&pubcopy, buffer_ptr(&buffer), buffer_len(&buffer)); - /* it's a SSH v1 key if the public key part is readable */ - pub = key_parse_public_rsa1(&pubcopy, commentp); - buffer_free(&pubcopy); - if (pub == NULL) { - prv = key_parse_private_type(&buffer, KEY_UNSPEC, - passphrase, NULL); - /* use the filename as a comment for PEM */ - if (commentp && prv) - *commentp = xstrdup(filename); - } else { - key_free(pub); - /* key_parse_public_rsa1() has already loaded the comment */ - prv = key_parse_private_type(&buffer, KEY_RSA1, passphrase, - NULL); - } + prv = key_parse_private(&buffer, filename, passphrase, commentp); buffer_free(&buffer); return prv; } @@ -737,13 +769,19 @@ key_try_load_public(Key *k, const char *filename, char **commentp) case '\0': continue; } + /* Abort loading if this looks like a private key */ + if (strncmp(cp, "-----BEGIN", 10) == 0) + break; /* Skip leading whitespace. */ for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) ; if (*cp) { if (key_read(k, &cp) == 1) { - if (commentp) - *commentp=xstrdup(filename); + cp[strcspn(cp, "\r\n")] = '\0'; + if (commentp) { + *commentp = xstrdup(*cp ? + cp : filename); + } fclose(f); return 1; } diff --git a/crypto/openssh/authfile.h b/crypto/openssh/authfile.h index 6745dc062..78349beb5 100644 --- a/crypto/openssh/authfile.h +++ b/crypto/openssh/authfile.h @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.h,v 1.15 2010/08/04 05:42:47 djm Exp $ */ +/* $OpenBSD: authfile.h,v 1.16 2011/05/04 21:15:29 djm Exp $ */ /* * Author: Tatu Ylonen @@ -16,9 +16,11 @@ #define AUTHFILE_H int key_save_private(Key *, const char *, const char *, const char *); +int key_load_file(int, const char *, Buffer *); Key *key_load_cert(const char *); Key *key_load_public(const char *, char **); Key *key_load_public_type(int, const char *, char **); +Key *key_parse_private(Buffer *, const char *, const char *, char **); Key *key_load_private(const char *, const char *, char **); Key *key_load_private_cert(int, const char *, const char *, int *); Key *key_load_private_type(int, const char *, const char *, char **, int *); diff --git a/crypto/openssh/channels.c b/crypto/openssh/channels.c index bf7072a1c..04ad25520 100644 --- a/crypto/openssh/channels.c +++ b/crypto/openssh/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.310 2010/11/24 01:24:14 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.318 2012/04/23 08:18:17 djm Exp $ */ /* $FreeBSD$ */ /* * Author: Tatu Ylonen @@ -126,6 +126,9 @@ static int num_permitted_opens = 0; /* Number of permitted host/port pair in the array permitted by the admin. */ static int num_adm_permitted_opens = 0; +/* special-case port number meaning allow any port */ +#define FWD_PERMIT_ANY_PORT 0 + /* * If this is true, all opens are permitted. This is the case on the server * on which we have to trust the client anyway, and the user could do @@ -308,10 +311,13 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, buffer_init(&c->output); buffer_init(&c->extended); c->path = NULL; + c->listening_addr = NULL; + c->listening_port = 0; c->ostate = CHAN_OUTPUT_OPEN; c->istate = CHAN_INPUT_OPEN; c->flags = 0; channel_register_fds(c, rfd, wfd, efd, extusage, nonblock, 0); + c->notbefore = 0; c->self = found; c->type = type; c->ctype = ctype; @@ -418,6 +424,10 @@ channel_free(Channel *c) xfree(c->path); c->path = NULL; } + if (c->listening_addr) { + xfree(c->listening_addr); + c->listening_addr = NULL; + } while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) { if (cc->abandon_cb != NULL) cc->abandon_cb(c, cc->ctx); @@ -824,7 +834,7 @@ channel_tcpwinsz(void) u_int maxlen; /* If we are not on a socket return 128KB. */ - if (!packet_connection_is_on_socket()) + if (!packet_connection_is_on_socket()) return (128 * 1024); tcpwinsz = 0; @@ -854,7 +864,7 @@ channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset) limit = MIN(compat20 ? c->remote_window : packet_get_maxsize(), 2 * c->tcpwinsz); - + if (c->istate == CHAN_INPUT_OPEN && limit > 0 && buffer_len(&c->input) < limit && @@ -1372,6 +1382,8 @@ channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset) } if (newsock < 0) { error("accept: %.100s", strerror(errno)); + if (errno == EMFILE || errno == ENFILE) + c->notbefore = time(NULL) + 1; return; } set_nodelay(newsock); @@ -1515,6 +1527,8 @@ channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset) newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); if (newsock < 0) { error("accept: %.100s", strerror(errno)); + if (errno == EMFILE || errno == ENFILE) + c->notbefore = time(NULL) + 1; return; } set_nodelay(newsock); @@ -1547,7 +1561,10 @@ channel_post_auth_listener(Channel *c, fd_set *readset, fd_set *writeset) addrlen = sizeof(addr); newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); if (newsock < 0) { - error("accept from auth socket: %.100s", strerror(errno)); + error("accept from auth socket: %.100s", + strerror(errno)); + if (errno == EMFILE || errno == ENFILE) + c->notbefore = time(NULL) + 1; return; } nc = channel_new("accepted auth socket", @@ -1961,6 +1978,8 @@ channel_post_mux_listener(Channel *c, fd_set *readset, fd_set *writeset) if ((newsock = accept(c->sock, (struct sockaddr*)&addr, &addrlen)) == -1) { error("%s accept: %s", __func__, strerror(errno)); + if (errno == EMFILE || errno == ENFILE) + c->notbefore = time(NULL) + 1; return; } @@ -2111,16 +2130,21 @@ channel_garbage_collect(Channel *c) } static void -channel_handler(chan_fn *ftab[], fd_set *readset, fd_set *writeset) +channel_handler(chan_fn *ftab[], fd_set *readset, fd_set *writeset, + time_t *unpause_secs) { static int did_init = 0; u_int i, oalloc; Channel *c; + time_t now; if (!did_init) { channel_handler_init(); did_init = 1; } + now = time(NULL); + if (unpause_secs != NULL) + *unpause_secs = 0; for (i = 0, oalloc = channels_alloc; i < oalloc; i++) { c = channels[i]; if (c == NULL) @@ -2131,10 +2155,30 @@ channel_handler(chan_fn *ftab[], fd_set *readset, fd_set *writeset) else continue; } - if (ftab[c->type] != NULL) - (*ftab[c->type])(c, readset, writeset); + if (ftab[c->type] != NULL) { + /* + * Run handlers that are not paused. + */ + if (c->notbefore <= now) + (*ftab[c->type])(c, readset, writeset); + else if (unpause_secs != NULL) { + /* + * Collect the time that the earliest + * channel comes off pause. + */ + debug3("%s: chan %d: skip for %d more seconds", + __func__, c->self, + (int)(c->notbefore - now)); + if (*unpause_secs == 0 || + (c->notbefore - now) < *unpause_secs) + *unpause_secs = c->notbefore - now; + } + } channel_garbage_collect(c); } + if (unpause_secs != NULL && *unpause_secs != 0) + debug3("%s: first channel unpauses in %d seconds", + __func__, (int)*unpause_secs); } /* @@ -2143,7 +2187,7 @@ channel_handler(chan_fn *ftab[], fd_set *readset, fd_set *writeset) */ void channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp, - u_int *nallocp, int rekeying) + u_int *nallocp, time_t *minwait_secs, int rekeying) { u_int n, sz, nfdset; @@ -2166,7 +2210,8 @@ channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp, memset(*writesetp, 0, sz); if (!rekeying) - channel_handler(channel_pre, *readsetp, *writesetp); + channel_handler(channel_pre, *readsetp, *writesetp, + minwait_secs); } /* @@ -2176,7 +2221,7 @@ channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp, void channel_after_select(fd_set *readset, fd_set *writeset) { - channel_handler(channel_post, readset, writeset); + channel_handler(channel_post, readset, writeset, NULL); } @@ -2687,15 +2732,54 @@ channel_set_af(int af) IPv4or6 = af; } -void +void channel_set_hpn(int disabled, u_int buf_size) { - hpn_disabled = disabled; + hpn_disabled = disabled; buffer_size = buf_size; debug("HPN Disabled: %d, HPN Buffer Size: %d", hpn_disabled, buffer_size); } +/* + * Determine whether or not a port forward listens to loopback, the + * specified address or wildcard. On the client, a specified bind + * address will always override gateway_ports. On the server, a + * gateway_ports of 1 (``yes'') will override the client's specification + * and force a wildcard bind, whereas a value of 2 (``clientspecified'') + * will bind to whatever address the client asked for. + * + * Special-case listen_addrs are: + * + * "0.0.0.0" -> wildcard v4/v6 if SSH_OLD_FORWARD_ADDR + * "" (empty string), "*" -> wildcard v4/v6 + * "localhost" -> loopback v4/v6 + */ +static const char * +channel_fwd_bind_addr(const char *listen_addr, int *wildcardp, + int is_client, int gateway_ports) +{ + const char *addr = NULL; + int wildcard = 0; + + if (listen_addr == NULL) { + /* No address specified: default to gateway_ports setting */ + if (gateway_ports) + wildcard = 1; + } else if (gateway_ports || is_client) { + if (((datafellows & SSH_OLD_FORWARD_ADDR) && + strcmp(listen_addr, "0.0.0.0") == 0 && is_client == 0) || + *listen_addr == '\0' || strcmp(listen_addr, "*") == 0 || + (!is_client && gateway_ports == 1)) + wildcard = 1; + else if (strcmp(listen_addr, "localhost") != 0) + addr = listen_addr; + } + if (wildcardp != NULL) + *wildcardp = wildcard; + return addr; +} + static int channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_port, int *allocated_listen_port, @@ -2721,36 +2805,9 @@ channel_setup_fwd_listener(int type, const char *listen_addr, return 0; } - /* - * Determine whether or not a port forward listens to loopback, - * specified address or wildcard. On the client, a specified bind - * address will always override gateway_ports. On the server, a - * gateway_ports of 1 (``yes'') will override the client's - * specification and force a wildcard bind, whereas a value of 2 - * (``clientspecified'') will bind to whatever address the client - * asked for. - * - * Special-case listen_addrs are: - * - * "0.0.0.0" -> wildcard v4/v6 if SSH_OLD_FORWARD_ADDR - * "" (empty string), "*" -> wildcard v4/v6 - * "localhost" -> loopback v4/v6 - */ - addr = NULL; - if (listen_addr == NULL) { - /* No address specified: default to gateway_ports setting */ - if (gateway_ports) - wildcard = 1; - } else if (gateway_ports || is_client) { - if (((datafellows & SSH_OLD_FORWARD_ADDR) && - strcmp(listen_addr, "0.0.0.0") == 0 && is_client == 0) || - *listen_addr == '\0' || strcmp(listen_addr, "*") == 0 || - (!is_client && gateway_ports == 1)) - wildcard = 1; - else if (strcmp(listen_addr, "localhost") != 0) - addr = listen_addr; - } - + /* Determine the bind address, cf. channel_fwd_bind_addr() comment */ + addr = channel_fwd_bind_addr(listen_addr, &wildcard, + is_client, gateway_ports); debug3("channel_setup_fwd_listener: type %d wildcard %d addr %s", type, wildcard, (addr == NULL) ? "NULL" : addr); @@ -2856,13 +2913,18 @@ channel_setup_fwd_listener(int type, const char *listen_addr, c = channel_new("port listener", type, sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "port listener", 1); - else - c = channel_new("port listener", type, sock, sock, -1, - buffer_size, CHAN_TCP_PACKET_DEFAULT, - 0, "port listener", 1); + else + c = channel_new("port listener", type, sock, sock, -1, + buffer_size, CHAN_TCP_PACKET_DEFAULT, + 0, "port listener", 1); c->path = xstrdup(host); c->host_port = port_to_connect; - c->listening_port = listen_port; + c->listening_addr = addr == NULL ? NULL : xstrdup(addr); + if (listen_port == 0 && allocated_listen_port != NULL && + !(datafellows & SSH_BUG_DYNAMIC_RPORT)) + c->listening_port = *allocated_listen_port; + else + c->listening_port = listen_port; success = 1; } if (success == 0) @@ -2880,9 +2942,44 @@ channel_cancel_rport_listener(const char *host, u_short port) for (i = 0; i < channels_alloc; i++) { Channel *c = channels[i]; + if (c == NULL || c->type != SSH_CHANNEL_RPORT_LISTENER) + continue; + if (strcmp(c->path, host) == 0 && c->listening_port == port) { + debug2("%s: close channel %d", __func__, i); + channel_free(c); + found = 1; + } + } + + return (found); +} - if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER && - strcmp(c->path, host) == 0 && c->listening_port == port) { +int +channel_cancel_lport_listener(const char *lhost, u_short lport, + int cport, int gateway_ports) +{ + u_int i; + int found = 0; + const char *addr = channel_fwd_bind_addr(lhost, NULL, 1, gateway_ports); + + for (i = 0; i < channels_alloc; i++) { + Channel *c = channels[i]; + if (c == NULL || c->type != SSH_CHANNEL_PORT_LISTENER) + continue; + if (c->listening_port != lport) + continue; + if (cport == CHANNEL_CANCEL_PORT_STATIC) { + /* skip dynamic forwardings */ + if (c->host_port == 0) + continue; + } else { + if (c->host_port != cport) + continue; + } + if ((c->listening_addr == NULL && addr != NULL) || + (c->listening_addr != NULL && addr == NULL)) + continue; + if (addr == NULL || strcmp(c->listening_addr, addr) == 0) { debug2("%s: close channel %d", __func__, i); channel_free(c); found = 1; @@ -2912,38 +3009,45 @@ channel_setup_remote_fwd_listener(const char *listen_address, NULL, 0, gateway_ports); } +/* + * Translate the requested rfwd listen host to something usable for + * this server. + */ +static const char * +channel_rfwd_bind_host(const char *listen_host) +{ + if (listen_host == NULL) { + if (datafellows & SSH_BUG_RFWD_ADDR) + return "127.0.0.1"; + else + return "localhost"; + } else if (*listen_host == '\0' || strcmp(listen_host, "*") == 0) { + if (datafellows & SSH_BUG_RFWD_ADDR) + return "0.0.0.0"; + else + return ""; + } else + return listen_host; +} + /* * Initiate forwarding of connections to port "port" on remote host through * the secure channel to host:port from local side. + * Returns handle (index) for updating the dynamic listen port with + * channel_update_permitted_opens(). */ - int channel_request_remote_forwarding(const char *listen_host, u_short listen_port, const char *host_to_connect, u_short port_to_connect) { - int type, success = 0; + int type, success = 0, idx = -1; /* Send the forward request to the remote side. */ if (compat20) { - const char *address_to_bind; - if (listen_host == NULL) { - if (datafellows & SSH_BUG_RFWD_ADDR) - address_to_bind = "127.0.0.1"; - else - address_to_bind = "localhost"; - } else if (*listen_host == '\0' || - strcmp(listen_host, "*") == 0) { - if (datafellows & SSH_BUG_RFWD_ADDR) - address_to_bind = "0.0.0.0"; - else - address_to_bind = ""; - } else - address_to_bind = listen_host; - packet_start(SSH2_MSG_GLOBAL_REQUEST); packet_put_cstring("tcpip-forward"); - packet_put_char(1); /* boolean: want reply */ - packet_put_cstring(address_to_bind); + packet_put_char(1); /* boolean: want reply */ + packet_put_cstring(channel_rfwd_bind_host(listen_host)); packet_put_int(listen_port); packet_send(); packet_write_wait(); @@ -2975,25 +3079,25 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port, /* Record that connection to this host/port is permitted. */ permitted_opens = xrealloc(permitted_opens, num_permitted_opens + 1, sizeof(*permitted_opens)); - permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); - permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; - permitted_opens[num_permitted_opens].listen_port = listen_port; - num_permitted_opens++; + idx = num_permitted_opens++; + permitted_opens[idx].host_to_connect = xstrdup(host_to_connect); + permitted_opens[idx].port_to_connect = port_to_connect; + permitted_opens[idx].listen_port = listen_port; } - return (success ? 0 : -1); + return (idx); } /* * Request cancellation of remote forwarding of connection host:port from * local side. */ -void +int channel_request_rforward_cancel(const char *host, u_short port) { int i; if (!compat20) - return; + return -1; for (i = 0; i < num_permitted_opens; i++) { if (permitted_opens[i].host_to_connect != NULL && @@ -3002,12 +3106,12 @@ channel_request_rforward_cancel(const char *host, u_short port) } if (i >= num_permitted_opens) { debug("%s: requested forward not found", __func__); - return; + return -1; } packet_start(SSH2_MSG_GLOBAL_REQUEST); packet_put_cstring("cancel-tcpip-forward"); packet_put_char(0); - packet_put_cstring(host == NULL ? "" : host); + packet_put_cstring(channel_rfwd_bind_host(host)); packet_put_int(port); packet_send(); @@ -3015,6 +3119,8 @@ channel_request_rforward_cancel(const char *host, u_short port) permitted_opens[i].port_to_connect = 0; xfree(permitted_opens[i].host_to_connect); permitted_opens[i].host_to_connect = NULL; + + return 0; } /* @@ -3083,6 +3189,35 @@ channel_add_permitted_opens(char *host, int port) all_opens_permitted = 0; } +/* + * Update the listen port for a dynamic remote forward, after + * the actual 'newport' has been allocated. If 'newport' < 0 is + * passed then they entry will be invalidated. + */ +void +channel_update_permitted_opens(int idx, int newport) +{ + if (idx < 0 || idx >= num_permitted_opens) { + debug("channel_update_permitted_opens: index out of range:" + " %d num_permitted_opens %d", idx, num_permitted_opens); + return; + } + debug("%s allowed port %d for forwarding to host %s port %d", + newport > 0 ? "Updating" : "Removing", + newport, + permitted_opens[idx].host_to_connect, + permitted_opens[idx].port_to_connect); + if (newport >= 0) { + permitted_opens[idx].listen_port = + (datafellows & SSH_BUG_DYNAMIC_RPORT) ? 0 : newport; + } else { + permitted_opens[idx].listen_port = 0; + permitted_opens[idx].port_to_connect = 0; + xfree(permitted_opens[idx].host_to_connect); + permitted_opens[idx].host_to_connect = NULL; + } +} + int channel_add_adm_permitted_opens(char *host, int port) { @@ -3096,6 +3231,17 @@ channel_add_adm_permitted_opens(char *host, int port) return ++num_adm_permitted_opens; } +void +channel_disable_adm_local_opens(void) +{ + if (num_adm_permitted_opens == 0) { + permitted_adm_opens = xmalloc(sizeof(*permitted_adm_opens)); + permitted_adm_opens[num_adm_permitted_opens].host_to_connect + = NULL; + num_adm_permitted_opens = 1; + } +} + void channel_clear_permitted_opens(void) { @@ -3137,12 +3283,36 @@ channel_print_adm_permitted_opens(void) return; } for (i = 0; i < num_adm_permitted_opens; i++) - if (permitted_adm_opens[i].host_to_connect != NULL) + if (permitted_adm_opens[i].host_to_connect == NULL) + printf(" none"); + else printf(" %s:%d", permitted_adm_opens[i].host_to_connect, permitted_adm_opens[i].port_to_connect); printf("\n"); } +/* returns port number, FWD_PERMIT_ANY_PORT or -1 on error */ +int +permitopen_port(const char *p) +{ + int port; + + if (strcmp(p, "*") == 0) + return FWD_PERMIT_ANY_PORT; + if ((port = a2port(p)) > 0) + return port; + return -1; +} + +static int +port_match(u_short allowedport, u_short requestedport) +{ + if (allowedport == FWD_PERMIT_ANY_PORT || + allowedport == requestedport) + return 1; + return 0; +} + /* Try to start non-blocking connect to next host in cctx list */ static int connect_next(struct channel_connect *cctx) @@ -3245,7 +3415,7 @@ channel_connect_by_listen_address(u_short listen_port, char *ctype, char *rname) for (i = 0; i < num_permitted_opens; i++) { if (permitted_opens[i].host_to_connect != NULL && - permitted_opens[i].listen_port == listen_port) { + port_match(permitted_opens[i].listen_port, listen_port)) { return connect_to( permitted_opens[i].host_to_connect, permitted_opens[i].port_to_connect, ctype, rname); @@ -3266,7 +3436,7 @@ channel_connect_to(const char *host, u_short port, char *ctype, char *rname) if (!permit) { for (i = 0; i < num_permitted_opens; i++) if (permitted_opens[i].host_to_connect != NULL && - permitted_opens[i].port_to_connect == port && + port_match(permitted_opens[i].port_to_connect, port) && strcmp(permitted_opens[i].host_to_connect, host) == 0) permit = 1; } @@ -3275,7 +3445,7 @@ channel_connect_to(const char *host, u_short port, char *ctype, char *rname) permit_adm = 0; for (i = 0; i < num_adm_permitted_opens; i++) if (permitted_adm_opens[i].host_to_connect != NULL && - permitted_adm_opens[i].port_to_connect == port && + port_match(permitted_adm_opens[i].port_to_connect, port) && strcmp(permitted_adm_opens[i].host_to_connect, host) == 0) permit_adm = 1; @@ -3638,7 +3808,7 @@ deny_input_open(int type, u_int32_t seq, void *ctxt) */ void x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, - const char *proto, const char *data) + const char *proto, const char *data, int want_reply) { u_int data_len = (u_int) strlen(data) / 2; u_int i, value; @@ -3691,7 +3861,7 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, /* Send the request packet. */ if (compat20) { - channel_request_start(client_session_id, "x11-req", 0); + channel_request_start(client_session_id, "x11-req", want_reply); packet_put_char(0); /* XXX bool single connection */ } else { packet_start(SSH_CMSG_X11_REQUEST_FORWARDING); diff --git a/crypto/openssh/channels.h b/crypto/openssh/channels.h index a967a7e1a..cede0a4e1 100644 --- a/crypto/openssh/channels.h +++ b/crypto/openssh/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.104 2010/05/14 23:29:23 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.111 2012/04/11 13:16:19 djm Exp $ */ /* $FreeBSD$ */ /* @@ -58,6 +58,8 @@ #define SSH_CHANNEL_MUX_CLIENT 16 /* Conn. to mux slave */ #define SSH_CHANNEL_MAX_TYPE 17 +#define CHANNEL_CANCEL_PORT_STATIC -1 + struct Channel; typedef struct Channel Channel; @@ -104,6 +106,7 @@ struct Channel { int wfd_isatty; /* wfd is a tty */ int client_tty; /* (client) TTY has been requested */ int force_drain; /* force close on iEOF */ + time_t notbefore; /* Pause IO until deadline (time_t) */ int delayed; /* post-select handlers for newly created * channels are delayed until the first call * to a matching pre-select handler. @@ -117,6 +120,7 @@ struct Channel { char *path; /* path for unix domain sockets, or host name for forwards */ int listening_port; /* port being listened for forwards */ + char *listening_addr; /* addr being listened for forwards */ int host_port; /* remote port to connect for forwards */ char *remote_name; /* remote hostname */ @@ -126,7 +130,7 @@ struct Channel { u_int local_window_max; u_int local_consumed; u_int local_maxpacket; - u_int tcpwinsz; + u_int tcpwinsz; int dynamic_window; int extended_usage; int single_connection; @@ -165,13 +169,10 @@ struct Channel { /* default window/packet sizes for tcp/x11-fwd-channel */ #define CHAN_SES_PACKET_DEFAULT (32*1024) #define CHAN_SES_WINDOW_DEFAULT (64*CHAN_SES_PACKET_DEFAULT) - #define CHAN_TCP_PACKET_DEFAULT (32*1024) #define CHAN_TCP_WINDOW_DEFAULT (64*CHAN_TCP_PACKET_DEFAULT) - #define CHAN_X11_PACKET_DEFAULT (16*1024) #define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT) - #define CHAN_HPN_MIN_WINDOW_DEFAULT (2*1024*1024) /* possible input states */ @@ -242,7 +243,8 @@ void channel_input_status_confirm(int, u_int32_t, void *); /* file descriptor handling (read/write) */ -void channel_prepare_select(fd_set **, fd_set **, int *, u_int*, int); +void channel_prepare_select(fd_set **, fd_set **, int *, u_int*, + time_t*, int); void channel_after_select(fd_set *, fd_set *); void channel_output_poll(void); @@ -257,6 +259,8 @@ void channel_set_af(int af); void channel_permit_all_opens(void); void channel_add_permitted_opens(char *, int); int channel_add_adm_permitted_opens(char *, int); +void channel_disable_adm_local_opens(void); +void channel_update_permitted_opens(int, int); void channel_clear_permitted_opens(void); void channel_clear_adm_permitted_opens(void); void channel_print_adm_permitted_opens(void); @@ -268,9 +272,11 @@ int channel_request_remote_forwarding(const char *, u_short, const char *, u_short); int channel_setup_local_fwd_listener(const char *, u_short, const char *, u_short, int); -void channel_request_rforward_cancel(const char *host, u_short port); +int channel_request_rforward_cancel(const char *host, u_short port); int channel_setup_remote_fwd_listener(const char *, u_short, int *, int); int channel_cancel_rport_listener(const char *, u_short); +int channel_cancel_lport_listener(const char *, u_short, int, int); +int permitopen_port(const char *); /* x11 forwarding */ @@ -278,7 +284,7 @@ int x11_connect_display(void); int x11_create_display_inet(int, int, int, u_int *, int **); void x11_input_open(int, u_int32_t, void *); void x11_request_forwarding_with_spoofing(int, const char *, const char *, - const char *); + const char *, int); void deny_input_open(int, u_int32_t, void *); /* agent forwarding */ @@ -302,6 +308,7 @@ void chan_write_failed(Channel *); void chan_obuf_empty(Channel *); /* hpn handler */ -void channel_set_hpn(int, u_int); + +void channel_set_hpn(int, u_int); #endif diff --git a/crypto/openssh/clientloop.c b/crypto/openssh/clientloop.c index 05487f266..5dd7b1b16 100644 --- a/crypto/openssh/clientloop.c +++ b/crypto/openssh/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.231 2011/01/16 12:05:59 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.240 2012/06/20 04:42:58 djm Exp $ */ /* $FreeBSD$ */ /* * Author: Tatu Ylonen @@ -131,9 +131,6 @@ extern int muxserver_sock; /* XXX use mux_client_cleanup() instead */ */ extern char *host; -/* Force TTY allocation */ -extern int force_tty_flag; - /* * Flag to indicate that we have received a window change signal which has * not yet been processed. This will cause a message indicating the new @@ -180,7 +177,8 @@ struct escape_filter_ctx { /* Context for channel confirmation replies */ struct channel_reply_ctx { const char *request_type; - int id, do_close; + int id; + enum confirm_action action; }; /* Global request success/failure callbacks */ @@ -266,10 +264,10 @@ static void set_control_persist_exit_time(void) { if (muxserver_sock == -1 || !options.control_persist - || options.control_persist_timeout == 0) + || options.control_persist_timeout == 0) { /* not using a ControlPersist timeout */ control_persist_exit_time = 0; - else if (channel_still_open()) { + } else if (channel_still_open()) { /* some client connections are still open */ if (control_persist_exit_time > 0) debug2("%s: cancel scheduled exit", __func__); @@ -284,6 +282,23 @@ set_control_persist_exit_time(void) /* else we are already counting down to the timeout */ } +#define SSH_X11_VALID_DISPLAY_CHARS ":/.-_" +static int +client_x11_display_valid(const char *display) +{ + size_t i, dlen; + + dlen = strlen(display); + for (i = 0; i < dlen; i++) { + if (!isalnum(display[i]) && + strchr(SSH_X11_VALID_DISPLAY_CHARS, display[i]) == NULL) { + debug("Invalid character '%c' in DISPLAY", display[i]); + return 0; + } + } + return 1; +} + #define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1" void client_x11_get_proto(const char *display, const char *xauth_path, @@ -306,6 +321,9 @@ client_x11_get_proto(const char *display, const char *xauth_path, if (xauth_path == NULL ||(stat(xauth_path, &st) == -1)) { debug("No xauth program."); + } else if (!client_x11_display_valid(display)) { + logit("DISPLAY '%s' invalid, falling back to fake xauth data", + display); } else { if (display == NULL) { debug("x11_get_proto: DISPLAY not set"); @@ -566,10 +584,12 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, { struct timeval tv, *tvp; int timeout_secs; + time_t minwait_secs = 0; int ret; /* Add any selections by the channel mechanism. */ - channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, rekeying); + channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, + &minwait_secs, rekeying); if (!compat20) { /* Read from the connection, unless our buffers are full. */ @@ -622,6 +642,8 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, if (timeout_secs < 0) timeout_secs = 0; } + if (minwait_secs != 0) + timeout_secs = MIN(timeout_secs, (int)minwait_secs); if (timeout_secs == INT_MAX) tvp = NULL; else { @@ -663,7 +685,7 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr) atomicio(vwrite, fileno(stderr), buffer_ptr(berr), buffer_len(berr)); - leave_raw_mode(force_tty_flag); + leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE); /* * Free (and clear) the buffer to reduce the amount of data that gets @@ -684,7 +706,7 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr) buffer_init(bout); buffer_init(berr); - enter_raw_mode(force_tty_flag); + enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE); } static void @@ -743,6 +765,15 @@ client_status_confirm(int type, Channel *c, void *ctx) char errmsg[256]; int tochan; + /* + * If a TTY was explicitly requested, then a failure to allocate + * one is fatal. + */ + if (cr->action == CONFIRM_TTY && + (options.request_tty == REQUEST_TTY_FORCE || + options.request_tty == REQUEST_TTY_YES)) + cr->action = CONFIRM_CLOSE; + /* XXX supress on mux _client_ quietmode */ tochan = options.log_level >= SYSLOG_LEVEL_ERROR && c->ctl_chan != -1 && c->extended_usage == CHAN_EXTENDED_WRITE; @@ -760,14 +791,27 @@ client_status_confirm(int type, Channel *c, void *ctx) cr->request_type, c->self); } /* If error occurred on primary session channel, then exit */ - if (cr->do_close && c->self == session_ident) + if (cr->action == CONFIRM_CLOSE && c->self == session_ident) fatal("%s", errmsg); - /* If error occurred on mux client, append to their stderr */ - if (tochan) - buffer_append(&c->extended, errmsg, strlen(errmsg)); - else + /* + * If error occurred on mux client, append to + * their stderr. + */ + if (tochan) { + buffer_append(&c->extended, errmsg, + strlen(errmsg)); + } else error("%s", errmsg); - if (cr->do_close) { + if (cr->action == CONFIRM_TTY) { + /* + * If a TTY allocation error occurred, then arrange + * for the correct TTY to leave raw mode. + */ + if (c->self == session_ident) + leave_raw_mode(0); + else + mux_tty_alloc_failed(c); + } else if (cr->action == CONFIRM_CLOSE) { chan_read_failed(c); chan_write_failed(c); } @@ -781,13 +825,14 @@ client_abandon_status_confirm(Channel *c, void *ctx) xfree(ctx); } -static void -client_expect_confirm(int id, const char *request, int do_close) +void +client_expect_confirm(int id, const char *request, + enum confirm_action action) { struct channel_reply_ctx *cr = xmalloc(sizeof(*cr)); cr->request_type = request; - cr->do_close = do_close; + cr->action = action; channel_register_status_confirm(id, client_status_confirm, client_abandon_status_confirm, cr); @@ -819,15 +864,14 @@ process_cmdline(void) { void (*handler)(int); char *s, *cmd, *cancel_host; - int delete = 0; - int local = 0, remote = 0, dynamic = 0; - int cancel_port; + int delete = 0, local = 0, remote = 0, dynamic = 0; + int cancel_port, ok; Forward fwd; bzero(&fwd, sizeof(fwd)); fwd.listen_host = fwd.connect_host = NULL; - leave_raw_mode(force_tty_flag); + leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE); handler = signal(SIGINT, SIG_IGN); cmd = s = read_passphrase("\r\nssh> ", RP_ECHO); if (s == NULL) @@ -847,8 +891,12 @@ process_cmdline(void) "Request remote forward"); logit(" -D[bind_address:]port " "Request dynamic forward"); + logit(" -KL[bind_address:]port " + "Cancel local forward"); logit(" -KR[bind_address:]port " "Cancel remote forward"); + logit(" -KD[bind_address:]port " + "Cancel dynamic forward"); if (!options.permit_local_command) goto out; logit(" !args " @@ -877,11 +925,7 @@ process_cmdline(void) goto out; } - if ((local || dynamic) && delete) { - logit("Not supported."); - goto out; - } - if (remote && delete && !compat20) { + if (delete && !compat20) { logit("Not supported for SSH protocol version 1."); goto out; } @@ -904,7 +948,21 @@ process_cmdline(void) logit("Bad forwarding close port"); goto out; } - channel_request_rforward_cancel(cancel_host, cancel_port); + if (remote) + ok = channel_request_rforward_cancel(cancel_host, + cancel_port) == 0; + else if (dynamic) + ok = channel_cancel_lport_listener(cancel_host, + cancel_port, 0, options.gateway_ports) > 0; + else + ok = channel_cancel_lport_listener(cancel_host, + cancel_port, CHANNEL_CANCEL_PORT_STATIC, + options.gateway_ports) > 0; + if (!ok) { + logit("Unkown port forwarding."); + goto out; + } + logit("Canceled forwarding."); } else { if (!parse_forward(&fwd, s, dynamic, remote)) { logit("Bad forwarding specification."); @@ -925,13 +983,12 @@ process_cmdline(void) goto out; } } - logit("Forwarding port."); } out: signal(SIGINT, handler); - enter_raw_mode(force_tty_flag); + enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE); if (cmd) xfree(cmd); if (fwd.listen_host != NULL) @@ -1050,7 +1107,8 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr, * more new connections). */ /* Restore tty modes. */ - leave_raw_mode(force_tty_flag); + leave_raw_mode( + options.request_tty == REQUEST_TTY_FORCE); /* Stop listening for new connections. */ channel_stop_listening(); @@ -1345,7 +1403,7 @@ client_channel_closed(int id, void *arg) { channel_cancel_cleanup(id); session_closed = 1; - leave_raw_mode(force_tty_flag); + leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE); } /* @@ -1416,18 +1474,21 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) signal(SIGWINCH, window_change_handler); if (have_pty) - enter_raw_mode(force_tty_flag); + enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE); if (compat20) { session_ident = ssh2_chan_id; - if (escape_char_arg != SSH_ESCAPECHAR_NONE) - channel_register_filter(session_ident, - client_simple_escape_filter, NULL, - client_filter_cleanup, - client_new_escape_filter_ctx(escape_char_arg)); - if (session_ident != -1) + if (session_ident != -1) { + if (escape_char_arg != SSH_ESCAPECHAR_NONE) { + channel_register_filter(session_ident, + client_simple_escape_filter, NULL, + client_filter_cleanup, + client_new_escape_filter_ctx( + escape_char_arg)); + } channel_register_cleanup(session_ident, client_channel_closed, 0); + } } else { /* Check if we should immediately send eof on stdin. */ client_check_initial_eof_on_stdin(); @@ -1557,7 +1618,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) channel_free_all(); if (have_pty) - leave_raw_mode(force_tty_flag); + leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE); /* restore blocking io */ if (!isatty(fileno(stdin))) @@ -2000,7 +2061,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem, memset(&ws, 0, sizeof(ws)); channel_request_start(id, "pty-req", 1); - client_expect_confirm(id, "PTY allocation", 1); + client_expect_confirm(id, "PTY allocation", CONFIRM_TTY); packet_put_cstring(term != NULL ? term : ""); packet_put_int((u_int)ws.ws_col); packet_put_int((u_int)ws.ws_row); @@ -2059,18 +2120,18 @@ client_session2_setup(int id, int want_tty, int want_subsystem, debug("Sending subsystem: %.*s", len, (u_char*)buffer_ptr(cmd)); channel_request_start(id, "subsystem", 1); - client_expect_confirm(id, "subsystem", 1); + client_expect_confirm(id, "subsystem", CONFIRM_CLOSE); } else { debug("Sending command: %.*s", len, (u_char*)buffer_ptr(cmd)); channel_request_start(id, "exec", 1); - client_expect_confirm(id, "exec", 1); + client_expect_confirm(id, "exec", CONFIRM_CLOSE); } packet_put_string(buffer_ptr(cmd), buffer_len(cmd)); packet_send(); } else { channel_request_start(id, "shell", 1); - client_expect_confirm(id, "shell", 1); + client_expect_confirm(id, "shell", CONFIRM_CLOSE); packet_send(); } } @@ -2140,11 +2201,26 @@ client_init_dispatch(void) client_init_dispatch_15(); } +void +client_stop_mux(void) +{ + if (options.control_path != NULL && muxserver_sock != -1) + unlink(options.control_path); + /* + * If we are in persist mode, signal that we should close when all + * active channels are closed. + */ + if (options.control_persist) { + session_closed = 1; + setproctitle("[stopped mux]"); + } +} + /* client specific fatal cleanup */ void cleanup_exit(int i) { - leave_raw_mode(force_tty_flag); + leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE); leave_non_blocking(); if (options.control_path != NULL && muxserver_sock != -1) unlink(options.control_path); diff --git a/crypto/openssh/clientloop.h b/crypto/openssh/clientloop.h index 52115db6e..3bb794879 100644 --- a/crypto/openssh/clientloop.h +++ b/crypto/openssh/clientloop.h @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.h,v 1.25 2010/06/25 23:15:36 djm Exp $ */ +/* $OpenBSD: clientloop.h,v 1.29 2011/09/09 22:46:44 djm Exp $ */ /* * Author: Tatu Ylonen @@ -45,6 +45,7 @@ void client_global_request_reply_fwd(int, u_int32_t, void *); void client_session2_setup(int, int, int, const char *, struct termios *, int, Buffer *, char **); int client_request_tun_fwd(int, int, int); +void client_stop_mux(void); /* Escape filter for protocol 2 sessions */ void *client_new_escape_filter_ctx(int); @@ -55,6 +56,10 @@ int client_simple_escape_filter(Channel *, char *, int); typedef void global_confirm_cb(int, u_int32_t seq, void *); void client_register_global_confirm(global_confirm_cb *, void *); +/* Channel request confirmation callbacks */ +enum confirm_action { CONFIRM_WARN = 0, CONFIRM_CLOSE, CONFIRM_TTY }; +void client_expect_confirm(int, const char *, enum confirm_action); + /* Multiplexing protocol version */ #define SSHMUX_VER 4 @@ -64,7 +69,11 @@ void client_register_global_confirm(global_confirm_cb *, void *); #define SSHMUX_COMMAND_TERMINATE 3 /* Ask master to exit */ #define SSHMUX_COMMAND_STDIO_FWD 4 /* Open stdio fwd (ssh -W) */ #define SSHMUX_COMMAND_FORWARD 5 /* Forward only, no command */ +#define SSHMUX_COMMAND_STOP 6 /* Disable mux but not conn */ +#define SSHMUX_COMMAND_CANCEL_FWD 7 /* Cancel forwarding(s) */ void muxserver_listen(void); void muxclient(const char *); void mux_exit_message(Channel *, int); +void mux_tty_alloc_failed(Channel *); + diff --git a/crypto/openssh/compat.c b/crypto/openssh/compat.c index d685f6dc9..c6b0c9500 100644 --- a/crypto/openssh/compat.c +++ b/crypto/openssh/compat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.78 2008/09/11 14:22:37 markus Exp $ */ +/* $OpenBSD: compat.c,v 1.79 2011/09/23 07:45:05 markus Exp $ */ /* $FreeBSD$ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. @@ -93,6 +93,7 @@ compat_datafellows(const char *version) { "OpenSSH_3.*", SSH_OLD_FORWARD_ADDR }, { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, { "OpenSSH_4*", 0 }, + { "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT}, { "OpenSSH*", SSH_NEW_OPENSSH }, { "*MindTerm*", 0 }, { "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| diff --git a/crypto/openssh/compat.h b/crypto/openssh/compat.h index 57f38f5f9..6db85ead1 100644 --- a/crypto/openssh/compat.h +++ b/crypto/openssh/compat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.h,v 1.42 2008/09/11 14:22:37 markus Exp $ */ +/* $OpenBSD: compat.h,v 1.43 2011/09/23 07:45:05 markus Exp $ */ /* $FreeBSD$ */ /* @@ -59,6 +59,7 @@ #define SSH_OLD_FORWARD_ADDR 0x01000000 #define SSH_BUG_RFWD_ADDR 0x02000000 #define SSH_NEW_OPENSSH 0x04000000 +#define SSH_BUG_DYNAMIC_RPORT 0x08000000 #define SSH_BUG_LARGEWINDOW 0x08000000 void enable_compat13(void); diff --git a/crypto/openssh/config.guess b/crypto/openssh/config.guess index c2246a4f7..78553c4ea 100755 --- a/crypto/openssh/config.guess +++ b/crypto/openssh/config.guess @@ -1,10 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 -# Free Software Foundation, Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, +# 2011 Free Software Foundation, Inc. -timestamp='2009-12-30' +timestamp='2011-01-23' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -57,7 +57,7 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO @@ -270,7 +270,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - exit ;; + # Reset EXIT trap before exiting to avoid spurious non-zero exit code. + exitcode=$? + trap '' 0 + exit $exitcode ;; Alpha\ *:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # Should we change UNAME_MACHINE based on the output of uname instead @@ -552,7 +555,7 @@ EOF echo rs6000-ibm-aix3.2 fi exit ;; - *:AIX:*:[456]) + *:AIX:*:[4567]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 @@ -968,6 +971,9 @@ EOF sparc:Linux:*:* | sparc64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; + tile*:Linux:*:*) + echo ${UNAME_MACHINE}-tilera-linux-gnu + exit ;; vax:Linux:*:*) echo ${UNAME_MACHINE}-dec-linux-gnu exit ;; @@ -1231,6 +1237,9 @@ EOF *:QNX:*:4*) echo i386-pc-qnx exit ;; + NEO-?:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk${UNAME_RELEASE} + exit ;; NSE-?:NONSTOP_KERNEL:*:*) echo nse-tandem-nsk${UNAME_RELEASE} exit ;; diff --git a/crypto/openssh/config.h b/crypto/openssh/config.h index de529cb60..a03d17c61 100644 --- a/crypto/openssh/config.h +++ b/crypto/openssh/config.h @@ -17,6 +17,9 @@ /* Define if your resolver libs need this for getrrsetbyname */ /* #undef BIND_8_COMPAT */ +/* The system has incomplete BSM API */ +/* #undef BROKEN_BSM_API */ + /* Define if cmsg_type is not passed correctly */ /* #undef BROKEN_CMSG_TYPE */ @@ -126,9 +129,6 @@ /* Enable for PKCS#11 support */ #define ENABLE_PKCS11 /**/ -/* Builtin PRNG command timeout */ -#define ENTROPY_TIMEOUT_MSEC 200 - /* File names may not contain backslash characters */ /* #undef FILESYSTEM_NO_BACKSLASH */ @@ -504,6 +504,9 @@ /* Define if HEADER.ad exists in arpa/nameser.h */ #define HAVE_HEADER_AD 1 +/* Define to 1 if you have the `HMAC_CTX_init' function. */ +#define HAVE_HMAC_CTX_INIT 1 + /* Define if you have ut_host in utmp.h */ /* #undef HAVE_HOST_IN_UTMP */ @@ -555,6 +558,9 @@ /* Define to 1 if you have the header file. */ /* #undef HAVE_LASTLOG_H */ +/* Define if you want ldns support */ +/* #undef HAVE_LDNS */ + /* Define to 1 if you have the header file. */ /* #undef HAVE_LIBAUDIT_H */ @@ -597,10 +603,19 @@ /* Define to 1 if you have the header file. */ #define HAVE_LIMITS_H 1 +/* Define to 1 if you have the header file. */ +/* #undef HAVE_LINUX_AUDIT_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_LINUX_FILTER_H */ + /* Define to 1 if you have the header file. */ /* #undef HAVE_LINUX_IF_TUN_H */ -/* Define if your libraries define login() */ +/* Define to 1 if you have the header file. */ +/* #undef HAVE_LINUX_SECCOMP_H */ + +/* Define to 1 if you have the `login' function. */ /* #undef HAVE_LOGIN */ /* Define to 1 if you have the header file. */ @@ -754,6 +769,9 @@ /* Define to 1 if you have the `recvmsg' function. */ #define HAVE_RECVMSG 1 +/* sys/resource.h has RLIMIT_NPROC */ +#define HAVE_RLIMIT_NPROC /**/ + /* Define to 1 if you have the header file. */ #define HAVE_RPC_TYPES_H 1 @@ -766,6 +784,12 @@ /* Define to 1 if you have the `RSA_get_default_method' function. */ #define HAVE_RSA_GET_DEFAULT_METHOD 1 +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SANDBOX_H */ + +/* Define to 1 if you have the `sandbox_init' function. */ +/* #undef HAVE_SANDBOX_INIT */ + /* define if you have sa_family_t data type */ #define HAVE_SA_FAMILY_T 1 @@ -799,6 +823,9 @@ /* Define to 1 if you have the `setgroups' function. */ #define HAVE_SETGROUPS 1 +/* Define to 1 if you have the `setlinebuf' function. */ +#define HAVE_SETLINEBUF 1 + /* Define to 1 if you have the `setlogin' function. */ #define HAVE_SETLOGIN 1 @@ -925,6 +952,9 @@ /* Define to 1 if you have the `strmode' function. */ #define HAVE_STRMODE 1 +/* Define to 1 if you have the `strnlen' function. */ +#define HAVE_STRNLEN 1 + /* Define to 1 if you have the `strnvis' function. */ /* #undef HAVE_STRNVIS */ @@ -1263,7 +1293,7 @@ from environment and PATH */ #define LOGIN_PROGRAM_FALLBACK "/usr/bin/login" -/* Set this to your mail directory if you don't have maillock.h */ +/* Set this to your mail directory if you do not have _PATH_MAILDIR */ /* #undef MAIL_DIRECTORY */ /* Define on *nto-qnx systems */ @@ -1336,12 +1366,30 @@ /* read(1) can return 0 for a non-closed fd */ /* #undef PTY_ZEROREAD */ +/* Sandbox using Darwin sandbox_init(3) */ +/* #undef SANDBOX_DARWIN */ + +/* no privsep sandboxing */ +/* #undef SANDBOX_NULL */ + +/* Sandbox using setrlimit(2) */ +#define SANDBOX_RLIMIT 1 + +/* Sandbox using seccomp filter */ +/* #undef SANDBOX_SECCOMP_FILTER */ + +/* setrlimit RLIMIT_FSIZE works */ +/* #undef SANDBOX_SKIP_RLIMIT_FSIZE */ + +/* Sandbox using systrace(4) */ +/* #undef SANDBOX_SYSTRACE */ + +/* Specify the system call convention in use */ +/* #undef SECCOMP_AUDIT_ARCH */ + /* Define if your platform breaks doing a seteuid before a setuid */ /* #undef SETEUID_BREAKS_SETUID */ -/* The size of `char', as computed by sizeof. */ -#define SIZEOF_CHAR 1 - /* The size of `int', as computed by sizeof. */ #define SIZEOF_INT 4 @@ -1469,14 +1517,23 @@ /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most significant byte first (like Motorola and SPARC, unlike Intel). */ -#if defined __BIG_ENDIAN__ -# define WORDS_BIGENDIAN 1 -#elif ! defined __LITTLE_ENDIAN__ -/* # undef WORDS_BIGENDIAN */ +#if defined AC_APPLE_UNIVERSAL_BUILD +# if defined __BIG_ENDIAN__ +# define WORDS_BIGENDIAN 1 +# endif +#else +# ifndef WORDS_BIGENDIAN +/* # undef WORDS_BIGENDIAN */ +# endif #endif /* Define if xauth is found in your path */ -/* #undef XAUTH_PATH */ +#define XAUTH_PATH "/usr/local/bin/xauth" + +/* Enable large inode numbers on Mac OS X 10.5. */ +#ifndef _DARWIN_USE_64_BIT_INODE +# define _DARWIN_USE_64_BIT_INODE 1 +#endif /* Number of bits in a file offset, on hosts where this is settable. */ /* #undef _FILE_OFFSET_BITS */ diff --git a/crypto/openssh/config.h.in b/crypto/openssh/config.h.in index e5c9379c8..2834a473d 100644 --- a/crypto/openssh/config.h.in +++ b/crypto/openssh/config.h.in @@ -1,5 +1,8 @@ /* config.h.in. Generated from configure.ac by autoheader. */ +/* Define if building universal (internal helper macro) */ +#undef AC_APPLE_UNIVERSAL_BUILD + /* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address */ #undef AIX_GETNAMEINFO_HACK @@ -13,6 +16,9 @@ /* Define if your resolver libs need this for getrrsetbyname */ #undef BIND_8_COMPAT +/* The system has incomplete BSM API */ +#undef BROKEN_BSM_API + /* Define if cmsg_type is not passed correctly */ #undef BROKEN_CMSG_TYPE @@ -122,9 +128,6 @@ /* Enable for PKCS#11 support */ #undef ENABLE_PKCS11 -/* Builtin PRNG command timeout */ -#undef ENTROPY_TIMEOUT_MSEC - /* File names may not contain backslash characters */ #undef FILESYSTEM_NO_BACKSLASH @@ -500,6 +503,9 @@ /* Define if HEADER.ad exists in arpa/nameser.h */ #undef HAVE_HEADER_AD +/* Define to 1 if you have the `HMAC_CTX_init' function. */ +#undef HAVE_HMAC_CTX_INIT + /* Define if you have ut_host in utmp.h */ #undef HAVE_HOST_IN_UTMP @@ -551,6 +557,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_LASTLOG_H +/* Define if you want ldns support */ +#undef HAVE_LDNS + /* Define to 1 if you have the header file. */ #undef HAVE_LIBAUDIT_H @@ -593,10 +602,19 @@ /* Define to 1 if you have the header file. */ #undef HAVE_LIMITS_H +/* Define to 1 if you have the header file. */ +#undef HAVE_LINUX_AUDIT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_LINUX_FILTER_H + /* Define to 1 if you have the header file. */ #undef HAVE_LINUX_IF_TUN_H -/* Define if your libraries define login() */ +/* Define to 1 if you have the header file. */ +#undef HAVE_LINUX_SECCOMP_H + +/* Define to 1 if you have the `login' function. */ #undef HAVE_LOGIN /* Define to 1 if you have the header file. */ @@ -750,6 +768,9 @@ /* Define to 1 if you have the `recvmsg' function. */ #undef HAVE_RECVMSG +/* sys/resource.h has RLIMIT_NPROC */ +#undef HAVE_RLIMIT_NPROC + /* Define to 1 if you have the header file. */ #undef HAVE_RPC_TYPES_H @@ -762,6 +783,12 @@ /* Define to 1 if you have the `RSA_get_default_method' function. */ #undef HAVE_RSA_GET_DEFAULT_METHOD +/* Define to 1 if you have the header file. */ +#undef HAVE_SANDBOX_H + +/* Define to 1 if you have the `sandbox_init' function. */ +#undef HAVE_SANDBOX_INIT + /* define if you have sa_family_t data type */ #undef HAVE_SA_FAMILY_T @@ -795,6 +822,9 @@ /* Define to 1 if you have the `setgroups' function. */ #undef HAVE_SETGROUPS +/* Define to 1 if you have the `setlinebuf' function. */ +#undef HAVE_SETLINEBUF + /* Define to 1 if you have the `setlogin' function. */ #undef HAVE_SETLOGIN @@ -921,6 +951,9 @@ /* Define to 1 if you have the `strmode' function. */ #undef HAVE_STRMODE +/* Define to 1 if you have the `strnlen' function. */ +#undef HAVE_STRNLEN + /* Define to 1 if you have the `strnvis' function. */ #undef HAVE_STRNVIS @@ -948,13 +981,13 @@ /* define if you have struct sockaddr_in6 data type */ #undef HAVE_STRUCT_SOCKADDR_IN6 -/* Define to 1 if `sin6_scope_id' is member of `struct sockaddr_in6'. */ +/* Define to 1 if `sin6_scope_id' is a member of `struct sockaddr_in6'. */ #undef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID /* define if you have struct sockaddr_storage data type */ #undef HAVE_STRUCT_SOCKADDR_STORAGE -/* Define to 1 if `st_blksize' is member of `struct stat'. */ +/* Define to 1 if `st_blksize' is a member of `struct stat'. */ #undef HAVE_STRUCT_STAT_ST_BLKSIZE /* Define to 1 if the system has the type `struct timespec'. */ @@ -1259,7 +1292,7 @@ from environment and PATH */ #undef LOGIN_PROGRAM_FALLBACK -/* Set this to your mail directory if you don't have maillock.h */ +/* Set this to your mail directory if you do not have _PATH_MAILDIR */ #undef MAIL_DIRECTORY /* Define on *nto-qnx systems */ @@ -1307,6 +1340,9 @@ /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME +/* Define to the home page for this package. */ +#undef PACKAGE_URL + /* Define to the version of this package. */ #undef PACKAGE_VERSION @@ -1329,12 +1365,30 @@ /* read(1) can return 0 for a non-closed fd */ #undef PTY_ZEROREAD +/* Sandbox using Darwin sandbox_init(3) */ +#undef SANDBOX_DARWIN + +/* no privsep sandboxing */ +#undef SANDBOX_NULL + +/* Sandbox using setrlimit(2) */ +#undef SANDBOX_RLIMIT + +/* Sandbox using seccomp filter */ +#undef SANDBOX_SECCOMP_FILTER + +/* setrlimit RLIMIT_FSIZE works */ +#undef SANDBOX_SKIP_RLIMIT_FSIZE + +/* Sandbox using systrace(4) */ +#undef SANDBOX_SYSTRACE + +/* Specify the system call convention in use */ +#undef SECCOMP_AUDIT_ARCH + /* Define if your platform breaks doing a seteuid before a setuid */ #undef SETEUID_BREAKS_SETUID -/* The size of `char', as computed by sizeof. */ -#undef SIZEOF_CHAR - /* The size of `int', as computed by sizeof. */ #undef SIZEOF_INT @@ -1460,9 +1514,17 @@ /* Define if you want SELinux support. */ #undef WITH_SELINUX -/* Define to 1 if your processor stores words with the most significant byte - first (like Motorola and SPARC, unlike Intel and VAX). */ -#undef WORDS_BIGENDIAN +/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel). */ +#if defined AC_APPLE_UNIVERSAL_BUILD +# if defined __BIG_ENDIAN__ +# define WORDS_BIGENDIAN 1 +# endif +#else +# ifndef WORDS_BIGENDIAN +# undef WORDS_BIGENDIAN +# endif +#endif /* Define if xauth is found in your path */ #undef XAUTH_PATH diff --git a/crypto/openssh/defines.h b/crypto/openssh/defines.h index b67cf467d..53f83a142 100644 --- a/crypto/openssh/defines.h +++ b/crypto/openssh/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.165 2011/05/05 01:19:15 djm Exp $ */ +/* $Id: defines.h,v 1.169 2012/02/15 04:13:06 tim Exp $ */ /* Constants */ @@ -87,6 +87,12 @@ enum # define IPTOS_DSCP_EF 0xb8 #endif /* IPTOS_DSCP_EF */ +#ifndef PATH_MAX +# ifdef _POSIX_PATH_MAX +# define PATH_MAX _POSIX_PATH_MAX +# endif +#endif + #ifndef MAXPATHLEN # ifdef PATH_MAX # define MAXPATHLEN PATH_MAX @@ -99,12 +105,6 @@ enum # endif /* PATH_MAX */ #endif /* MAXPATHLEN */ -#ifndef PATH_MAX -# ifdef _POSIX_PATH_MAX -# define PATH_MAX _POSIX_PATH_MAX -# endif -#endif - #if defined(HAVE_DECL_MAXSYMLINKS) && HAVE_DECL_MAXSYMLINKS == 0 # define MAXSYMLINKS 5 #endif @@ -131,6 +131,10 @@ enum # define O_NONBLOCK 00004 /* Non Blocking Open */ #endif +#ifndef S_IFSOCK +# define S_IFSOCK 0 +#endif /* S_IFSOCK */ + #ifndef S_ISDIR # define S_ISDIR(mode) (((mode) & (_S_IFMT)) == (_S_IFDIR)) #endif /* S_ISDIR */ @@ -190,11 +194,7 @@ typedef unsigned int u_int; #endif #ifndef HAVE_INTXX_T -# if (SIZEOF_CHAR == 1) -typedef char int8_t; -# else -# error "8 bit int type not found." -# endif +typedef signed char int8_t; # if (SIZEOF_SHORT_INT == 2) typedef short int int16_t; # else @@ -385,18 +385,15 @@ struct winsize { # define _PATH_DEVNULL "/dev/null" #endif -#ifndef MAIL_DIRECTORY -# define MAIL_DIRECTORY "/var/spool/mail" -#endif +/* user may have set a different path */ +#if defined(_PATH_MAILDIR) && defined(MAIL_DIRECTORY) +# undef _PATH_MAILDIR MAILDIR +#endif /* defined(_PATH_MAILDIR) && defined(MAIL_DIRECTORY) */ -#ifndef MAILDIR -# define MAILDIR MAIL_DIRECTORY +#ifdef MAIL_DIRECTORY +# define _PATH_MAILDIR MAIL_DIRECTORY #endif -#if !defined(_PATH_MAILDIR) && defined(MAILDIR) -# define _PATH_MAILDIR MAILDIR -#endif /* !defined(_PATH_MAILDIR) && defined(MAILDIR) */ - #ifndef _PATH_NOLOGIN # define _PATH_NOLOGIN "/etc/nologin" #endif diff --git a/crypto/openssh/dh.c b/crypto/openssh/dh.c index b9029d867..d943ca1e1 100644 --- a/crypto/openssh/dh.c +++ b/crypto/openssh/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.48 2009/10/01 11:37:33 grunk Exp $ */ +/* $OpenBSD: dh.c,v 1.49 2011/12/07 05:44:38 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -236,6 +236,8 @@ dh_gen_key(DH *dh, int need) { int i, bits_set, tries = 0; + if (need < 0) + fatal("dh_gen_key: need < 0"); if (dh->p == NULL) fatal("dh_gen_key: dh->p == NULL"); if (need > INT_MAX / 2 || 2 * need >= BN_num_bits(dh->p)) diff --git a/crypto/openssh/dns.c b/crypto/openssh/dns.c index 131cb3d8b..9e3084ba5 100644 --- a/crypto/openssh/dns.c +++ b/crypto/openssh/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.27 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: dns.c,v 1.28 2012/05/23 03:28:28 djm Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -78,27 +78,46 @@ dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type, u_char **digest, u_int *digest_len, Key *key) { int success = 0; + enum fp_type fp_type = 0; switch (key->type) { case KEY_RSA: *algorithm = SSHFP_KEY_RSA; + if (!*digest_type) + *digest_type = SSHFP_HASH_SHA1; break; case KEY_DSA: *algorithm = SSHFP_KEY_DSA; + if (!*digest_type) + *digest_type = SSHFP_HASH_SHA1; + break; + case KEY_ECDSA: + *algorithm = SSHFP_KEY_ECDSA; + if (!*digest_type) + *digest_type = SSHFP_HASH_SHA256; break; - /* XXX KEY_ECDSA */ default: *algorithm = SSHFP_KEY_RESERVED; /* 0 */ + *digest_type = SSHFP_HASH_RESERVED; /* 0 */ + } + + switch (*digest_type) { + case SSHFP_HASH_SHA1: + fp_type = SSH_FP_SHA1; + break; + case SSHFP_HASH_SHA256: + fp_type = SSH_FP_SHA256; + break; + default: + *digest_type = SSHFP_HASH_RESERVED; /* 0 */ } - if (*algorithm) { - *digest_type = SSHFP_HASH_SHA1; - *digest = key_fingerprint_raw(key, SSH_FP_SHA1, digest_len); + if (*algorithm && *digest_type) { + *digest = key_fingerprint_raw(key, fp_type, digest_len); if (*digest == NULL) fatal("dns_read_key: null from key_fingerprint_raw()"); success = 1; } else { - *digest_type = SSHFP_HASH_RESERVED; *digest = NULL; *digest_len = 0; success = 0; @@ -180,7 +199,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, struct rrsetinfo *fingerprints = NULL; u_int8_t hostkey_algorithm; - u_int8_t hostkey_digest_type; + u_int8_t hostkey_digest_type = SSHFP_HASH_RESERVED; u_char *hostkey_digest; u_int hostkey_digest_len; @@ -216,7 +235,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, fingerprints->rri_nrdatas); } - /* Initialize host key parameters */ + /* Initialize default host key parameters */ if (!dns_read_key(&hostkey_algorithm, &hostkey_digest_type, &hostkey_digest, &hostkey_digest_len, hostkey)) { error("Error calculating host key fingerprint."); @@ -240,16 +259,27 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, continue; } + if (hostkey_digest_type != dnskey_digest_type) { + hostkey_digest_type = dnskey_digest_type; + xfree(hostkey_digest); + + /* Initialize host key parameters */ + if (!dns_read_key(&hostkey_algorithm, + &hostkey_digest_type, &hostkey_digest, + &hostkey_digest_len, hostkey)) { + error("Error calculating key fingerprint."); + freerrset(fingerprints); + return -1; + } + } + /* Check if the current key is the same as the given key */ if (hostkey_algorithm == dnskey_algorithm && hostkey_digest_type == dnskey_digest_type) { - if (hostkey_digest_len == dnskey_digest_len && - memcmp(hostkey_digest, dnskey_digest, - hostkey_digest_len) == 0) { - + timingsafe_bcmp(hostkey_digest, dnskey_digest, + hostkey_digest_len) == 0) *flags |= DNS_VERIFY_MATCH; - } } xfree(dnskey_digest); } @@ -275,31 +305,36 @@ int export_dns_rr(const char *hostname, Key *key, FILE *f, int generic) { u_int8_t rdata_pubkey_algorithm = 0; - u_int8_t rdata_digest_type = SSHFP_HASH_SHA1; + u_int8_t rdata_digest_type = SSHFP_HASH_RESERVED; + u_int8_t dtype; u_char *rdata_digest; - u_int rdata_digest_len; - - u_int i; + u_int i, rdata_digest_len; int success = 0; - if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, - &rdata_digest, &rdata_digest_len, key)) { - - if (generic) - fprintf(f, "%s IN TYPE%d \\# %d %02x %02x ", hostname, - DNS_RDATATYPE_SSHFP, 2 + rdata_digest_len, - rdata_pubkey_algorithm, rdata_digest_type); - else - fprintf(f, "%s IN SSHFP %d %d ", hostname, - rdata_pubkey_algorithm, rdata_digest_type); + for (dtype = SSHFP_HASH_SHA1; dtype < SSHFP_HASH_MAX; dtype++) { + rdata_digest_type = dtype; + if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, + &rdata_digest, &rdata_digest_len, key)) { + if (generic) { + fprintf(f, "%s IN TYPE%d \\# %d %02x %02x ", + hostname, DNS_RDATATYPE_SSHFP, + 2 + rdata_digest_len, + rdata_pubkey_algorithm, rdata_digest_type); + } else { + fprintf(f, "%s IN SSHFP %d %d ", hostname, + rdata_pubkey_algorithm, rdata_digest_type); + } + for (i = 0; i < rdata_digest_len; i++) + fprintf(f, "%02x", rdata_digest[i]); + fprintf(f, "\n"); + xfree(rdata_digest); /* from key_fingerprint_raw() */ + success = 1; + } + } - for (i = 0; i < rdata_digest_len; i++) - fprintf(f, "%02x", rdata_digest[i]); - fprintf(f, "\n"); - xfree(rdata_digest); /* from key_fingerprint_raw() */ - success = 1; - } else { - error("export_dns_rr: unsupported algorithm"); + /* No SSHFP record was generated at all */ + if (success == 0) { + error("%s: unsupported algorithm and/or digest_type", __func__); } return success; diff --git a/crypto/openssh/dns.h b/crypto/openssh/dns.h index 90cfd7b92..d5f428177 100644 --- a/crypto/openssh/dns.h +++ b/crypto/openssh/dns.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.h,v 1.11 2010/02/26 20:29:54 djm Exp $ */ +/* $OpenBSD: dns.h,v 1.12 2012/05/23 03:28:28 djm Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -29,14 +29,17 @@ #define DNS_H enum sshfp_types { - SSHFP_KEY_RESERVED, - SSHFP_KEY_RSA, - SSHFP_KEY_DSA + SSHFP_KEY_RESERVED = 0, + SSHFP_KEY_RSA = 1, + SSHFP_KEY_DSA = 2, + SSHFP_KEY_ECDSA = 3 }; enum sshfp_hashes { - SSHFP_HASH_RESERVED, - SSHFP_HASH_SHA1 + SSHFP_HASH_RESERVED = 0, + SSHFP_HASH_SHA1 = 1, + SSHFP_HASH_SHA256 = 2, + SSHFP_HASH_MAX = 3 }; #define DNS_RDATACLASS_IN 1 diff --git a/crypto/openssh/entropy.c b/crypto/openssh/entropy.c index a650351da..2d483b391 100644 --- a/crypto/openssh/entropy.c +++ b/crypto/openssh/entropy.c @@ -25,19 +25,19 @@ #include "includes.h" #include -#include - -#ifdef HAVE_SYS_STAT_H -# include +#include +#ifdef HAVE_SYS_UN_H +# include #endif -#ifdef HAVE_FCNTL_H -# include -#endif -#include -#include +#include +#include + +#include #include +#include #include +#include /* for offsetof */ #include #include @@ -54,119 +54,128 @@ /* * Portable OpenSSH PRNG seeding: * If OpenSSL has not "internally seeded" itself (e.g. pulled data from - * /dev/random), then we execute a "ssh-rand-helper" program which - * collects entropy and writes it to stdout. The child program must - * write at least RANDOM_SEED_SIZE bytes. The child is run with stderr - * attached, so error/debugging output should be visible. - * - * XXX: we should tell the child how many bytes we need. + * /dev/random), then collect RANDOM_SEED_SIZE bytes of randomness from + * PRNGd. */ - #ifndef OPENSSL_PRNG_ONLY + #define RANDOM_SEED_SIZE 48 -static uid_t original_uid, original_euid; -#endif -void -seed_rng(void) +/* + * Collect 'len' bytes of entropy into 'buf' from PRNGD/EGD daemon + * listening either on 'tcp_port', or via Unix domain socket at * + * 'socket_path'. + * Either a non-zero tcp_port or a non-null socket_path must be + * supplied. + * Returns 0 on success, -1 on error + */ +int +get_random_bytes_prngd(unsigned char *buf, int len, + unsigned short tcp_port, char *socket_path) { -#ifndef OPENSSL_PRNG_ONLY - int devnull; - int p[2]; - pid_t pid; - int ret; - unsigned char buf[RANDOM_SEED_SIZE]; - mysig_t old_sigchld; + int fd, addr_len, rval, errors; + u_char msg[2]; + struct sockaddr_storage addr; + struct sockaddr_in *addr_in = (struct sockaddr_in *)&addr; + struct sockaddr_un *addr_un = (struct sockaddr_un *)&addr; + mysig_t old_sigpipe; + + /* Sanity checks */ + if (socket_path == NULL && tcp_port == 0) + fatal("You must specify a port or a socket"); + if (socket_path != NULL && + strlen(socket_path) >= sizeof(addr_un->sun_path)) + fatal("Random pool path is too long"); + if (len <= 0 || len > 255) + fatal("Too many bytes (%d) to read from PRNGD", len); + + memset(&addr, '\0', sizeof(addr)); + + if (tcp_port != 0) { + addr_in->sin_family = AF_INET; + addr_in->sin_addr.s_addr = htonl(INADDR_LOOPBACK); + addr_in->sin_port = htons(tcp_port); + addr_len = sizeof(*addr_in); + } else { + addr_un->sun_family = AF_UNIX; + strlcpy(addr_un->sun_path, socket_path, + sizeof(addr_un->sun_path)); + addr_len = offsetof(struct sockaddr_un, sun_path) + + strlen(socket_path) + 1; + } - if (RAND_status() == 1) { - debug3("RNG is ready, skipping seeding"); - return; + old_sigpipe = mysignal(SIGPIPE, SIG_IGN); + + errors = 0; + rval = -1; +reopen: + fd = socket(addr.ss_family, SOCK_STREAM, 0); + if (fd == -1) { + error("Couldn't create socket: %s", strerror(errno)); + goto done; } - debug3("Seeding PRNG from %s", SSH_RAND_HELPER); - - if ((devnull = open("/dev/null", O_RDWR)) == -1) - fatal("Couldn't open /dev/null: %s", strerror(errno)); - if (pipe(p) == -1) - fatal("pipe: %s", strerror(errno)); - - old_sigchld = signal(SIGCHLD, SIG_DFL); - if ((pid = fork()) == -1) - fatal("Couldn't fork: %s", strerror(errno)); - if (pid == 0) { - dup2(devnull, STDIN_FILENO); - dup2(p[1], STDOUT_FILENO); - /* Keep stderr open for errors */ - close(p[0]); - close(p[1]); - close(devnull); - closefrom(STDERR_FILENO + 1); - - if (original_uid != original_euid && - ( seteuid(getuid()) == -1 || - setuid(original_uid) == -1) ) { - fprintf(stderr, "(rand child) setuid(%li): %s\n", - (long int)original_uid, strerror(errno)); - _exit(1); + if (connect(fd, (struct sockaddr*)&addr, addr_len) == -1) { + if (tcp_port != 0) { + error("Couldn't connect to PRNGD port %d: %s", + tcp_port, strerror(errno)); + } else { + error("Couldn't connect to PRNGD socket \"%s\": %s", + addr_un->sun_path, strerror(errno)); } - - execl(SSH_RAND_HELPER, "ssh-rand-helper", NULL); - fprintf(stderr, "(rand child) Couldn't exec '%s': %s\n", - SSH_RAND_HELPER, strerror(errno)); - _exit(1); + goto done; } - close(devnull); - close(p[1]); + /* Send blocking read request to PRNGD */ + msg[0] = 0x02; + msg[1] = len; - memset(buf, '\0', sizeof(buf)); - ret = atomicio(read, p[0], buf, sizeof(buf)); - if (ret == -1) - fatal("Couldn't read from ssh-rand-helper: %s", + if (atomicio(vwrite, fd, msg, sizeof(msg)) != sizeof(msg)) { + if (errno == EPIPE && errors < 10) { + close(fd); + errors++; + goto reopen; + } + error("Couldn't write to PRNGD socket: %s", strerror(errno)); - if (ret != sizeof(buf)) - fatal("ssh-rand-helper child produced insufficient data"); - - close(p[0]); + goto done; + } - if (waitpid(pid, &ret, 0) == -1) - fatal("Couldn't wait for ssh-rand-helper completion: %s", + if (atomicio(read, fd, buf, len) != (size_t)len) { + if (errno == EPIPE && errors < 10) { + close(fd); + errors++; + goto reopen; + } + error("Couldn't read from PRNGD socket: %s", strerror(errno)); - signal(SIGCHLD, old_sigchld); - - /* We don't mind if the child exits upon a SIGPIPE */ - if (!WIFEXITED(ret) && - (!WIFSIGNALED(ret) || WTERMSIG(ret) != SIGPIPE)) - fatal("ssh-rand-helper terminated abnormally"); - if (WEXITSTATUS(ret) != 0) - fatal("ssh-rand-helper exit with exit status %d", ret); - - RAND_add(buf, sizeof(buf), sizeof(buf)); - memset(buf, '\0', sizeof(buf)); + goto done; + } -#endif /* OPENSSL_PRNG_ONLY */ - if (RAND_status() != 1) - fatal("PRNG is not seeded"); + rval = 0; +done: + mysignal(SIGPIPE, old_sigpipe); + if (fd != -1) + close(fd); + return rval; } -void -init_rng(void) +static int +seed_from_prngd(unsigned char *buf, size_t bytes) { - /* - * OpenSSL version numbers: MNNFFPPS: major minor fix patch status - * We match major, minor, fix and status (not patch) - */ - if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) - fatal("OpenSSL version mismatch. Built against %lx, you " - "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); - -#ifndef OPENSSL_PRNG_ONLY - original_uid = getuid(); - original_euid = geteuid(); +#ifdef PRNGD_PORT + debug("trying egd/prngd port %d", PRNGD_PORT); + if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == 0) + return 0; #endif +#ifdef PRNGD_SOCKET + debug("trying egd/prngd socket %s", PRNGD_SOCKET); + if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == 0) + return 0; +#endif + return -1; } -#ifndef OPENSSL_PRNG_ONLY void rexec_send_rng_seed(Buffer *m) { @@ -192,4 +201,39 @@ rexec_recv_rng_seed(Buffer *m) RAND_add(buf, len, len); } } +#endif /* OPENSSL_PRNG_ONLY */ + +void +seed_rng(void) +{ +#ifndef OPENSSL_PRNG_ONLY + unsigned char buf[RANDOM_SEED_SIZE]; #endif + /* + * OpenSSL version numbers: MNNFFPPS: major minor fix patch status + * We match major, minor, fix and status (not patch) for <1.0.0. + * After that, we acceptable compatible fix versions (so we + * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed + * within a patch series. + */ + u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L; + if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) || + (SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12)) + fatal("OpenSSL version mismatch. Built against %lx, you " + "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); + +#ifndef OPENSSL_PRNG_ONLY + if (RAND_status() == 1) { + debug3("RNG is ready, skipping seeding"); + return; + } + + if (seed_from_prngd(buf, sizeof(buf)) == -1) + fatal("Could not obtain seed from PRNGd"); + RAND_add(buf, sizeof(buf), sizeof(buf)); + memset(buf, '\0', sizeof(buf)); + +#endif /* OPENSSL_PRNG_ONLY */ + if (RAND_status() != 1) + fatal("PRNG is not seeded"); +} diff --git a/crypto/openssh/entropy.h b/crypto/openssh/entropy.h index ec1ebcc57..c3d78dbad 100644 --- a/crypto/openssh/entropy.h +++ b/crypto/openssh/entropy.h @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: entropy.h,v 1.5 2005/09/27 12:46:32 dtucker Exp $ */ +/* $Id: entropy.h,v 1.6 2011/09/09 01:29:41 dtucker Exp $ */ #ifndef _RANDOMS_H #define _RANDOMS_H @@ -30,7 +30,6 @@ #include "buffer.h" void seed_rng(void); -void init_rng(void); void rexec_send_rng_seed(Buffer *); void rexec_recv_rng_seed(Buffer *); diff --git a/crypto/openssh/gss-serv.c b/crypto/openssh/gss-serv.c index 2ec7ea19c..c719c1306 100644 --- a/crypto/openssh/gss-serv.c +++ b/crypto/openssh/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.22 2008/05/08 12:02:23 djm Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.23 2011/08/01 19:18:15 markus Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -229,6 +229,8 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) name->length = get_u32(tok+offset); offset += 4; + if (UINT_MAX - offset < name->length) + return GSS_S_FAILURE; if (ename->length < offset+name->length) return GSS_S_FAILURE; diff --git a/crypto/openssh/jpake.c b/crypto/openssh/jpake.c index ac9a4bc34..b010dafaa 100644 --- a/crypto/openssh/jpake.c +++ b/crypto/openssh/jpake.c @@ -1,4 +1,4 @@ -/* $OpenBSD: jpake.c,v 1.6 2010/09/20 04:54:07 djm Exp $ */ +/* $OpenBSD: jpake.c,v 1.7 2012/06/18 11:43:53 dtucker Exp $ */ /* * Copyright (c) 2008 Damien Miller. All rights reserved. * @@ -133,7 +133,7 @@ jpake_free(struct jpake_ctx *pctx) #undef JPAKE_BN_CLEAR_FREE #undef JPAKE_BUF_CLEAR_FREE - bzero(pctx, sizeof(pctx)); + bzero(pctx, sizeof(*pctx)); xfree(pctx); } diff --git a/crypto/openssh/kex.c b/crypto/openssh/kex.c index ca3c4206a..3a30b9b62 100644 --- a/crypto/openssh/kex.c +++ b/crypto/openssh/kex.c @@ -91,7 +91,7 @@ kex_names_valid(const char *names) return 1; } -/* Put algorithm proposal into buffer. */ +/* put algorithm proposal into buffer. */ #ifndef NONE_CIPHER_ENABLED static void #else @@ -457,13 +457,13 @@ kex_choose_conf(Kex *kex) #ifdef NONE_CIPHER_ENABLED debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name); if (strcmp(newkeys->enc.name, "none") == 0) { - debug("Requesting NONE. Authflag is %d", auth_flag); + debug("Requesting NONE. Authflag is %d", auth_flag); if (auth_flag == 1) debug("None requested post authentication."); else fatal("Pre-authentication none cipher requests " "are not allowed."); - } + } #endif debug("kex: %s %s %s %s", ctos ? "client->server" : "server->client", diff --git a/crypto/openssh/key.c b/crypto/openssh/key.c index e3a305e66..7e9099703 100644 --- a/crypto/openssh/key.c +++ b/crypto/openssh/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.96 2011/02/04 00:44:21 djm Exp $ */ +/* $OpenBSD: key.c,v 1.99 2012/05/23 03:28:28 djm Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -342,6 +342,11 @@ key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length) case SSH_FP_SHA1: md = EVP_sha1(); break; +#ifdef HAVE_EVP_SHA256 + case SSH_FP_SHA256: + md = EVP_sha256(); + break; +#endif default: fatal("key_fingerprint_raw: bad digest type %d", dgst_type); @@ -1356,11 +1361,6 @@ cert_parse(Buffer *b, Key *key, const u_char *blob, u_int blen) goto out; } - if (kidlen != strlen(key->cert->key_id)) { - error("%s: key ID contains \\0 character", __func__); - goto out; - } - /* Signature is left in the buffer so we can calculate this length */ signed_len = buffer_len(&key->cert->certblob) - buffer_len(b); @@ -1817,6 +1817,9 @@ key_to_certified(Key *k, int legacy) k->type = legacy ? KEY_DSA_CERT_V00 : KEY_DSA_CERT; return 0; case KEY_ECDSA: + if (legacy) + fatal("%s: legacy ECDSA certificates are not supported", + __func__); k->cert = cert_new(); k->type = KEY_ECDSA_CERT; return 0; diff --git a/crypto/openssh/key.h b/crypto/openssh/key.h index ec5ac5eb8..39e5577f6 100644 --- a/crypto/openssh/key.h +++ b/crypto/openssh/key.h @@ -1,4 +1,4 @@ -/* $OpenBSD: key.h,v 1.33 2010/10/28 11:22:09 djm Exp $ */ +/* $OpenBSD: key.h,v 1.34 2012/05/23 03:28:28 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -48,7 +48,8 @@ enum types { }; enum fp_type { SSH_FP_SHA1, - SSH_FP_MD5 + SSH_FP_MD5, + SSH_FP_SHA256 }; enum fp_rep { SSH_FP_HEX, diff --git a/crypto/openssh/log.c b/crypto/openssh/log.c index 4a8239b93..ad5a10b47 100644 --- a/crypto/openssh/log.c +++ b/crypto/openssh/log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: log.c,v 1.41 2008/06/10 04:50:25 dtucker Exp $ */ +/* $OpenBSD: log.c,v 1.42 2011/06/17 21:44:30 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -56,6 +56,8 @@ static LogLevel log_level = SYSLOG_LEVEL_INFO; static int log_on_stderr = 1; static int log_facility = LOG_AUTH; static char *argv0; +static log_handler_fn *log_handler; +static void *log_handler_ctx; extern char *__progname; @@ -260,6 +262,9 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) exit(1); } + log_handler = NULL; + log_handler_ctx = NULL; + log_on_stderr = on_stderr; if (on_stderr) return; @@ -326,6 +331,23 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) #define MSGBUFSIZ 1024 +void +set_log_handler(log_handler_fn *handler, void *ctx) +{ + log_handler = handler; + log_handler_ctx = ctx; +} + +void +do_log2(LogLevel level, const char *fmt,...) +{ + va_list args; + + va_start(args, fmt); + do_log(level, fmt, args); + va_end(args); +} + void do_log(LogLevel level, const char *fmt, va_list args) { @@ -337,6 +359,7 @@ do_log(LogLevel level, const char *fmt, va_list args) char *txt = NULL; int pri = LOG_INFO; int saved_errno = errno; + log_handler_fn *tmp_handler; if (level > log_level) return; @@ -375,7 +398,7 @@ do_log(LogLevel level, const char *fmt, va_list args) pri = LOG_ERR; break; } - if (txt != NULL) { + if (txt != NULL && log_handler == NULL) { snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", txt, fmt); vsnprintf(msgbuf, sizeof(msgbuf), fmtbuf, args); } else { @@ -383,7 +406,13 @@ do_log(LogLevel level, const char *fmt, va_list args) } strnvis(fmtbuf, msgbuf, sizeof(fmtbuf), log_on_stderr ? LOG_STDERR_VIS : LOG_SYSLOG_VIS); - if (log_on_stderr) { + if (log_handler != NULL) { + /* Avoid recursion */ + tmp_handler = log_handler; + log_handler = NULL; + tmp_handler(level, fmtbuf, log_handler_ctx); + log_handler = tmp_handler; + } else if (log_on_stderr) { snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf); write(STDERR_FILENO, msgbuf, strlen(msgbuf)); } else { diff --git a/crypto/openssh/log.h b/crypto/openssh/log.h index 650582791..1b8d2142b 100644 --- a/crypto/openssh/log.h +++ b/crypto/openssh/log.h @@ -1,4 +1,4 @@ -/* $OpenBSD: log.h,v 1.17 2008/06/13 00:12:02 dtucker Exp $ */ +/* $OpenBSD: log.h,v 1.18 2011/06/17 21:44:30 djm Exp $ */ /* * Author: Tatu Ylonen @@ -46,6 +46,8 @@ typedef enum { SYSLOG_LEVEL_NOT_SET = -1 } LogLevel; +typedef void (log_handler_fn)(LogLevel, const char *, void *); + void log_init(char *, LogLevel, SyslogFacility, int); SyslogFacility log_facility_number(char *); @@ -64,6 +66,10 @@ void debug(const char *, ...) __attribute__((format(printf, 1, 2))); void debug2(const char *, ...) __attribute__((format(printf, 1, 2))); void debug3(const char *, ...) __attribute__((format(printf, 1, 2))); + +void set_log_handler(log_handler_fn *, void *); +void do_log2(LogLevel, const char *, ...) + __attribute__((format(printf, 2, 3))); void do_log(LogLevel, const char *, va_list); void cleanup_exit(int) __attribute__((noreturn)); #endif diff --git a/crypto/openssh/loginrec.c b/crypto/openssh/loginrec.c index 0d0e807b6..32941c985 100644 --- a/crypto/openssh/loginrec.c +++ b/crypto/openssh/loginrec.c @@ -146,7 +146,6 @@ */ #include "includes.h" -__RCSID("$FreeBSD$"); #include #include @@ -516,10 +515,6 @@ getlast_entry(struct logininfo *li) return (utmpx_get_entry(li)); #endif -#if 1 - return (utmpx_get_entry(li)); -#endif - #if defined(DISABLE_LASTLOG) /* On some systems we shouldn't even try to obtain last login * time, e.g. AIX */ diff --git a/crypto/openssh/mac.c b/crypto/openssh/mac.c index fabc3ed66..9b450e4e2 100644 --- a/crypto/openssh/mac.c +++ b/crypto/openssh/mac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mac.c,v 1.15 2008/06/13 00:51:47 dtucker Exp $ */ +/* $OpenBSD: mac.c,v 1.18 2012/06/28 05:07:45 dtucker Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -44,6 +44,8 @@ #include "umac.h" +#include "openbsd-compat/openssl-compat.h" + #define SSH_EVP 1 /* OpenSSL EVP-based MAC */ #define SSH_UMAC 2 /* UMAC (not integrated with OpenSSL) */ @@ -57,6 +59,10 @@ struct { } macs[] = { { "hmac-sha1", SSH_EVP, EVP_sha1, 0, -1, -1 }, { "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, -1, -1 }, +#ifdef HAVE_EVP_SHA256 + { "hmac-sha2-256", SSH_EVP, EVP_sha256, 0, -1, -1 }, + { "hmac-sha2-512", SSH_EVP, EVP_sha512, 0, -1, -1 }, +#endif { "hmac-md5", SSH_EVP, EVP_md5, 0, -1, -1 }, { "hmac-md5-96", SSH_EVP, EVP_md5, 96, -1, -1 }, { "hmac-ripemd160", SSH_EVP, EVP_ripemd160, 0, -1, -1 }, @@ -110,6 +116,7 @@ mac_init(Mac *mac) case SSH_EVP: if (mac->evp_md == NULL) return -1; + HMAC_CTX_init(&mac->evp_ctx); HMAC_Init(&mac->evp_ctx, mac->key, mac->key_len, mac->evp_md); return 0; case SSH_UMAC: diff --git a/crypto/openssh/misc.c b/crypto/openssh/misc.c index 1fc3ae74c..d35472778 100644 --- a/crypto/openssh/misc.c +++ b/crypto/openssh/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.84 2010/11/21 01:01:13 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.86 2011/09/05 05:59:08 djm Exp $ */ /* $FreeBSD$ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -942,7 +942,7 @@ static const struct { { "af11", IPTOS_DSCP_AF11 }, { "af12", IPTOS_DSCP_AF12 }, { "af13", IPTOS_DSCP_AF13 }, - { "af14", IPTOS_DSCP_AF21 }, + { "af21", IPTOS_DSCP_AF21 }, { "af22", IPTOS_DSCP_AF22 }, { "af23", IPTOS_DSCP_AF23 }, { "af31", IPTOS_DSCP_AF31 }, @@ -986,6 +986,19 @@ parse_ipqos(const char *cp) return val; } +const char * +iptos2str(int iptos) +{ + int i; + static char iptos_str[sizeof "0xff"]; + + for (i = 0; ipqos[i].name != NULL; i++) { + if (ipqos[i].value == iptos) + return ipqos[i].name; + } + snprintf(iptos_str, sizeof iptos_str, "0x%02x", iptos); + return iptos_str; +} void sock_set_v6only(int s) { diff --git a/crypto/openssh/misc.h b/crypto/openssh/misc.h index 19149ed3f..5d3d0bd0f 100644 --- a/crypto/openssh/misc.h +++ b/crypto/openssh/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.47 2010/11/21 01:01:13 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.48 2011/03/29 18:54:17 stevesk Exp $ */ /* $FreeBSD$ */ /* @@ -91,6 +91,7 @@ void bandwidth_limit_init(struct bwlimit *, u_int64_t, size_t); void bandwidth_limit(struct bwlimit *, size_t); int parse_ipqos(const char *); +const char *iptos2str(int); void mktemp_proto(char *, size_t); /* readpass.c */ diff --git a/crypto/openssh/moduli b/crypto/openssh/moduli index 65d2814a6..3bb155de9 100644 --- a/crypto/openssh/moduli +++ b/crypto/openssh/moduli @@ -1,188 +1,269 @@ -# $OpenBSD: moduli,v 1.4 2008/01/01 08:51:20 dtucker Exp $ +# $OpenBSD: moduli,v 1.7 2012/07/20 00:39:57 dtucker Exp $ # Time Type Tests Tries Size Generator Modulus -20060827013849 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE261778F3 -20060827013906 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE261CC47B -20060827013924 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE2621AFA3 -20060827014045 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26551B8B -20060827014056 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26556A27 -20060827014115 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE265B7273 -20060827014137 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26644D77 -20060827014203 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26717773 -20060827014214 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26722EBB -20060827014312 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26961C8B -20060827014407 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26BA7BBF -20060827014418 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26BAC107 -20060827014436 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26C05207 -20060827014515 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26D48C73 -20060827014527 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26D65CD7 -20060827014538 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26D7096F -20060827014607 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26E3760B -20060827014626 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26EAF29F -20060827014637 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26EBCF4F -20060827014653 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26F0D6BB -20060827014732 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27088963 -20060827014835 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27320A73 -20060827014915 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27486FA3 -20060827014926 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE2748FD9F -20060827014940 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE274BB323 -20060827014956 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE274F8F7F -20060827015028 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE275C008F -20060827015112 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE2776D9EF -20060827015134 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27809AA3 -20060827015146 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27826DFB -20060827015200 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE2785363F -20060827015231 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27951F4F -20060827015246 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27991903 -20060827015300 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE279C7B37 -20060827015329 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27AB4843 -20060827015347 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27B0F9D7 -20060827015359 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27B24D5B -20060827015430 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27C2CE27 -20060827015449 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27CA3BA3 -20060827015546 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27E90A07 -20060827015607 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27F116BF -20060827015630 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27FBB66F -20060827015649 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE2803E313 -20060827024302 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AD6C361B -20060827024350 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AD6F7E93 -20060827024537 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AD7DE4BB -20060827025000 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6ADB6D4D7 -20060827025429 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6ADEF2D8B -20060827025612 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6ADFCCB13 -20060827030138 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AE41E89B -20060827030223 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AE44A263 -20060827030555 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AE6FD2A7 -20060827031244 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AECC68C3 -20060827031437 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AEDFB4EB -20060827031602 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AEEB07E7 -20060827032434 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AF5B1533 -20060827032933 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AF99D5D3 -20060827033028 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AF9CF037 -20060827033120 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AFA14BBF -20060827033331 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AFB9FD2B -20060827033555 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AFD32F8B -20060827033806 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AFEBB7DB -20060827034045 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B009C8D3 -20060827034214 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B0177447 -20060827034316 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B01EFC27 -20060827034514 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B0313F9B -20060827035109 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B07D542B -20060827035412 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B0A3485F -20060827035525 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B0AAF3BB -20060827035829 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B0CFE04F -20060827040101 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B0E988E7 -20060827040504 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B11D001B -20060827040746 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B13A45DF -20060827041350 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B188B89F -20060827041513 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B193B2EB -20060827041621 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B19B9807 -20060827041657 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B19C0107 -20060827041817 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B1A6BE4B -20060827052122 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C77E8ED3 -20060827055248 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C8549C07 -20060827055453 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C85B17DF -20060827060456 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C899BBE7 -20060827061203 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C8C362B3 -20060827061433 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C8CC69F7 -20060827061904 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C8E44BC7 -20060827062255 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C8F6B23F -20060827063052 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C926C817 -20060827063354 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C9351ABF -20060827063925 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C9541A43 -20060827064904 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C98CFAE7 -20060827070314 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C9E30823 -20060827070806 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C9F90C33 -20060827071119 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CA04D477 -20060827072534 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CA5A1ADB -20060827073212 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CA7E88A3 -20060827073641 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CA93A193 -20060827073850 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CA999B57 -20060827080040 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CB21505F -20060827080817 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CB4C2F97 -20060827083711 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CC0FAA7F -20060827084308 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CC30FD83 -20060827084830 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CC4EFB67 -20060827085653 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CC8152FB -20060827090522 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CCB5AE6B -20060827092253 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CD252FCB -20060827095916 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CE117E2F -20060827100246 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CE2087CB -20060827102041 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CE925537 -20060827102556 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CEAF2A27 -20060827103749 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CEF9826F -20060827103917 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CEFBC467 -20060827104611 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CF24A6E3 -20060827130320 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084EFA80B3F -20060827132001 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084EFC2F2A3 -20060827132659 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084EFC83DE3 -20060827133231 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084EFCAE263 -20060827134212 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084EFD5D943 -20060827135606 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084EFEAD4AB -20060827142452 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F01CBFBB -20060827185212 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F24CFF67 -20060827190158 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F2599507 -20060827202730 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F305315B -20060827213252 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F38A5B63 -20060827214322 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F3987FC7 -20060827214825 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F39A3CDB -20060827232520 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F46375AB -20060828030405 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F62B17EB -20060828043230 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F6E0BB4F -20060828081338 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F8A9B0EF -20060828083613 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F8D164EF -20060828090529 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F906488B -20060828100621 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F97FF4CB -20060828121421 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FA80824B -20060828141024 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FB659087 -20060828142059 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FB739E8F -20060828170552 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FCC5CE57 -20060828171327 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FCCCF9D3 -20060828185943 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FDA67727 -20060828190537 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FDAAC673 -20060828191202 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FDAFC737 -20060828192613 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FDC50FBB -20060828193738 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FDD6023F -20060828204936 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FE68405F -20060829063416 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE57DE9222B -20060829082327 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE57E5385E7 -20060829092010 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE57E8501A3 -20060830004204 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE5825F180F -20060830013522 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE5828DFA2B -20060830124707 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE58555C9EB -20060830180312 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE586989437 -20060831041205 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE5891334BF -20060831102341 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE58A8F8B27 -20060831234001 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE58DD7278B -20060901032352 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE58EBE93EB -20060901061345 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE58F693A3F -20060901123055 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE590F80AE7 -20060901191922 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE592994C63 -20060901203957 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE592E5D92F -20060901210250 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE592F4A5F3 -20060901225047 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE5935D124B -20060902020657 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE5942520CB -20060902070624 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE59553E03F -20060902095300 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE595F6EC6B -20060902113306 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE596599BEF -20060902142302 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE59703582B -20060902210839 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE598A695F7 -20060903073325 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE59B315E9B -20060903095626 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE59BBD7153 -20060903162601 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE59D48AEE3 -20040305011518 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080E4CE974B -20040305043124 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080E5050933 -20040305084728 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080E54C7783 -20040306205350 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080E809C413 -20040309221333 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080ED7F9CFB -20040311222059 2 6 100 6143 5 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080F103209F -20040312160304 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080F247861B -20040312210904 2 6 100 6143 5 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080F29D939F -20040316074005 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080F8B1F7DB -20040317113309 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080FAAE1F73 -20040317195246 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080FB3F2B93 -20040319025848 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080FD81741B -20040323194658 2 6 100 6143 5 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C708105AF04AF -20040324041535 2 6 100 6143 5 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C70810643E737 -20061002171426 2 6 100 8191 2 D2D64D8CC6FDFA9897C8AE805EA7CB972D7A10F5A268EB5B33B0CCE2C75E480365A49070185D8B316872BAF0F3AAF94498A8E0007A13D574C905441F19D4B0D55A83E2A70C09F7B3E353DEA76F5FEB4191E31F4A52D0BC643B9FD1959BDF8B99C13F245B5D9E8589D6C18A844814486F25A8E189B964A9E72675DDE4D759C901C09F7C24CB3E939B54D2009AE9331446C1EDE5FA9D0A33B36F6A6C9B55E956A94169FBE9C1A24EC9A3E497371F4131F2B1E4FB25A1BB27B23A6661155F37C6EC913E5CB207AD894C2319852C556CA040C6B72DE6E913BCF419E5914507119F771206FAB25B1D6BAD57AFEAF74D807CC576549CD979B0AAC13F5D2B637CCF4A54D2D903A4B29C16B9E8BEE8AD6200D24E4E3E97EB25B2DD13C31AE2A4F27D6EFBFA113F9334F92204FCFFCAA5EBDCCBA986C5B6E665FE71D6654ACA3C8051424133597FD65A18BB2AA24FFDD8B09A8758D984E09BE1F55B16A37B36B058295B1E9942A89D386D4B4DB58C516429248052D97DE42BFC32AB14F13D7F963E86867B8B7245062061C9F315EA94C38FCC0E118373BEFC41D1004CF0FA6D951E20BAC5D2C15F5796163469B88A75FE5F5D2C69C949DA47DAC75D22869F37FAB2490791FA5A5854360EAA13701CEE40EC371797272A12746ABA9CB303224B82F8CCE3F62C0D3EA0D62BF3B2C387E015B1A96A4C4A2A73ADA521B0536B81A536A5119EC559D524BA7F2B25A094A164A4EEBB8ADA886DCBA9647FC4D2D4A91BA0DB32805EDA75B61E09F44BC49862D70B8F28C8E630CD6F0DF245535D79DCD75ECBDE51B29AA6DD3F59736E5028E3AB1E75CFCDA1FF9E6F8D52027A4BC218FC9A9E660BF7EB14D300F4199C04B24725405AFA6535DF0837FEF33C0F8B57B9BDFFB1D956E7B40E822FF40603FB5417523B115FE5864094001CEF2526395C19532F153C4630B95E9835FAC985E1C9DF62188DBA12D5B8BEEB414FFD90AFEDF8F986DF33EF5BC7F7C16ACDC4D40A00822CE17A9724066EED89127195BB9D037CB7FB74AA7178A1A4CBECC5D9F67747AA74156C70E54BABA8641A55B93637385A0D1D56E5220867B5A11ED44CFC405AC238DC39690A966A2DE238FFA1E3B3C859D988DE14916C32AB2A2CB35C57F3609C34F1E8E4B5FAC2F446E0EB78CFD64DD7A3570677D373E8FEC6FF47D5471577D92F22B115D03F302C8CD1A43FCDCEBBA823EE942D7733FF7F78672BEAACCEA279744CC14D60E3912E81A14421989CF5B2C10FD1CDB6CA95E2CA8C574AA6C4F3856602A0D32A9978697752878C0DCB50EF5463EE61C83F776AB9D8098755AF00D2972D3E5E502C39A9CE52C8588472C1D3242CA658290F472D48CB0876752643C2F63CFEB66DF6E93C8BE2404DFA10AB3D8EEF214C371DC0EC29755C086574B1AA92A892B517F6E01056DD5EFEB2437E23100E487E3D4B -20061005090403 2 6 100 8191 5 D2D64D8CC6FDFA9897C8AE805EA7CB972D7A10F5A268EB5B33B0CCE2C75E480365A49070185D8B316872BAF0F3AAF94498A8E0007A13D574C905441F19D4B0D55A83E2A70C09F7B3E353DEA76F5FEB4191E31F4A52D0BC643B9FD1959BDF8B99C13F245B5D9E8589D6C18A844814486F25A8E189B964A9E72675DDE4D759C901C09F7C24CB3E939B54D2009AE9331446C1EDE5FA9D0A33B36F6A6C9B55E956A94169FBE9C1A24EC9A3E497371F4131F2B1E4FB25A1BB27B23A6661155F37C6EC913E5CB207AD894C2319852C556CA040C6B72DE6E913BCF419E5914507119F771206FAB25B1D6BAD57AFEAF74D807CC576549CD979B0AAC13F5D2B637CCF4A54D2D903A4B29C16B9E8BEE8AD6200D24E4E3E97EB25B2DD13C31AE2A4F27D6EFBFA113F9334F92204FCFFCAA5EBDCCBA986C5B6E665FE71D6654ACA3C8051424133597FD65A18BB2AA24FFDD8B09A8758D984E09BE1F55B16A37B36B058295B1E9942A89D386D4B4DB58C516429248052D97DE42BFC32AB14F13D7F963E86867B8B7245062061C9F315EA94C38FCC0E118373BEFC41D1004CF0FA6D951E20BAC5D2C15F5796163469B88A75FE5F5D2C69C949DA47DAC75D22869F37FAB2490791FA5A5854360EAA13701CEE40EC371797272A12746ABA9CB303224B82F8CCE3F62C0D3EA0D62BF3B2C387E015B1A96A4C4A2A73ADA521B0536B81A536A5119EC559D524BA7F2B25A094A164A4EEBB8ADA886DCBA9647FC4D2D4A91BA0DB32805EDA75B61E09F44BC49862D70B8F28C8E630CD6F0DF245535D79DCD75ECBDE51B29AA6DD3F59736E5028E3AB1E75CFCDA1FF9E6F8D52027A4BC218FC9A9E660BF7EB14D300F4199C04B24725405AFA6535DF0837FEF33C0F8B57B9BDFFB1D956E7B40E822FF40603FB5417523B115FE5864094001CEF2526395C19532F153C4630B95E9835FAC985E1C9DF62188DBA12D5B8BEEB414FFD90AFEDF8F986DF33EF5BC7F7C16ACDC4D40A00822CE17A9724066EED89127195BB9D037CB7FB74AA7178A1A4CBECC5D9F67747AA74156C70E54BABA8641A55B93637385A0D1D56E5220867B5A11ED44CFC405AC238DC39690A966A2DE238FFA1E3B3C859D988DE14916C32AB2A2CB35C57F3609C34F1E8E4B5FAC2F446E0EB78CFD64DD7A3570677D373E8FEC6FF47D5471577D92F22B115D03F302C8CD1A43FCDCEBBA823EE942D7733FF7F78672BEAACCEA279744CC14D60E3912E81A14421989CF5B2C10FD1CDB6CA95E2CA8C574AA6C4F3856602A0D32A9978697752878C0DCB50EF5463EE61C83F776AB9D8098755AF00D2972D3E5E502C39A9CE52C8588472C1D3242CA658290F472D48CB0876752643C2F63CFEB66DF6E93C8BE2404DFA10AB3D8EEF214C371DC0EC29755C086574B1AA92A892B517F6E01056DD5EFEB2437E23100E4A242A2F -20061005152228 2 6 100 8191 2 D2D64D8CC6FDFA9897C8AE805EA7CB972D7A10F5A268EB5B33B0CCE2C75E480365A49070185D8B316872BAF0F3AAF94498A8E0007A13D574C905441F19D4B0D55A83E2A70C09F7B3E353DEA76F5FEB4191E31F4A52D0BC643B9FD1959BDF8B99C13F245B5D9E8589D6C18A844814486F25A8E189B964A9E72675DDE4D759C901C09F7C24CB3E939B54D2009AE9331446C1EDE5FA9D0A33B36F6A6C9B55E956A94169FBE9C1A24EC9A3E497371F4131F2B1E4FB25A1BB27B23A6661155F37C6EC913E5CB207AD894C2319852C556CA040C6B72DE6E913BCF419E5914507119F771206FAB25B1D6BAD57AFEAF74D807CC576549CD979B0AAC13F5D2B637CCF4A54D2D903A4B29C16B9E8BEE8AD6200D24E4E3E97EB25B2DD13C31AE2A4F27D6EFBFA113F9334F92204FCFFCAA5EBDCCBA986C5B6E665FE71D6654ACA3C8051424133597FD65A18BB2AA24FFDD8B09A8758D984E09BE1F55B16A37B36B058295B1E9942A89D386D4B4DB58C516429248052D97DE42BFC32AB14F13D7F963E86867B8B7245062061C9F315EA94C38FCC0E118373BEFC41D1004CF0FA6D951E20BAC5D2C15F5796163469B88A75FE5F5D2C69C949DA47DAC75D22869F37FAB2490791FA5A5854360EAA13701CEE40EC371797272A12746ABA9CB303224B82F8CCE3F62C0D3EA0D62BF3B2C387E015B1A96A4C4A2A73ADA521B0536B81A536A5119EC559D524BA7F2B25A094A164A4EEBB8ADA886DCBA9647FC4D2D4A91BA0DB32805EDA75B61E09F44BC49862D70B8F28C8E630CD6F0DF245535D79DCD75ECBDE51B29AA6DD3F59736E5028E3AB1E75CFCDA1FF9E6F8D52027A4BC218FC9A9E660BF7EB14D300F4199C04B24725405AFA6535DF0837FEF33C0F8B57B9BDFFB1D956E7B40E822FF40603FB5417523B115FE5864094001CEF2526395C19532F153C4630B95E9835FAC985E1C9DF62188DBA12D5B8BEEB414FFD90AFEDF8F986DF33EF5BC7F7C16ACDC4D40A00822CE17A9724066EED89127195BB9D037CB7FB74AA7178A1A4CBECC5D9F67747AA74156C70E54BABA8641A55B93637385A0D1D56E5220867B5A11ED44CFC405AC238DC39690A966A2DE238FFA1E3B3C859D988DE14916C32AB2A2CB35C57F3609C34F1E8E4B5FAC2F446E0EB78CFD64DD7A3570677D373E8FEC6FF47D5471577D92F22B115D03F302C8CD1A43FCDCEBBA823EE942D7733FF7F78672BEAACCEA279744CC14D60E3912E81A14421989CF5B2C10FD1CDB6CA95E2CA8C574AA6C4F3856602A0D32A9978697752878C0DCB50EF5463EE61C83F776AB9D8098755AF00D2972D3E5E502C39A9CE52C8588472C1D3242CA658290F472D48CB0876752643C2F63CFEB66DF6E93C8BE2404DFA10AB3D8EEF214C371DC0EC29755C086574B1AA92A892B517F6E01056DD5EFEB2437E23100E4A4C3B0B +20120705004026 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242844A94DCF +20120705004028 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242844B1694B +20120705004036 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242844E34093 +20120705004039 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242844F41247 +20120705004040 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242844F8B39B +20120705004042 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284500D22F +20120705004044 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284504854B +20120705004047 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428451642A3 +20120705004049 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428451B31D3 +20120705004052 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428452B05CB +20120705004053 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428452BB06B +20120705004057 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284544D6EF +20120705004101 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428454FBFBF +20120705004103 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284556870F +20120705004104 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428455A1DCF +20120705004106 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428455A71F3 +20120705004107 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428455C229B +20120705004109 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845624C8F +20120705004111 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845650AD7 +20120705004113 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284572AE77 +20120705004116 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428457F0DE7 +20120705004119 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428458D623F +20120705004121 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284598C1BF +20120705004122 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284598FF9F +20120705004127 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845B559BF +20120705004129 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845BA77E7 +20120705004131 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845C3989F +20120705004132 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845C5A23F +20120705004134 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845CAF1DB +20120705004136 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845D1CB5B +20120705004137 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845D4528F +20120705004139 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845DCBCB3 +20120705004143 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845EE91B7 +20120705004144 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845EFF1A7 +20120705004145 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845F363FB +20120705004146 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845F3738B +20120705004148 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242845F437CF +20120705004150 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284601A3BF +20120705004152 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284603421F +20120705004153 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284605C5B7 +20120705004155 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428460AF7CB +20120705004159 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242846266533 +20120705004201 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242846287DD3 +20120705004204 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242846397273 +20120705004206 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284646FA83 +20120705004207 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA6242846475ED3 +20120705004210 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284651649F +20120705004212 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284659876B +20120705004213 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284659F8F3 +20120705004214 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428465BD413 +20120705004216 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428465F222B +20120705004217 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA624284660995B +20120705004221 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428467B9247 +20120705004227 2 6 100 1023 5 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428468DAF87 +20120705004230 2 6 100 1023 2 C9398FAC691CA974CDDD9E4254BD438A42F3294EB2EEAD1952EE1528921C54074519CCDAE5247550B94BCEF27A4C068DFF9135619D258C7AB9924231177BC6906A04CA6C2EA550D6F9EFCA41F5A0BB29E2DB461FE3E7B10B40737D6B5BA00078628B09353C87C1B23502F7B88265C56C935681E48FD982A68EA62428468E1A13 +20120705004838 2 6 100 1535 5 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F7205887 +20120705004853 2 6 100 1535 5 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F73B39C7 +20120705004937 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F7A3E153 +20120705005002 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F7DB4473 +20120705005017 2 6 100 1535 5 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F7F7293F +20120705005025 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F802FE8B +20120705005048 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F836B5D3 +20120705005117 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F878CDEB +20120705005122 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F87AB3EB +20120705005140 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F89EAA43 +20120705005148 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F8AA75F3 +20120705005201 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F8C2EAAB +20120705005215 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F8DEAC73 +20120705005221 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F8E3C303 +20120705005231 2 6 100 1535 5 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F8F51EFF +20120705005246 2 6 100 1535 5 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F9115B97 +20120705005317 2 6 100 1535 5 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F95737CF +20120705005324 2 6 100 1535 5 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F960A5F7 +20120705005339 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F97DBAB3 +20120705005353 2 6 100 1535 5 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8F999A9CF +20120705005453 2 6 100 1535 5 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8FA253557 +20120705005516 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8FA597D23 +20120705005521 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8FA5B9B1B +20120705005600 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8FAB57F73 +20120705005606 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8FABBBAFB +20120705005632 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8FAF58CB3 +20120705005640 2 6 100 1535 2 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8FB01659B +20120705005645 2 6 100 1535 5 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8FB04D9E7 +20120705005659 2 6 100 1535 5 E78D0311A0270EFB6AFA3D49C4F29AFBD1F6E17F09EF7C478453B0AC3569217D11C976B33A34B1455AF42C925882D5F7B37DE14F96EAFA62819815B9C023647FAA7C00A26B88EF6F1D4791BA4AFB3C41E7F09C79742FEB04897DDCCDA6CB75BCA573228359359397BDD1B054FC6B900829A4914E939F813E09DDFE94783F2739EB19D59E921881C601B2401E553972C47E93FBC5410B3712E936C9EA2255445A1E5312D6E6DBE4B7DBF69C1C6F366E91DDDDD04E67C9A5F7FD6E18C8FB205C67 +20120705011229 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D205DA381EB +20120705011307 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D205DAEFA5B +20120705011647 2 6 100 2047 5 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D205E09B2B7 +20120705011825 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D205E30C613 +20120705011957 2 6 100 2047 5 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D205E5B7E3F +20120705012217 2 6 100 2047 5 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D205E9ED607 +20120705012259 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D205EB4E9E3 +20120705012319 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D205EBDF313 +20120705012338 2 6 100 2047 5 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D205EC9AD5F +20120705012817 2 6 100 2047 5 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D205F79773F +20120705012947 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D205FB2897B +20120705013020 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D205FC0CFAB +20120705013559 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D20606541A3 +20120705013637 2 6 100 2047 5 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D206078A9DF +20120705013859 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2060C181BB +20120705014010 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2060DFB1BB +20120705014101 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2060F217A3 +20120705014248 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2061182263 +20120705014325 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2061214FC3 +20120705014539 2 6 100 2047 5 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D206162E447 +20120705014658 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D206186D1F3 +20120705014856 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2061D0EF73 +20120705015000 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2062023BFB +20120705015045 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D20621EDDEB +20120705015234 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2062752373 +20120705015345 2 6 100 2047 5 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2062B97207 +20120705015734 2 6 100 2047 5 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D20636C6B0F +20120705015750 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2063752183 +20120705015806 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D20637DAF9B +20120705015900 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2063B134BB +20120705015921 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2063C148EB +20120705020044 2 6 100 2047 5 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D20640F2047 +20120705020232 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D20647E3FEB +20120705020339 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2064C2CC83 +20120705020502 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2065162F7B +20120705020512 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D2065194343 +20120705020523 2 6 100 2047 2 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D20651C2E2B +20120705020541 2 6 100 2047 5 F40926C361E350C4310F5B3D226E71AEC07A03D75D888F970ABA8668618ED65C320792C35505B25AB099C9DB0EAFE3CD8A831A9B54F68F68C48EF3282593342D5B7529949B37B29D99EBF2DC8B454F02354772A10041B7F150A6181C103244FC53E52DC4DE433853E8363FCDA31A8F9B0C245C5B5F2B341877A37854FAC42141C6F1FB8B8514E21672C4462FFEEDFA979469B68FC868E646F29CF8775D2087E01603C5BA5C628DFF0B30C8F3E66EFB13176CC4564AB386578DF555549A80E04F537BA0E235919AB75D2B48F69C29E0F3784A25A97BB8189059FAEBA055797808FA6E3566F8A7D3E7C5E0754B23EAA38441B0F1A563EEC2FF7D374D206528BA2F +20120705021818 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54165EF071CF +20120705022441 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54165F6DCFB7 +20120705024326 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541660E5F72B +20120705025034 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA5416617271AB +20120705025525 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541661CDD5AF +20120705025705 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541661E6A71F +20120705025752 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541661EE2413 +20120705030403 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541662662DC7 +20120705030432 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA5416626728EF +20120705030953 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541662CA2463 +20120705031728 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA5416635CAC93 +20120705032458 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541663EC109F +20120705032902 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166431CB8F +20120705033016 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166441BDC3 +20120705033652 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541664BF1503 +20120705033740 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541664C48A73 +20120705034025 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541664F440CF +20120705034138 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541665048ECB +20120705034458 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA5416653F1BC7 +20120705040416 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541666BE5B43 +20120705041326 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA5416676F9AD3 +20120705041429 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA5416677BBDD7 +20120705041928 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541667DA5427 +20120705042013 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA541667E0CDA7 +20120705044833 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166A1D45AB +20120705045307 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166A71DD37 +20120705050710 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166B8634A3 +20120705051048 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166BC572CB +20120705051219 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166BDA113F +20120705051634 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166C28FFCB +20120705052331 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166CAA425B +20120705052812 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166D041A0B +20120705053701 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166DA81DB7 +20120705055127 2 6 100 3071 5 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166EC251D7 +20120705055500 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166F01CF6B +20120705055603 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166F0EF763 +20120705055831 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166F39358B +20120705060133 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166F5FDC7B +20120705060444 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166F8017B3 +20120705060616 2 6 100 3071 2 D890FD65E29157CFC7DDEE6D3593A43B0FABAD7638B24BFB0E58470A19C3CABAE86077D2C8B6BC113A7D01DC52820B4325F8EDF001A95AD2153A9CA5C2CFE131FE8472608D36D5252AF9B8C7438974D569147CFEC5D1CE0C492E7629CCE2277A85FF32B7D8051F901241B34277318752D75D3BDEC041C37E22FFA4859F52A875B2A01727978E6BABF8E4570383ECE6C8F4A8D0EFDE7894D92891E4B62B9CD31061E50177162AE78C2CFE8EF850721EFB79EC61560806F40A6EA84E40A430EE82D5737C4456B03126E4AA7C6E291612D433BB255B2F96A9C2C75B437EC79FD386A0984D6BECA43C7D5B5A91A1642E787911BD9D42A0E8E264E8317EB7E86E679787DD4D1FA0D7B39E94070123B186247B6710C0BB11FAC8589D196831D2AC1DCF25CAE16874740D310CC40A9F3C91B09A86112ACA4E62FAE3986896A4B8132AE3F2CE11B0B21DE147168E3E27FF0067C8787D5C930D6F05AF47A7BC8C59F34F17CC28C39207DFC14B9DA5C61C1B0D18E87662427DCBCF254B3BDA54166F8A763B +20120705074615 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E404D4A9FF +20120705075624 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E405259C43 +20120705075814 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E4052CF1E3 +20120705082750 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E405CAF157 +20120705091841 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E40777DB37 +20120705094647 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E40863BD9B +20120705113042 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E40BE821C7 +20120705113614 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E40C0EADAB +20120705113856 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E40C1D4D93 +20120705115824 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E40CBE3D6B +20120705122406 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E40D792E73 +20120705123711 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E40DDA1F9F +20120705124452 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E40E149903 +20120705133408 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E40F205063 +20120705133854 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E40F36CB23 +20120705140912 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E40FF3C14B +20120705151048 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E41130009B +20120705154517 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E411EA83DB +20120705155613 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E4123EC08F +20120705162202 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E4130DF347 +20120705162423 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E41319263F +20120705163533 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E4136A686F +20120705170312 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E4144BD02B +20120705175100 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E415E0D6BB +20120705190344 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E418110983 +20120705191532 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E4186E4BE3 +20120705193904 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E41933A90B +20120705201440 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E41A1607FF +20120705202233 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E41A3C4B5F +20120705204542 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E41AFA0127 +20120705205809 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E41B59BD9B +20120705213138 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E41C73B903 +20120705214528 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E41CE1ACFB +20120705215449 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E41D2A1E9B +20120705225456 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E41F236C7F +20120705231339 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E41FB99943 +20120705232933 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E4203D8FB3 +20120705233827 2 6 100 4095 2 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E420804A5B +20120705234448 2 6 100 4095 5 DFFB779B102B10577B70CDEE209CFAB26C1253293E8D5276DBAC95D03FCBD38E8A848E936A1CB8030EBC8E2C34EAC58F80CC9CCF8791D989809E2B4AB5CC21CCA57AAA4A5BB1790A0285F2E221F5F2E3432D7FE997B5E128AC60AE4D96D64D578F0E00AD9A784A66669CC98A6313A453D8071AA32C0CCFFE0F563A39478DE745FBE68390AE208F9A1927E205527C34E903C9392DFBB15172842B60C0F7DD073B9AFDA8DED1110031323DE355D245DCA105739D476C83F9FC1CB2DADAEB3858E1A5958B2A878EC1D7AF9DE6191A324B0370C84E092157E46BBF7743DE32A6F935F64A6855CFF6D48B6312C4CB90C057BE850A14377042080D370219B0677961112B926D69780F82EE3292619A074E22EFF9D919D01D872079A94BF8CBD98E700D63B5C33409B070133AB2D09AA175215F80D5D64290D74059955EE9CFE7E7CF7E83C51DFE9822BDC92F5447AF88BB944A812607D9A1508885EAAF1FE5C42779085F0D831E21A689C141D769E423F42B5CE2BFE8DB4AE13808AD146903A8322D895306C34285BAB6EF9B4DC9498051F5246CD9716D6E00BCB255CDCFCE603EB54C0D9ABFB187FBFE9FC2D456624D7A9415D1D9022B4AE86045AD1FA073400A8F85F6469B609666B0E78A5BCE8B02825A7F9CE33776BD068F2B4626472EADFED316CF2F2CEDFFF966A9D5C30B41C1ABD5DBFBE29F0953292A6C96ADF8E420AC9D9F +20120705232031 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B241215BB +20120705233800 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B246EC93B +20120706002709 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B2582B477 +20120706013826 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B271419A3 +20120706014732 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B273FB1BB +20120706021008 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B27B7E59F +20120705225552 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B29C4E81B +20120705233754 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B2AB07037 +20120705234834 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B2AE25CBB +20120706024556 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B2EDFAA6F +20120705233556 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B30EE83EB +20120706002117 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B31E6F727 +20120705233808 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B37267537 +20120706001148 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B3DF98C1F +20120706013155 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B3FBB98EB +20120706025705 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B418898A7 +20120706022948 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B4707179B +20120705233534 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B4F3D25C7 +20120706014542 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B520205CB +20120706030026 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B539518DB +20120706003519 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B566E0243 +20120706032218 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B59E508EF +20120706033523 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B5A254F5F +20120705235242 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B5B60C48F +20120706022615 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B646A1B3B +20120706032540 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B6594B14F +20120706001843 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B677C3593 +20120705054703 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE234453518A0F7 +20120705060217 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE23445353B291F +20120705100916 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE2344537DF8F1B +20120705112627 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE2344538AF7C7B +20120705121419 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE23445392BB61F +20120705162623 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE234453BD5FE03 +20120705171958 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE234453C6257EF +20120705222541 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE234453FBF1073 +20120705120012 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE2344544BA2363 +20120705143238 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE23445464ED33B +20120705175610 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE23445486B9E93 +20120705143839 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE2344551AEBB1B +20120705164833 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE2344553053057 +20120705195911 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE2344560200E33 +20120705051445 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE23445620DCB9B +20120705090103 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE234456453E2C3 +20120705102457 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE234456520F7B3 +20120705045958 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE234456CC34FE7 +20120705064048 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE234456DBB1643 +20120705100057 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE234456FACFC3F +20120705130216 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE23445716EEFD3 +20120705184211 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE2344574BD3B0F +20120705075506 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE234457918ED6F +20120705111016 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE23445857E1707 +20120705051124 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE234458C6078E3 +20120705054255 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE234458CA4E313 +20120705155949 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE234459281E7B3 +20120705065517 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE2344597A57CB3 +20120705082307 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE23445987253DB +20120705182442 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE234459E124B2F +20120705184956 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE234459E442F5B +20120705071209 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE23445A1E0FD83 +20120705155527 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE23445A6BDA473 +20120705103912 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE23445ADCE429F +20120705115451 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE23445AE75FB83 +20120705133531 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE23445AF5813A3 +20120705144902 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE23445AFF92FDF +20120705160631 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE23445B0A9AF9F +20120705194100 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F282CD256BC3B365896D80DC170BE23445B296E223 diff --git a/crypto/openssh/moduli.5 b/crypto/openssh/moduli.5 index 1abaa3a68..13c0b22fb 100644 --- a/crypto/openssh/moduli.5 +++ b/crypto/openssh/moduli.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: moduli.5,v 1.12 2008/06/26 05:57:54 djm Exp $ +.\" $OpenBSD: moduli.5,v 1.15 2010/10/14 20:41:28 jmc Exp $ .\" .\" Copyright (c) 2008 Damien Miller .\" @@ -13,16 +13,16 @@ .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.Dd June 26, 2008 +.Dd October 14, 2010 .Dt MODULI 5 .Os .Sh NAME .Nm moduli -.Nd Diffie Hellman moduli +.Nd Diffie-Hellman moduli .Sh DESCRIPTION The .Pa /etc/moduli -file contains prime numbers and generators for use by +file contains prime numbers and generators for use by .Xr sshd 8 in the Diffie-Hellman Group Exchange key exchange method. .Pp @@ -31,24 +31,23 @@ New moduli may be generated with using a two-step process. An initial .Em candidate generation -pass, using +pass, using .Ic ssh-keygen -G , calculates numbers that are likely to be useful. A second .Em primality testing pass, using -.Ic ssh-keygen -T +.Ic ssh-keygen -T , provides a high degree of assurance that the numbers are prime and are -safe for use in Diffie Hellman operations by +safe for use in Diffie-Hellman operations by .Xr sshd 8 . This .Nm format is used as the output from each pass. .Pp The file consists of newline-separated records, one per modulus, -containing seven space separated fields. +containing seven space-separated fields. These fields are as follows: -.Pp .Bl -tag -width Description -offset indent .It timestamp The time that the modulus was last processed as YYYYMMDDHHMMSS. @@ -58,7 +57,7 @@ Supported types are: .Pp .Bl -tag -width 0x00 -compact .It 0 -Unknown, not tested +Unknown, not tested. .It 2 "Safe" prime; (p-1)/2 is also prime. .It 4 @@ -68,7 +67,7 @@ Sophie Germain; (p+1)*2 is also prime. Moduli candidates initially produced by .Xr ssh-keygen 1 are Sophie Germain primes (type 4). -Futher primality testing with +Further primality testing with .Xr ssh-keygen 1 produces safe prime moduli (type 2) that are ready for use in .Xr sshd 8 . @@ -79,13 +78,13 @@ has been subjected to represented as a bitmask of the following values: .Pp .Bl -tag -width 0x00 -compact .It 0x00 -Not tested +Not tested. .It 0x01 -Composite number - not prime. +Composite number \(en not prime. .It 0x02 -Sieve of Eratosthenes +Sieve of Eratosthenes. .It 0x04 -Probabalistic Miller-Rabin primality tests. +Probabilistic Miller-Rabin primality tests. .El .Pp The @@ -95,8 +94,8 @@ Subsequent .Xr ssh-keygen 1 primality tests are Miller-Rabin tests (flag 0x04). .It trials -Decimal number indicating of primaility trials that have been performed -on the modulus. +Decimal number indicating the number of primality trials +that have been performed on the modulus. .It size Decimal number indicating the size of the prime in bits. .It generator @@ -105,18 +104,17 @@ The recommended generator for use with this modulus (hexadecimal). The modulus itself in hexadecimal. .El .Pp -When performing Diffie Hellman Group Exchange, +When performing Diffie-Hellman Group Exchange, .Xr sshd 8 first estimates the size of the modulus required to produce enough -Diffie Hellman output to sufficiently key the selected symmetric cipher. +Diffie-Hellman output to sufficiently key the selected symmetric cipher. .Xr sshd 8 then randomly selects a modulus from .Fa /etc/moduli that best meets the size requirement. -.Pp .Sh SEE ALSO .Xr ssh-keygen 1 , -.Xr sshd 8 , +.Xr sshd 8 .Rs .%R RFC 4419 .%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol" diff --git a/crypto/openssh/moduli.c b/crypto/openssh/moduli.c index 2964a8b3d..5267bb9ab 100644 --- a/crypto/openssh/moduli.c +++ b/crypto/openssh/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.22 2010/11/10 01:33:07 djm Exp $ */ +/* $OpenBSD: moduli.c,v 1.26 2012/07/06 00:41:59 dtucker Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -39,16 +39,19 @@ #include "includes.h" +#include #include #include #include +#include #include #include #include #include #include +#include #include "xmalloc.h" #include "dh.h" @@ -137,7 +140,8 @@ static u_int32_t largebits, largememory; /* megabytes */ static BIGNUM *largebase; int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); -int prime_test(FILE *, FILE *, u_int32_t, u_int32_t); +int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long, + unsigned long); /* * print moduli out in consistent form, @@ -438,6 +442,52 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start) return (ret); } +static void +write_checkpoint(char *cpfile, u_int32_t lineno) +{ + FILE *fp; + char tmp[MAXPATHLEN]; + int r; + + r = snprintf(tmp, sizeof(tmp), "%s.XXXXXXXXXX", cpfile); + if (r == -1 || r >= MAXPATHLEN) { + logit("write_checkpoint: temp pathname too long"); + return; + } + if ((r = mkstemp(tmp)) == -1) { + logit("mkstemp(%s): %s", tmp, strerror(errno)); + return; + } + if ((fp = fdopen(r, "w")) == NULL) { + logit("write_checkpoint: fdopen: %s", strerror(errno)); + close(r); + return; + } + if (fprintf(fp, "%lu\n", (unsigned long)lineno) > 0 && fclose(fp) == 0 + && rename(tmp, cpfile) == 0) + debug3("wrote checkpoint line %lu to '%s'", + (unsigned long)lineno, cpfile); + else + logit("failed to write to checkpoint file '%s': %s", cpfile, + strerror(errno)); +} + +static unsigned long +read_checkpoint(char *cpfile) +{ + FILE *fp; + unsigned long lineno = 0; + + if ((fp = fopen(cpfile, "r")) == NULL) + return 0; + if (fscanf(fp, "%lu\n", &lineno) < 1) + logit("Failed to load checkpoint from '%s'", cpfile); + else + logit("Loaded checkpoint from '%s' line %lu", cpfile, lineno); + fclose(fp); + return lineno; +} + /* * perform a Miller-Rabin primality test * on the list of candidates @@ -445,13 +495,15 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start) * The result is a list of so-call "safe" primes */ int -prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) +prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, + char *checkpoint_file, unsigned long start_lineno, unsigned long num_lines) { BIGNUM *q, *p, *a; BN_CTX *ctx; char *cp, *lp; u_int32_t count_in = 0, count_out = 0, count_possible = 0; u_int32_t generator_known, in_tests, in_tries, in_type, in_size; + unsigned long last_processed = 0, end_lineno; time_t time_start, time_stop; int res; @@ -472,10 +524,28 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) debug2("%.24s Final %u Miller-Rabin trials (%x generator)", ctime(&time_start), trials, generator_wanted); + if (checkpoint_file != NULL) + last_processed = read_checkpoint(checkpoint_file); + if (start_lineno > last_processed) + last_processed = start_lineno; + if (num_lines == 0) + end_lineno = ULONG_MAX; + else + end_lineno = last_processed + num_lines; + debug2("process line %lu to line %lu", last_processed, end_lineno); + res = 0; lp = xmalloc(QLINESIZE + 1); - while (fgets(lp, QLINESIZE + 1, in) != NULL) { + while (fgets(lp, QLINESIZE + 1, in) != NULL && count_in < end_lineno) { count_in++; + if (checkpoint_file != NULL) { + if (count_in <= last_processed) { + debug3("skipping line %u, before checkpoint", + count_in); + continue; + } + write_checkpoint(checkpoint_file, count_in); + } if (strlen(lp) < 14 || *lp == '!' || *lp == '#') { debug2("%10u: comment or short line", count_in); continue; @@ -644,6 +714,9 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) BN_free(q); BN_CTX_free(ctx); + if (checkpoint_file != NULL) + unlink(checkpoint_file); + logit("%.24s Found %u safe primes of %u candidates in %ld seconds", ctime(&time_stop), count_out, count_possible, (long) (time_stop - time_start)); diff --git a/crypto/openssh/monitor.c b/crypto/openssh/monitor.c index 29d987c70..e9802a3fd 100644 --- a/crypto/openssh/monitor.c +++ b/crypto/openssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.110 2010/09/09 10:45:45 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.117 2012/06/22 12:30:26 dtucker Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -44,6 +44,13 @@ #include #include #include +#ifdef HAVE_POLL_H +#include +#else +# ifdef HAVE_SYS_POLL_H +# include +# endif +#endif #ifdef SKEY #include @@ -52,6 +59,7 @@ #include #include "openbsd-compat/sys-queue.h" +#include "atomicio.h" #include "xmalloc.h" #include "ssh.h" #include "key.h" @@ -179,6 +187,8 @@ int mm_answer_audit_event(int, Buffer *); int mm_answer_audit_command(int, Buffer *); #endif +static int monitor_read_log(struct monitor *); + static Authctxt *authctxt; static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ @@ -346,6 +356,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) debug3("preauth child monitor started"); + close(pmonitor->m_recvfd); + close(pmonitor->m_log_sendfd); + pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1; + authctxt = _authctxt; memset(authctxt, 0, sizeof(*authctxt)); @@ -405,6 +419,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) #endif } + /* Drain any buffered messages from the child */ + while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0) + ; + if (!authctxt->valid) fatal("%s: authenticated invalid user", __func__); if (strcmp(auth_method, "unknown") == 0) @@ -414,6 +432,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) __func__, authctxt->user); mm_get_keystate(pmonitor); + + close(pmonitor->m_sendfd); + close(pmonitor->m_log_recvfd); + pmonitor->m_sendfd = pmonitor->m_log_recvfd = -1; } static void @@ -431,6 +453,9 @@ monitor_child_handler(int sig) void monitor_child_postauth(struct monitor *pmonitor) { + close(pmonitor->m_recvfd); + pmonitor->m_recvfd = -1; + monitor_set_child_handler(pmonitor->m_pid); signal(SIGHUP, &monitor_child_handler); signal(SIGTERM, &monitor_child_handler); @@ -465,6 +490,53 @@ monitor_sync(struct monitor *pmonitor) } } +static int +monitor_read_log(struct monitor *pmonitor) +{ + Buffer logmsg; + u_int len, level; + char *msg; + + buffer_init(&logmsg); + + /* Read length */ + buffer_append_space(&logmsg, 4); + if (atomicio(read, pmonitor->m_log_recvfd, + buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) { + if (errno == EPIPE) { + buffer_free(&logmsg); + debug("%s: child log fd closed", __func__); + close(pmonitor->m_log_recvfd); + pmonitor->m_log_recvfd = -1; + return -1; + } + fatal("%s: log fd read: %s", __func__, strerror(errno)); + } + len = buffer_get_int(&logmsg); + if (len <= 4 || len > 8192) + fatal("%s: invalid log message length %u", __func__, len); + + /* Read severity, message */ + buffer_clear(&logmsg); + buffer_append_space(&logmsg, len); + if (atomicio(read, pmonitor->m_log_recvfd, + buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) + fatal("%s: log fd read: %s", __func__, strerror(errno)); + + /* Log it */ + level = buffer_get_int(&logmsg); + msg = buffer_get_string(&logmsg, NULL); + if (log_level_name(level) == NULL) + fatal("%s: invalid log level %u (corrupted message?)", + __func__, level); + do_log2(level, "%s [preauth]", msg); + + buffer_free(&logmsg); + xfree(msg); + + return 0; +} + int monitor_read(struct monitor *pmonitor, struct mon_table *ent, struct mon_table **pent) @@ -472,6 +544,30 @@ monitor_read(struct monitor *pmonitor, struct mon_table *ent, Buffer m; int ret; u_char type; + struct pollfd pfd[2]; + + for (;;) { + bzero(&pfd, sizeof(pfd)); + pfd[0].fd = pmonitor->m_sendfd; + pfd[0].events = POLLIN; + pfd[1].fd = pmonitor->m_log_recvfd; + pfd[1].events = pfd[1].fd == -1 ? 0 : POLLIN; + if (poll(pfd, pfd[1].fd == -1 ? 1 : 2, -1) == -1) { + if (errno == EINTR || errno == EAGAIN) + continue; + fatal("%s: poll: %s", __func__, strerror(errno)); + } + if (pfd[1].revents) { + /* + * Drain all log messages before processing next + * monitor request. + */ + monitor_read_log(pmonitor); + continue; + } + if (pfd[0].revents) + break; /* Continues below */ + } buffer_init(&m); @@ -632,6 +728,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) char *username; struct passwd *pwent; int allowed = 0; + u_int i; debug3("%s", __func__); @@ -671,8 +768,20 @@ mm_answer_pwnamallow(int sock, Buffer *m) out: buffer_put_string(m, &options, sizeof(options)); - if (options.banner != NULL) - buffer_put_cstring(m, options.banner); + +#define M_CP_STROPT(x) do { \ + if (options.x != NULL) \ + buffer_put_cstring(m, options.x); \ + } while (0) +#define M_CP_STRARRAYOPT(x, nx) do { \ + for (i = 0; i < options.nx; i++) \ + buffer_put_cstring(m, options.x[i]); \ + } while (0) + /* See comment in servconf.h */ + COPY_MATCH_STRING_OPTS(); +#undef M_CP_STROPT +#undef M_CP_STRARRAYOPT + debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); mm_request_send(sock, MONITOR_ANS_PWNAM, m); @@ -684,7 +793,6 @@ mm_answer_pwnamallow(int sock, Buffer *m) monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); } - #ifdef USE_PAM if (options.use_pam) monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); @@ -1834,22 +1942,31 @@ mm_init_compression(struct mm_master *mm) /* XXX */ #define FD_CLOSEONEXEC(x) do { \ - if (fcntl(x, F_SETFD, 1) == -1) \ + if (fcntl(x, F_SETFD, FD_CLOEXEC) == -1) \ fatal("fcntl(%d, F_SETFD)", x); \ } while (0) static void -monitor_socketpair(int *pair) +monitor_openfds(struct monitor *mon, int do_logfds) { -#ifdef HAVE_SOCKETPAIR + int pair[2]; + if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) - fatal("%s: socketpair", __func__); -#else - fatal("%s: UsePrivilegeSeparation=yes not supported", - __func__); -#endif + fatal("%s: socketpair: %s", __func__, strerror(errno)); FD_CLOSEONEXEC(pair[0]); FD_CLOSEONEXEC(pair[1]); + mon->m_recvfd = pair[0]; + mon->m_sendfd = pair[1]; + + if (do_logfds) { + if (pipe(pair) == -1) + fatal("%s: pipe: %s", __func__, strerror(errno)); + FD_CLOSEONEXEC(pair[0]); + FD_CLOSEONEXEC(pair[1]); + mon->m_log_recvfd = pair[0]; + mon->m_log_sendfd = pair[1]; + } else + mon->m_log_recvfd = mon->m_log_sendfd = -1; } #define MM_MEMSIZE 65536 @@ -1858,14 +1975,10 @@ struct monitor * monitor_init(void) { struct monitor *mon; - int pair[2]; mon = xcalloc(1, sizeof(*mon)); - monitor_socketpair(pair); - - mon->m_recvfd = pair[0]; - mon->m_sendfd = pair[1]; + monitor_openfds(mon, 1); /* Used to share zlib space across processes */ if (options.compression) { @@ -1882,12 +1995,7 @@ monitor_init(void) void monitor_reinit(struct monitor *mon) { - int pair[2]; - - monitor_socketpair(pair); - - mon->m_recvfd = pair[0]; - mon->m_sendfd = pair[1]; + monitor_openfds(mon, 0); } #ifdef GSSAPI diff --git a/crypto/openssh/monitor.h b/crypto/openssh/monitor.h index a8a2c0c19..5e7d552fb 100644 --- a/crypto/openssh/monitor.h +++ b/crypto/openssh/monitor.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.h,v 1.15 2008/11/04 08:22:13 djm Exp $ */ +/* $OpenBSD: monitor.h,v 1.16 2011/06/17 21:44:31 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -72,6 +72,8 @@ struct mm_master; struct monitor { int m_recvfd; int m_sendfd; + int m_log_recvfd; + int m_log_sendfd; struct mm_master *m_zback; struct mm_master *m_zlib; struct Kex **m_pkex; diff --git a/crypto/openssh/monitor_wrap.c b/crypto/openssh/monitor_wrap.c index 1a5dda561..1f60658e9 100644 --- a/crypto/openssh/monitor_wrap.c +++ b/crypto/openssh/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.70 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.73 2011/06/17 21:44:31 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -88,6 +88,32 @@ extern struct monitor *pmonitor; extern Buffer loginmsg; extern ServerOptions options; +void +mm_log_handler(LogLevel level, const char *msg, void *ctx) +{ + Buffer log_msg; + struct monitor *mon = (struct monitor *)ctx; + + if (mon->m_log_sendfd == -1) + fatal("%s: no log channel", __func__); + + buffer_init(&log_msg); + /* + * Placeholder for packet length. Will be filled in with the actual + * packet length once the packet has been constucted. This saves + * fragile math. + */ + buffer_put_int(&log_msg, 0); + + buffer_put_int(&log_msg, level); + buffer_put_cstring(&log_msg, msg); + put_u32(buffer_ptr(&log_msg), buffer_len(&log_msg) - 4); + if (atomicio(vwrite, mon->m_log_sendfd, buffer_ptr(&log_msg), + buffer_len(&log_msg)) != buffer_len(&log_msg)) + fatal("%s: write: %s", __func__, strerror(errno)); + buffer_free(&log_msg); +} + int mm_is_monitor(void) { @@ -211,7 +237,7 @@ mm_getpwnamallow(const char *username) { Buffer m; struct passwd *pw; - u_int len; + u_int len, i; ServerOptions *newopts; debug3("%s entering", __func__); @@ -245,8 +271,20 @@ out: newopts = buffer_get_string(&m, &len); if (len != sizeof(*newopts)) fatal("%s: option block size mismatch", __func__); - if (newopts->banner != NULL) - newopts->banner = buffer_get_string(&m, NULL); + +#define M_CP_STROPT(x) do { \ + if (newopts->x != NULL) \ + newopts->x = buffer_get_string(&m, NULL); \ + } while (0) +#define M_CP_STRARRAYOPT(x, nx) do { \ + for (i = 0; i < newopts->nx; i++) \ + newopts->x[i] = buffer_get_string(&m, NULL); \ + } while (0) + /* See comment in servconf.h */ + COPY_MATCH_STRING_OPTS(); +#undef M_CP_STROPT +#undef M_CP_STRARRAYOPT + copy_set_server_options(&options, newopts, 1); xfree(newopts); diff --git a/crypto/openssh/monitor_wrap.h b/crypto/openssh/monitor_wrap.h index de2d16f66..0c7f2e384 100644 --- a/crypto/openssh/monitor_wrap.h +++ b/crypto/openssh/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.22 2009/03/05 07:18:19 djm Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.23 2011/06/17 21:44:31 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -37,6 +37,7 @@ struct monitor; struct mm_master; struct Authctxt; +void mm_log_handler(LogLevel, const char *, void *); int mm_is_monitor(void); DH *mm_choose_dh(int, int, int); int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int); diff --git a/crypto/openssh/mux.c b/crypto/openssh/mux.c index e370462db..5e0e65ff3 100644 --- a/crypto/openssh/mux.c +++ b/crypto/openssh/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.24 2011/01/13 21:54:53 djm Exp $ */ +/* $OpenBSD: mux.c,v 1.36 2012/07/06 01:37:21 djm Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller * @@ -87,7 +87,6 @@ /* from ssh.c */ extern int tty_flag; -extern int force_tty_flag; extern Options options; extern int stdin_null_flag; extern char *host; @@ -146,6 +145,7 @@ struct mux_master_state { #define MUX_C_OPEN_FWD 0x10000006 #define MUX_C_CLOSE_FWD 0x10000007 #define MUX_C_NEW_STDIO_FWD 0x10000008 +#define MUX_C_STOP_LISTENING 0x10000009 #define MUX_S_OK 0x80000001 #define MUX_S_PERMISSION_DENIED 0x80000002 #define MUX_S_FAILURE 0x80000003 @@ -153,6 +153,7 @@ struct mux_master_state { #define MUX_S_ALIVE 0x80000005 #define MUX_S_SESSION_OPENED 0x80000006 #define MUX_S_REMOTE_PORT 0x80000007 +#define MUX_S_TTY_ALLOC_FAIL 0x80000008 /* type codes for MUX_C_OPEN_FWD and MUX_C_CLOSE_FWD */ #define MUX_FWD_LOCAL 1 @@ -168,6 +169,7 @@ static int process_mux_terminate(u_int, Channel *, Buffer *, Buffer *); static int process_mux_open_fwd(u_int, Channel *, Buffer *, Buffer *); static int process_mux_close_fwd(u_int, Channel *, Buffer *, Buffer *); static int process_mux_stdio_fwd(u_int, Channel *, Buffer *, Buffer *); +static int process_mux_stop_listening(u_int, Channel *, Buffer *, Buffer *); static const struct { u_int type; @@ -180,6 +182,7 @@ static const struct { { MUX_C_OPEN_FWD, process_mux_open_fwd }, { MUX_C_CLOSE_FWD, process_mux_close_fwd }, { MUX_C_NEW_STDIO_FWD, process_mux_stdio_fwd }, + { MUX_C_STOP_LISTENING, process_mux_stop_listening }, { 0, NULL } }; @@ -313,6 +316,8 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) cctx->term = NULL; cctx->rid = rid; cmd = reserved = NULL; + cctx->env = NULL; + env_len = 0; if ((reserved = buffer_get_string_ret(m, NULL)) == NULL || buffer_get_int_ret(&cctx->want_tty, m) != 0 || buffer_get_int_ret(&cctx->want_x_fwd, m) != 0 || @@ -326,22 +331,23 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) xfree(cmd); if (reserved != NULL) xfree(reserved); + for (j = 0; j < env_len; j++) + xfree(cctx->env[j]); + if (env_len > 0) + xfree(cctx->env); if (cctx->term != NULL) xfree(cctx->term); + xfree(cctx); error("%s: malformed message", __func__); return -1; } xfree(reserved); reserved = NULL; - cctx->env = NULL; - env_len = 0; while (buffer_len(m) > 0) { #define MUX_MAX_ENV_VARS 4096 - if ((cp = buffer_get_string_ret(m, &len)) == NULL) { - xfree(cmd); + if ((cp = buffer_get_string_ret(m, &len)) == NULL) goto malf; - } if (!env_permitted(cp)) { xfree(cp); continue; @@ -412,6 +418,7 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) xfree(cctx->env); } buffer_free(&cctx->cmd); + xfree(cctx); return 0; } @@ -598,12 +605,16 @@ mux_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) buffer_put_int(&out, MUX_S_REMOTE_PORT); buffer_put_int(&out, fctx->rid); buffer_put_int(&out, rfwd->allocated_port); + channel_update_permitted_opens(rfwd->handle, + rfwd->allocated_port); } else { buffer_put_int(&out, MUX_S_OK); buffer_put_int(&out, fctx->rid); } goto out; } else { + if (rfwd->listen_port == 0) + channel_update_permitted_opens(rfwd->handle, -1); xasprintf(&failmsg, "remote port forwarding failed for " "listen port %d", rfwd->listen_port); } @@ -742,8 +753,9 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) } else { struct mux_channel_confirm_ctx *fctx; - if (channel_request_remote_forwarding(fwd.listen_host, - fwd.listen_port, fwd.connect_host, fwd.connect_port) < 0) + fwd.handle = channel_request_remote_forwarding(fwd.listen_host, + fwd.listen_port, fwd.connect_host, fwd.connect_port); + if (fwd.handle < 0) goto fail; add_remote_forward(&options, &fwd); fctx = xcalloc(1, sizeof(*fctx)); @@ -774,10 +786,11 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) static int process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) { - Forward fwd; + Forward fwd, *found_fwd; char *fwd_desc = NULL; + const char *error_reason = NULL; u_int ftype; - int ret = 0; + int i, listen_port, ret = 0; fwd.listen_host = fwd.connect_host = NULL; if (buffer_get_int_ret(&ftype, m) != 0 || @@ -799,14 +812,70 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) fwd.connect_host = NULL; } - debug2("%s: channel %d: request %s", __func__, c->self, + debug2("%s: channel %d: request cancel %s", __func__, c->self, (fwd_desc = format_forward(ftype, &fwd))); - /* XXX implement this */ - buffer_put_int(r, MUX_S_FAILURE); - buffer_put_int(r, rid); - buffer_put_cstring(r, "unimplemented"); + /* make sure this has been requested */ + found_fwd = NULL; + switch (ftype) { + case MUX_FWD_LOCAL: + case MUX_FWD_DYNAMIC: + for (i = 0; i < options.num_local_forwards; i++) { + if (compare_forward(&fwd, + options.local_forwards + i)) { + found_fwd = options.local_forwards + i; + break; + } + } + break; + case MUX_FWD_REMOTE: + for (i = 0; i < options.num_remote_forwards; i++) { + if (compare_forward(&fwd, + options.remote_forwards + i)) { + found_fwd = options.remote_forwards + i; + break; + } + } + break; + } + + if (found_fwd == NULL) + error_reason = "port not forwarded"; + else if (ftype == MUX_FWD_REMOTE) { + /* + * This shouldn't fail unless we confused the host/port + * between options.remote_forwards and permitted_opens. + * However, for dynamic allocated listen ports we need + * to lookup the actual listen port. + */ + listen_port = (fwd.listen_port == 0) ? + found_fwd->allocated_port : fwd.listen_port; + if (channel_request_rforward_cancel(fwd.listen_host, + listen_port) == -1) + error_reason = "port not in permitted opens"; + } else { /* local and dynamic forwards */ + /* Ditto */ + if (channel_cancel_lport_listener(fwd.listen_host, + fwd.listen_port, fwd.connect_port, + options.gateway_ports) == -1) + error_reason = "port not found"; + } + + if (error_reason == NULL) { + buffer_put_int(r, MUX_S_OK); + buffer_put_int(r, rid); + if (found_fwd->listen_host != NULL) + xfree(found_fwd->listen_host); + if (found_fwd->connect_host != NULL) + xfree(found_fwd->connect_host); + found_fwd->listen_host = found_fwd->connect_host = NULL; + found_fwd->listen_port = found_fwd->connect_port = 0; + } else { + buffer_put_int(r, MUX_S_FAILURE); + buffer_put_int(r, rid); + buffer_put_cstring(r, error_reason); + } out: if (fwd_desc != NULL) xfree(fwd_desc); @@ -915,6 +984,39 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) return 0; } +static int +process_mux_stop_listening(u_int rid, Channel *c, Buffer *m, Buffer *r) +{ + debug("%s: channel %d: stop listening", __func__, c->self); + + if (options.control_master == SSHCTL_MASTER_ASK || + options.control_master == SSHCTL_MASTER_AUTO_ASK) { + if (!ask_permission("Disable further multiplexing on shared " + "connection to %s? ", host)) { + debug2("%s: stop listen refused by user", __func__); + buffer_put_int(r, MUX_S_PERMISSION_DENIED); + buffer_put_int(r, rid); + buffer_put_cstring(r, "Permission denied"); + return 0; + } + } + + if (mux_listener_channel != NULL) { + channel_free(mux_listener_channel); + client_stop_mux(); + xfree(options.control_path); + options.control_path = NULL; + mux_listener_channel = NULL; + muxserver_sock = -1; + } + + /* prepare reply */ + buffer_put_int(r, MUX_S_OK); + buffer_put_int(r, rid); + + return 0; +} + /* Channel callbacks fired on read/write from mux slave fd */ static int mux_master_read_cb(Channel *c) @@ -1019,6 +1121,27 @@ mux_exit_message(Channel *c, int exitval) buffer_free(&m); } +void +mux_tty_alloc_failed(Channel *c) +{ + Buffer m; + Channel *mux_chan; + + debug3("%s: channel %d: TTY alloc failed", __func__, c->self); + + if ((mux_chan = channel_by_id(c->ctl_chan)) == NULL) + fatal("%s: channel %d missing mux channel %d", + __func__, c->self, c->ctl_chan); + + /* Append exit message packet to control socket output queue */ + buffer_init(&m); + buffer_put_int(&m, MUX_S_TTY_ALLOC_FAIL); + buffer_put_int(&m, c->self); + + buffer_put_string(&mux_chan->output, buffer_ptr(&m), buffer_len(&m)); + buffer_free(&m); +} + /* Prepare a mux master to listen on a Unix domain socket. */ void muxserver_listen(void) @@ -1059,21 +1182,26 @@ muxserver_listen(void) strlen(options.control_path) + 1; if (strlcpy(addr.sun_path, options.control_path, - sizeof(addr.sun_path)) >= sizeof(addr.sun_path)) - fatal("ControlPath too long"); + sizeof(addr.sun_path)) >= sizeof(addr.sun_path)) { + error("ControlPath \"%s\" too long for Unix domain socket", + options.control_path); + goto disable_mux_master; + } if ((muxserver_sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) fatal("%s socket(): %s", __func__, strerror(errno)); old_umask = umask(0177); if (bind(muxserver_sock, (struct sockaddr *)&addr, sun_len) == -1) { - muxserver_sock = -1; if (errno == EINVAL || errno == EADDRINUSE) { error("ControlSocket %s already exists, " "disabling multiplexing", options.control_path); disable_mux_master: - close(muxserver_sock); - muxserver_sock = -1; + if (muxserver_sock != -1) { + close(muxserver_sock); + muxserver_sock = -1; + } + xfree(orig_control_path); xfree(options.control_path); options.control_path = NULL; options.control_master = SSHCTL_MASTER_NO; @@ -1095,7 +1223,6 @@ muxserver_listen(void) } error("ControlSocket %s already exists, disabling multiplexing", orig_control_path); - xfree(orig_control_path); unlink(options.control_path); goto disable_mux_master; } @@ -1153,8 +1280,10 @@ mux_session_confirm(int id, int success, void *arg) /* Request forwarding with authentication spoofing. */ debug("Requesting X11 forwarding with authentication " "spoofing."); - x11_request_forwarding_with_spoofing(id, display, proto, data); - /* XXX wait for reply */ + x11_request_forwarding_with_spoofing(id, display, proto, + data, 1); + client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN); + /* XXX exit_on_forward_failure */ } if (cctx->want_agent_fwd && options.forward_agent) { @@ -1474,18 +1603,19 @@ mux_client_request_terminate(int fd) } static int -mux_client_request_forward(int fd, u_int ftype, Forward *fwd) +mux_client_forward(int fd, int cancel_flag, u_int ftype, Forward *fwd) { Buffer m; char *e, *fwd_desc; u_int type, rid; fwd_desc = format_forward(ftype, fwd); - debug("Requesting %s", fwd_desc); + debug("Requesting %s %s", + cancel_flag ? "cancellation of" : "forwarding of", fwd_desc); xfree(fwd_desc); buffer_init(&m); - buffer_put_int(&m, MUX_C_OPEN_FWD); + buffer_put_int(&m, cancel_flag ? MUX_C_CLOSE_FWD : MUX_C_OPEN_FWD); buffer_put_int(&m, muxclient_request_id); buffer_put_int(&m, ftype); buffer_put_cstring(&m, @@ -1514,6 +1644,8 @@ mux_client_request_forward(int fd, u_int ftype, Forward *fwd) case MUX_S_OK: break; case MUX_S_REMOTE_PORT: + if (cancel_flag) + fatal("%s: got MUX_S_REMOTE_PORT for cancel", __func__); fwd->allocated_port = buffer_get_int(&m); logit("Allocated port %u for remote forward to %s:%d", fwd->allocated_port, @@ -1543,27 +1675,28 @@ mux_client_request_forward(int fd, u_int ftype, Forward *fwd) } static int -mux_client_request_forwards(int fd) +mux_client_forwards(int fd, int cancel_flag) { - int i; + int i, ret = 0; - debug3("%s: requesting forwardings: %d local, %d remote", __func__, + debug3("%s: %s forwardings: %d local, %d remote", __func__, + cancel_flag ? "cancel" : "request", options.num_local_forwards, options.num_remote_forwards); /* XXX ExitOnForwardingFailure */ for (i = 0; i < options.num_local_forwards; i++) { - if (mux_client_request_forward(fd, + if (mux_client_forward(fd, cancel_flag, options.local_forwards[i].connect_port == 0 ? MUX_FWD_DYNAMIC : MUX_FWD_LOCAL, options.local_forwards + i) != 0) - return -1; + ret = -1; } for (i = 0; i < options.num_remote_forwards; i++) { - if (mux_client_request_forward(fd, MUX_FWD_REMOTE, + if (mux_client_forward(fd, cancel_flag, MUX_FWD_REMOTE, options.remote_forwards + i) != 0) - return -1; + ret = -1; } - return 0; + return ret; } static int @@ -1573,7 +1706,7 @@ mux_client_request_session(int fd) char *e, *term; u_int i, rid, sid, esid, exitval, type, exitval_seen; extern char **environ; - int devnull; + int devnull, rawmode; debug3("%s: entering", __func__); @@ -1669,8 +1802,9 @@ mux_client_request_session(int fd) signal(SIGTERM, control_client_sighandler); signal(SIGWINCH, control_client_sigrelay); + rawmode = tty_flag; if (tty_flag) - enter_raw_mode(force_tty_flag); + enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE); /* * Stick around until the controlee closes the client_fd. @@ -1684,22 +1818,35 @@ mux_client_request_session(int fd) if (mux_client_read_packet(fd, &m) != 0) break; type = buffer_get_int(&m); - if (type != MUX_S_EXIT_MESSAGE) { + switch (type) { + case MUX_S_TTY_ALLOC_FAIL: + if ((esid = buffer_get_int(&m)) != sid) + fatal("%s: tty alloc fail on unknown session: " + "my id %u theirs %u", + __func__, sid, esid); + leave_raw_mode(options.request_tty == + REQUEST_TTY_FORCE); + rawmode = 0; + continue; + case MUX_S_EXIT_MESSAGE: + if ((esid = buffer_get_int(&m)) != sid) + fatal("%s: exit on unknown session: " + "my id %u theirs %u", + __func__, sid, esid); + if (exitval_seen) + fatal("%s: exitval sent twice", __func__); + exitval = buffer_get_int(&m); + exitval_seen = 1; + continue; + default: e = buffer_get_string(&m, NULL); fatal("%s: master returned error: %s", __func__, e); } - if ((esid = buffer_get_int(&m)) != sid) - fatal("%s: exit on unknown session: my id %u theirs %u", - __func__, sid, esid); - debug("%s: master session id: %u", __func__, sid); - if (exitval_seen) - fatal("%s: exitval sent twice", __func__); - exitval = buffer_get_int(&m); - exitval_seen = 1; } close(fd); - leave_raw_mode(force_tty_flag); + if (rawmode) + leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE); if (muxclient_terminate) { debug2("Exiting on signal %d", muxclient_terminate); @@ -1813,6 +1960,50 @@ mux_client_request_stdio_fwd(int fd) fatal("%s: master returned unexpected message %u", __func__, type); } +static void +mux_client_request_stop_listening(int fd) +{ + Buffer m; + char *e; + u_int type, rid; + + debug3("%s: entering", __func__); + + buffer_init(&m); + buffer_put_int(&m, MUX_C_STOP_LISTENING); + buffer_put_int(&m, muxclient_request_id); + + if (mux_client_write_packet(fd, &m) != 0) + fatal("%s: write packet: %s", __func__, strerror(errno)); + + buffer_clear(&m); + + /* Read their reply */ + if (mux_client_read_packet(fd, &m) != 0) + fatal("%s: read from master failed: %s", + __func__, strerror(errno)); + + type = buffer_get_int(&m); + if ((rid = buffer_get_int(&m)) != muxclient_request_id) + fatal("%s: out of sequence reply: my id %u theirs %u", + __func__, muxclient_request_id, rid); + switch (type) { + case MUX_S_OK: + break; + case MUX_S_PERMISSION_DENIED: + e = buffer_get_string(&m, NULL); + fatal("Master refused stop listening request: %s", e); + case MUX_S_FAILURE: + e = buffer_get_string(&m, NULL); + fatal("%s: stop listening request failed: %s", __func__, e); + default: + fatal("%s: unexpected response from master 0x%08x", + __func__, type); + } + buffer_free(&m); + muxclient_request_id++; +} + /* Multiplex client main loop. */ void muxclient(const char *path) @@ -1893,11 +2084,11 @@ muxclient(const char *path) fprintf(stderr, "Exit request sent.\r\n"); exit(0); case SSHMUX_COMMAND_FORWARD: - if (mux_client_request_forwards(sock) != 0) + if (mux_client_forwards(sock, 0) != 0) fatal("%s: master forward request failed", __func__); exit(0); case SSHMUX_COMMAND_OPEN: - if (mux_client_request_forwards(sock) != 0) { + if (mux_client_forwards(sock, 0) != 0) { error("%s: master forward request failed", __func__); return; } @@ -1906,6 +2097,15 @@ muxclient(const char *path) case SSHMUX_COMMAND_STDIO_FWD: mux_client_request_stdio_fwd(sock); exit(0); + case SSHMUX_COMMAND_STOP: + mux_client_request_stop_listening(sock); + fprintf(stderr, "Stop listening request sent.\r\n"); + exit(0); + case SSHMUX_COMMAND_CANCEL_FWD: + if (mux_client_forwards(sock, 1) != 0) + error("%s: master cancel forward request failed", + __func__); + exit(0); default: fatal("unrecognised muxclient_command %d", muxclient_command); } diff --git a/crypto/openssh/myproposal.h b/crypto/openssh/myproposal.h index 30948c2f9..876b0163f 100644 --- a/crypto/openssh/myproposal.h +++ b/crypto/openssh/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.27 2010/09/01 22:42:13 djm Exp $ */ +/* $OpenBSD: myproposal.h,v 1.29 2012/06/28 05:07:45 dtucker Exp $ */ /* $FreeBSD$ */ /* @@ -80,10 +80,23 @@ #define KEX_ENCRYPT_INCLUDE_NONE KEX_DEFAULT_ENCRYPT \ ",none" #endif +#ifdef HAVE_EVP_SHA256 +#define SHA2_HMAC_MODES \ + "hmac-sha2-256," \ + "hmac-sha2-512," +#else +# define SHA2_HMAC_MODES +#endif #define KEX_DEFAULT_MAC \ - "hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160," \ + "hmac-md5," \ + "hmac-sha1," \ + "umac-64@openssh.com," \ + SHA2_HMAC_MODES \ + "hmac-ripemd160," \ "hmac-ripemd160@openssh.com," \ - "hmac-sha1-96,hmac-md5-96" + "hmac-sha1-96," \ + "hmac-md5-96" + #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" #define KEX_DEFAULT_LANG "" diff --git a/crypto/openssh/openbsd-compat/bsd-cygwin_util.c b/crypto/openssh/openbsd-compat/bsd-cygwin_util.c index e9fa3a0e2..6befc016f 100644 --- a/crypto/openssh/openbsd-compat/bsd-cygwin_util.c +++ b/crypto/openssh/openbsd-compat/bsd-cygwin_util.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2001, Corinna Vinschen + * Copyright (c) 2000, 2001, 2011 Corinna Vinschen * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -34,9 +34,6 @@ #if defined(open) && open == binary_open # undef open #endif -#if defined(pipe) && open == binary_pipe -# undef pipe -#endif #include @@ -59,18 +56,6 @@ binary_open(const char *filename, int flags, ...) return (open(filename, flags | O_BINARY, mode)); } -int -binary_pipe(int fd[2]) -{ - int ret = pipe(fd); - - if (!ret) { - setmode(fd[0], O_BINARY); - setmode(fd[1], O_BINARY); - } - return (ret); -} - int check_ntsec(const char *filename) { @@ -91,6 +76,7 @@ static struct wenv { { NL("OS=") }, { NL("PATH=") }, { NL("PATHEXT=") }, + { NL("PROGRAMFILES=") }, { NL("SYSTEMDRIVE=") }, { NL("SYSTEMROOT=") }, { NL("WINDIR=") } diff --git a/crypto/openssh/openbsd-compat/bsd-cygwin_util.h b/crypto/openssh/openbsd-compat/bsd-cygwin_util.h index 39b8eb788..b4bcd04b7 100644 --- a/crypto/openssh/openbsd-compat/bsd-cygwin_util.h +++ b/crypto/openssh/openbsd-compat/bsd-cygwin_util.h @@ -1,7 +1,7 @@ -/* $Id: bsd-cygwin_util.h,v 1.12 2009/03/08 00:40:28 dtucker Exp $ */ +/* $Id: bsd-cygwin_util.h,v 1.15 2012/08/28 09:57:19 dtucker Exp $ */ /* - * Copyright (c) 2000, 2001, Corinna Vinschen + * Copyright (c) 2000, 2001, 2011 Corinna Vinschen * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -36,18 +36,24 @@ #undef ERROR +#define WIN32_LEAN_AND_MEAN + #include #include #include +/* Make sure _WIN32 isn't defined later in the code, otherwise headers from + other packages might get the wrong idea about the target system. */ +#ifdef _WIN32 +#undef _WIN32 +#endif + int binary_open(const char *, int , ...); -int binary_pipe(int fd[2]); int check_ntsec(const char *); char **fetch_windows_environment(void); void free_windows_environment(char **); #define open binary_open -#define pipe binary_pipe #endif /* HAVE_CYGWIN */ diff --git a/crypto/openssh/openbsd-compat/bsd-misc.h b/crypto/openssh/openbsd-compat/bsd-misc.h index e70c3f9e9..eac5217ca 100644 --- a/crypto/openssh/openbsd-compat/bsd-misc.h +++ b/crypto/openssh/openbsd-compat/bsd-misc.h @@ -1,4 +1,4 @@ -/* $Id: bsd-misc.h,v 1.19 2010/11/08 22:26:23 tim Exp $ */ +/* $Id: bsd-misc.h,v 1.21 2012/07/03 22:50:10 dtucker Exp $ */ /* * Copyright (c) 1999-2004 Damien Miller @@ -51,6 +51,9 @@ int setegid(uid_t); const char *strerror(int); #endif +#if !defined(HAVE_SETLINEBUF) +#define setlinebuf(a) (setvbuf((a), NULL, _IOLBF, 0)) +#endif #ifndef HAVE_UTIMES #ifndef HAVE_STRUCT_TIMEVAL @@ -86,7 +89,7 @@ int tcsendbreak(int, int); #endif #ifndef HAVE_UNSETENV -void unsetenv(const char *); +int unsetenv(const char *); #endif /* wrapper for signal interface */ diff --git a/crypto/openssh/openbsd-compat/getcwd.c b/crypto/openssh/openbsd-compat/getcwd.c index 711cb9cd5..3edbb9cba 100644 --- a/crypto/openssh/openbsd-compat/getcwd.c +++ b/crypto/openssh/openbsd-compat/getcwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getcwd.c,v 1.14 2005/08/08 08:05:34 espie Exp $ */ +/* from OpenBSD: getcwd.c,v 1.14 2005/08/08 08:05:34 espie Exp */ /* * Copyright (c) 1989, 1991, 1993 * The Regents of the University of California. All rights reserved. diff --git a/crypto/openssh/openbsd-compat/getgrouplist.c b/crypto/openssh/openbsd-compat/getgrouplist.c index a57d7d388..3afcb9281 100644 --- a/crypto/openssh/openbsd-compat/getgrouplist.c +++ b/crypto/openssh/openbsd-compat/getgrouplist.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getgrouplist.c,v 1.12 2005/08/08 08:05:34 espie Exp $ */ +/* from OpenBSD: getgrouplist.c,v 1.12 2005/08/08 08:05:34 espie Exp */ /* * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. diff --git a/crypto/openssh/openbsd-compat/getrrsetbyname.c b/crypto/openssh/openbsd-compat/getrrsetbyname.c index 98876673d..dc6fe0533 100644 --- a/crypto/openssh/openbsd-compat/getrrsetbyname.c +++ b/crypto/openssh/openbsd-compat/getrrsetbyname.c @@ -47,7 +47,7 @@ #include "includes.h" -#ifndef HAVE_GETRRSETBYNAME +#if !defined (HAVE_GETRRSETBYNAME) && !defined (HAVE_LDNS) #include #include @@ -607,4 +607,4 @@ count_dns_rr(struct dns_rr *p, u_int16_t class, u_int16_t type) return (n); } -#endif /* !defined(HAVE_GETRRSETBYNAME) */ +#endif /* !defined (HAVE_GETRRSETBYNAME) && !defined (HAVE_LDNS) */ diff --git a/crypto/openssh/openbsd-compat/glob.c b/crypto/openssh/openbsd-compat/glob.c index 0341225cd..742b4b954 100644 --- a/crypto/openssh/openbsd-compat/glob.c +++ b/crypto/openssh/openbsd-compat/glob.c @@ -1,4 +1,4 @@ -/* $OpenBSD: glob.c,v 1.35 2011/01/12 01:53:14 djm Exp $ */ +/* $OpenBSD: glob.c,v 1.38 2011/09/22 06:27:29 djm Exp $ */ /* * Copyright (c) 1989, 1993 * The Regents of the University of California. All rights reserved. @@ -66,6 +66,7 @@ #include #include #include +#include #include #include #include @@ -132,13 +133,22 @@ typedef char Char; #define GLOB_LIMIT_STAT 128 #define GLOB_LIMIT_READDIR 16384 +/* Limit of recursion during matching attempts. */ +#define GLOB_LIMIT_RECUR 64 + struct glob_lim { size_t glim_malloc; size_t glim_stat; size_t glim_readdir; }; +struct glob_path_stat { + char *gps_path; + struct stat *gps_stat; +}; + static int compare(const void *, const void *); +static int compare_gps(const void *, const void *); static int g_Ctoc(const Char *, char *, u_int); static int g_lstat(Char *, struct stat *, glob_t *); static DIR *g_opendir(Char *, glob_t *); @@ -158,7 +168,7 @@ static const Char * static int globexp1(const Char *, glob_t *, struct glob_lim *); static int globexp2(const Char *, const Char *, glob_t *, struct glob_lim *); -static int match(Char *, Char *, Char *); +static int match(Char *, Char *, Char *, int); #ifdef DEBUG static void qprintf(const char *, Char *); #endif @@ -172,6 +182,9 @@ glob(const char *pattern, int flags, int (*errfunc)(const char *, int), Char *bufnext, *bufend, patbuf[MAXPATHLEN]; struct glob_lim limit = { 0, 0, 0 }; + if (strnlen(pattern, PATH_MAX) == PATH_MAX) + return(GLOB_NOMATCH); + patnext = (u_char *) pattern; if (!(flags & GLOB_APPEND)) { pglob->gl_pathc = 0; @@ -548,9 +561,32 @@ glob0(const Char *pattern, glob_t *pglob, struct glob_lim *limitp) else return(GLOB_NOMATCH); } - if (!(pglob->gl_flags & GLOB_NOSORT)) - qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc, - pglob->gl_pathc - oldpathc, sizeof(char *), compare); + if (!(pglob->gl_flags & GLOB_NOSORT)) { + if ((pglob->gl_flags & GLOB_KEEPSTAT)) { + /* Keep the paths and stat info synced during sort */ + struct glob_path_stat *path_stat; + int i; + int n = pglob->gl_pathc - oldpathc; + int o = pglob->gl_offs + oldpathc; + + if ((path_stat = calloc(n, sizeof(*path_stat))) == NULL) + return GLOB_NOSPACE; + for (i = 0; i < n; i++) { + path_stat[i].gps_path = pglob->gl_pathv[o + i]; + path_stat[i].gps_stat = pglob->gl_statv[o + i]; + } + qsort(path_stat, n, sizeof(*path_stat), compare_gps); + for (i = 0; i < n; i++) { + pglob->gl_pathv[o + i] = path_stat[i].gps_path; + pglob->gl_statv[o + i] = path_stat[i].gps_stat; + } + free(path_stat); + } else { + qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc, + pglob->gl_pathc - oldpathc, sizeof(char *), + compare); + } + } return(0); } @@ -560,6 +596,15 @@ compare(const void *p, const void *q) return(strcmp(*(char **)p, *(char **)q)); } +static int +compare_gps(const void *_p, const void *_q) +{ + const struct glob_path_stat *p = (const struct glob_path_stat *)_p; + const struct glob_path_stat *q = (const struct glob_path_stat *)_q; + + return(strcmp(p->gps_path, q->gps_path)); +} + static int glob1(Char *pattern, Char *pattern_last, glob_t *pglob, struct glob_lim *limitp) { @@ -697,7 +742,8 @@ glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, errno = 0; *pathend++ = SEP; *pathend = EOS; - return(GLOB_NOSPACE); + err = GLOB_NOSPACE; + break; } /* Initial DOT must be matched literally. */ @@ -713,7 +759,7 @@ glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last, break; } - if (!match(pathend, pattern, restpattern)) { + if (!match(pathend, pattern, restpattern, GLOB_LIMIT_RECUR)) { *pathend = EOS; continue; } @@ -850,19 +896,24 @@ globextend(const Char *path, glob_t *pglob, struct glob_lim *limitp, * pattern causes a recursion level. */ static int -match(Char *name, Char *pat, Char *patend) +match(Char *name, Char *pat, Char *patend, int recur) { int ok, negate_range; Char c, k; + if (recur-- == 0) + return(GLOB_NOSPACE); + while (pat < patend) { c = *pat++; switch (c & M_MASK) { case M_ALL: + while (pat < patend && (*pat & M_MASK) == M_ALL) + pat++; /* eat consecutive '*' */ if (pat == patend) return(1); do { - if (match(name, pat, patend)) + if (match(name, pat, patend, recur)) return(1); } while (*name++ != EOS); return(0); diff --git a/crypto/openssh/openbsd-compat/inet_ntop.c b/crypto/openssh/openbsd-compat/inet_ntop.c index e7ca4b7f8..3259037ba 100644 --- a/crypto/openssh/openbsd-compat/inet_ntop.c +++ b/crypto/openssh/openbsd-compat/inet_ntop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: inet_ntop.c,v 1.7 2005/08/06 20:30:03 espie Exp $ */ +/* $OpenBSD: inet_ntop.c,v 1.8 2008/12/09 19:38:38 otto Exp $ */ /* Copyright (c) 1996 by Internet Software Consortium. * @@ -57,13 +57,13 @@ static const char *inet_ntop6(const u_char *src, char *dst, size_t size); * Paul Vixie, 1996. */ const char * -inet_ntop(int af, const void *src, char *dst, size_t size) +inet_ntop(int af, const void *src, char *dst, socklen_t size) { switch (af) { case AF_INET: - return (inet_ntop4(src, dst, size)); + return (inet_ntop4(src, dst, (size_t)size)); case AF_INET6: - return (inet_ntop6(src, dst, size)); + return (inet_ntop6(src, dst, (size_t)size)); default: errno = EAFNOSUPPORT; return (NULL); diff --git a/crypto/openssh/openbsd-compat/mktemp.c b/crypto/openssh/openbsd-compat/mktemp.c index 2285c84df..4eb52f421 100644 --- a/crypto/openssh/openbsd-compat/mktemp.c +++ b/crypto/openssh/openbsd-compat/mktemp.c @@ -1,34 +1,22 @@ /* THIS FILE HAS BEEN MODIFIED FROM THE ORIGINAL OPENBSD SOURCE */ /* Changes: Removed mktemp */ -/* $OpenBSD: mktemp.c,v 1.19 2005/08/08 08:05:36 espie Exp $ */ +/* $OpenBSD: mktemp.c,v 1.30 2010/03/21 23:09:30 schwarze Exp $ */ /* - * Copyright (c) 1987, 1993 - * The Regents of the University of California. All rights reserved. + * Copyright (c) 1996-1998, 2008 Theo de Raadt + * Copyright (c) 1997, 2008-2009 Todd C. Miller * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* OPENBSD ORIGINAL: lib/libc/stdio/mktemp.c */ @@ -37,142 +25,117 @@ #include #include - +#include #include +#include +#include +#include +#include #include -#include #include #if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) -static int _gettemp(char *, int *, int, int); +#define MKTEMP_NAME 0 +#define MKTEMP_FILE 1 +#define MKTEMP_DIR 2 -int -mkstemps(char *path, int slen) +#define TEMPCHARS "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" +#define NUM_CHARS (sizeof(TEMPCHARS) - 1) + +static int +mktemp_internal(char *path, int slen, int mode) { + char *start, *cp, *ep; + const char *tempchars = TEMPCHARS; + unsigned int r, tries; + struct stat sb; + size_t len; int fd; - return (_gettemp(path, &fd, 0, slen) ? fd : -1); + len = strlen(path); + if (len == 0 || slen < 0 || (size_t)slen >= len) { + errno = EINVAL; + return(-1); + } + ep = path + len - slen; + + tries = 1; + for (start = ep; start > path && start[-1] == 'X'; start--) { + if (tries < INT_MAX / NUM_CHARS) + tries *= NUM_CHARS; + } + tries *= 2; + + do { + for (cp = start; cp != ep; cp++) { + r = arc4random_uniform(NUM_CHARS); + *cp = tempchars[r]; + } + + switch (mode) { + case MKTEMP_NAME: + if (lstat(path, &sb) != 0) + return(errno == ENOENT ? 0 : -1); + break; + case MKTEMP_FILE: + fd = open(path, O_CREAT|O_EXCL|O_RDWR, S_IRUSR|S_IWUSR); + if (fd != -1 || errno != EEXIST) + return(fd); + break; + case MKTEMP_DIR: + if (mkdir(path, S_IRUSR|S_IWUSR|S_IXUSR) == 0) + return(0); + if (errno != EEXIST) + return(-1); + break; + } + } while (--tries); + + errno = EEXIST; + return(-1); } -int -mkstemp(char *path) -{ - int fd; +#if 0 +char *_mktemp(char *); - return (_gettemp(path, &fd, 0, 0) ? fd : -1); +char * +_mktemp(char *path) +{ + if (mktemp_internal(path, 0, MKTEMP_NAME) == -1) + return(NULL); + return(path); } +__warn_references(mktemp, + "warning: mktemp() possibly used unsafely; consider using mkstemp()"); + char * -mkdtemp(char *path) +mktemp(char *path) { - return(_gettemp(path, (int *)NULL, 1, 0) ? path : (char *)NULL); + return(_mktemp(path)); } +#endif -static int -_gettemp(path, doopen, domkdir, slen) - char *path; - register int *doopen; - int domkdir; - int slen; +int +mkstemp(char *path) { - register char *start, *trv, *suffp; - struct stat sbuf; - int rval; - pid_t pid; + return(mktemp_internal(path, 0, MKTEMP_FILE)); +} - if (doopen && domkdir) { - errno = EINVAL; - return(0); - } +int +mkstemps(char *path, int slen) +{ + return(mktemp_internal(path, slen, MKTEMP_FILE)); +} - for (trv = path; *trv; ++trv) - ; - trv -= slen; - suffp = trv; - --trv; - if (trv < path) { - errno = EINVAL; - return (0); - } - pid = getpid(); - while (trv >= path && *trv == 'X' && pid != 0) { - *trv-- = (pid % 10) + '0'; - pid /= 10; - } - while (trv >= path && *trv == 'X') { - char c; - - pid = (arc4random() & 0xffff) % (26+26); - if (pid < 26) - c = pid + 'A'; - else - c = (pid - 26) + 'a'; - *trv-- = c; - } - start = trv + 1; - - /* - * check the target directory; if you have six X's and it - * doesn't exist this runs for a *very* long time. - */ - if (doopen || domkdir) { - for (;; --trv) { - if (trv <= path) - break; - if (*trv == '/') { - *trv = '\0'; - rval = stat(path, &sbuf); - *trv = '/'; - if (rval != 0) - return(0); - if (!S_ISDIR(sbuf.st_mode)) { - errno = ENOTDIR; - return(0); - } - break; - } - } - } +char * +mkdtemp(char *path) +{ + int error; - for (;;) { - if (doopen) { - if ((*doopen = - open(path, O_CREAT|O_EXCL|O_RDWR, 0600)) >= 0) - return(1); - if (errno != EEXIST) - return(0); - } else if (domkdir) { - if (mkdir(path, 0700) == 0) - return(1); - if (errno != EEXIST) - return(0); - } else if (lstat(path, &sbuf)) - return(errno == ENOENT ? 1 : 0); - - /* tricky little algorithm for backward compatibility */ - for (trv = start;;) { - if (!*trv) - return (0); - if (*trv == 'Z') { - if (trv == suffp) - return (0); - *trv++ = 'a'; - } else { - if (isdigit(*trv)) - *trv = 'a'; - else if (*trv == 'z') /* inc from z to A */ - *trv = 'A'; - else { - if (trv == suffp) - return (0); - ++*trv; - } - break; - } - } - } - /*NOTREACHED*/ + error = mktemp_internal(path, 0, MKTEMP_DIR); + return(error ? NULL : path); } #endif /* !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) */ diff --git a/crypto/openssh/openbsd-compat/openbsd-compat.h b/crypto/openssh/openbsd-compat/openbsd-compat.h index 77c5ed2b1..807acf626 100644 --- a/crypto/openssh/openbsd-compat/openbsd-compat.h +++ b/crypto/openssh/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.51 2010/10/07 10:25:29 djm Exp $ */ +/* $Id: openbsd-compat.h,v 1.52 2011/09/23 01:16:11 djm Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -116,7 +116,7 @@ char *inet_ntoa(struct in_addr in); #endif #ifndef HAVE_INET_NTOP -const char *inet_ntop(int af, const void *src, char *dst, size_t size); +const char *inet_ntop(int af, const void *src, char *dst, socklen_t size); #endif #ifndef HAVE_INET_ATON diff --git a/crypto/openssh/openbsd-compat/openssl-compat.c b/crypto/openssh/openbsd-compat/openssl-compat.c index b617fdf19..5189cab61 100644 --- a/crypto/openssh/openbsd-compat/openssl-compat.c +++ b/crypto/openssh/openbsd-compat/openssl-compat.c @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.c,v 1.13 2011/01/21 22:37:06 dtucker Exp $ */ +/* $Id: openssl-compat.c,v 1.14 2011/05/10 01:13:38 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -134,9 +134,9 @@ RSA_get_default_method(void) #ifdef USE_OPENSSL_ENGINE void -ssh_SSLeay_add_all_algorithms(void) +ssh_OpenSSL_add_all_algorithms(void) { - SSLeay_add_all_algorithms(); + OpenSSL_add_all_algorithms(); /* Enable use of crypto hardware */ ENGINE_load_builtin_engines(); diff --git a/crypto/openssh/openbsd-compat/openssl-compat.h b/crypto/openssh/openbsd-compat/openssl-compat.h index 6d4f3f215..a151eff38 100644 --- a/crypto/openssh/openbsd-compat/openssl-compat.h +++ b/crypto/openssh/openbsd-compat/openssl-compat.h @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.h,v 1.18 2011/01/21 22:37:06 dtucker Exp $ */ +/* $Id: openssl-compat.h,v 1.20 2012/01/17 03:03:39 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -106,10 +106,10 @@ RSA_METHOD *RSA_get_default_method(void); # endif # ifdef USE_OPENSSL_ENGINE -# ifdef SSLeay_add_all_algorithms -# undef SSLeay_add_all_algorithms +# ifdef OpenSSL_add_all_algorithms +# undef OpenSSL_add_all_algorithms # endif -# define SSLeay_add_all_algorithms() ssh_SSLeay_add_all_algorithms() +# define OpenSSL_add_all_algorithms() ssh_OpenSSL_add_all_algorithms() # endif # ifndef HAVE_BN_IS_PRIME_EX @@ -129,6 +129,11 @@ int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *, unsigned char *, int); int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int); int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); -void ssh_SSLeay_add_all_algorithms(void); +void ssh_OpenSSL_add_all_algorithms(void); + +# ifndef HAVE_HMAC_CTX_INIT +# define HMAC_CTX_init(a) +# endif + #endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */ diff --git a/crypto/openssh/openbsd-compat/port-linux.c b/crypto/openssh/openbsd-compat/port-linux.c index fe6fc2d84..aba75387c 100644 --- a/crypto/openssh/openbsd-compat/port-linux.c +++ b/crypto/openssh/openbsd-compat/port-linux.c @@ -1,4 +1,4 @@ -/* $Id: port-linux.c,v 1.11.4.3 2011/02/06 02:24:17 dtucker Exp $ */ +/* $Id: port-linux.c,v 1.17 2012/03/08 23:25:18 djm Exp $ */ /* * Copyright (c) 2005 Daniel Walsh @@ -38,6 +38,10 @@ #include #include +#ifndef SSH_SELINUX_UNCONFINED_TYPE +# define SSH_SELINUX_UNCONFINED_TYPE ":unconfined_t:" +#endif + /* Wrapper around is_selinux_enabled() to log its return value once only */ int ssh_selinux_enabled(void) @@ -56,7 +60,7 @@ ssh_selinux_enabled(void) static security_context_t ssh_selinux_getctxbyname(char *pwname) { - security_context_t sc; + security_context_t sc = NULL; char *sename = NULL, *lvl = NULL; int r; @@ -82,6 +86,7 @@ ssh_selinux_getctxbyname(char *pwname) case 0: error("%s: Failed to get default SELinux security " "context for %s", __func__, pwname); + sc = NULL; break; default: fatal("%s: Failed to get default SELinux security " @@ -97,7 +102,7 @@ ssh_selinux_getctxbyname(char *pwname) xfree(lvl); #endif - return (sc); + return sc; } /* Set the execution context to the default for the specified user */ @@ -177,12 +182,13 @@ ssh_selinux_change_context(const char *newname) { int len, newlen; char *oldctx, *newctx, *cx; + void (*switchlog) (const char *fmt,...) = logit; if (!ssh_selinux_enabled()) return; if (getcon((security_context_t *)&oldctx) < 0) { - logit("%s: getcon failed with %s", __func__, strerror (errno)); + logit("%s: getcon failed with %s", __func__, strerror(errno)); return; } if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) == @@ -191,6 +197,14 @@ ssh_selinux_change_context(const char *newname) return; } + /* + * Check whether we are attempting to switch away from an unconfined + * security context. + */ + if (strncmp(cx, SSH_SELINUX_UNCONFINED_TYPE, + sizeof(SSH_SELINUX_UNCONFINED_TYPE) - 1) == 0) + switchlog = debug3; + newlen = strlen(oldctx) + strlen(newname) + 1; newctx = xmalloc(newlen); len = cx - oldctx + 1; @@ -198,10 +212,11 @@ ssh_selinux_change_context(const char *newname) strlcpy(newctx + len, newname, newlen - len); if ((cx = index(cx + 1, ':'))) strlcat(newctx, cx, newlen); - debug3("%s: setting context from '%s' to '%s'", __func__, oldctx, - newctx); + debug3("%s: setting context from '%s' to '%s'", __func__, + oldctx, newctx); if (setcon(newctx) < 0) - logit("%s: setcon failed with %s", __func__, strerror (errno)); + switchlog("%s: setcon %s from %s failed with %s", __func__, + newctx, oldctx, strerror(errno)); xfree(oldctx); xfree(newctx); } diff --git a/crypto/openssh/openbsd-compat/port-linux.h b/crypto/openssh/openbsd-compat/port-linux.h index c2f618400..e3d1004aa 100644 --- a/crypto/openssh/openbsd-compat/port-linux.h +++ b/crypto/openssh/openbsd-compat/port-linux.h @@ -1,4 +1,4 @@ -/* $Id: port-linux.h,v 1.4.10.1 2011/02/04 00:42:21 djm Exp $ */ +/* $Id: port-linux.h,v 1.5 2011/01/25 01:16:18 djm Exp $ */ /* * Copyright (c) 2006 Damien Miller diff --git a/crypto/openssh/openbsd-compat/setenv.c b/crypto/openssh/openbsd-compat/setenv.c index e2a8b6dd3..373b701d9 100644 --- a/crypto/openssh/openbsd-compat/setenv.c +++ b/crypto/openssh/openbsd-compat/setenv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: setenv.c,v 1.9 2005/08/08 08:05:37 espie Exp $ */ +/* $OpenBSD: setenv.c,v 1.13 2010/08/23 22:31:50 millert Exp $ */ /* * Copyright (c) 1987 Regents of the University of California. * All rights reserved. @@ -31,35 +31,38 @@ /* OPENBSD ORIGINAL: lib/libc/stdlib/setenv.c */ #include "includes.h" + #if !defined(HAVE_SETENV) || !defined(HAVE_UNSETENV) +#include #include #include extern char **environ; +static char **lastenv; /* last value of environ */ /* OpenSSH Portable: __findenv is from getenv.c rev 1.8, made static */ /* * __findenv -- * Returns pointer to value associated with name, if any, else NULL. + * Starts searching within the environmental array at offset. * Sets offset to be the offset of the name/value combination in the - * environmental array, for use by setenv(3) and unsetenv(3). + * environmental array, for use by putenv(3), setenv(3) and unsetenv(3). * Explicitly removes '=' in argument name. + * + * This routine *should* be a static; don't use it. */ static char * -__findenv(const char *name, size_t *offset) +__findenv(const char *name, int len, int *offset) { extern char **environ; - int len, i; + int i; const char *np; char **p, *cp; if (name == NULL || environ == NULL) return (NULL); - for (np = name; *np && *np != '='; ++np) - ; - len = np - name; - for (p = environ; (cp = *p) != NULL; ++p) { + for (p = environ + *offset; (cp = *p) != NULL; ++p) { for (np = name, i = len; i && *cp; i--) if (*cp++ != *np++) break; @@ -71,6 +74,54 @@ __findenv(const char *name, size_t *offset) return (NULL); } +#if 0 /* nothing uses putenv */ +/* + * putenv -- + * Add a name=value string directly to the environmental, replacing + * any current value. + */ +int +putenv(char *str) +{ + char **P, *cp; + size_t cnt; + int offset = 0; + + for (cp = str; *cp && *cp != '='; ++cp) + ; + if (*cp != '=') { + errno = EINVAL; + return (-1); /* missing `=' in string */ + } + + if (__findenv(str, (int)(cp - str), &offset) != NULL) { + environ[offset++] = str; + /* could be set multiple times */ + while (__findenv(str, (int)(cp - str), &offset)) { + for (P = &environ[offset];; ++P) + if (!(*P = *(P + 1))) + break; + } + return (0); + } + + /* create new slot for string */ + for (P = environ; *P != NULL; P++) + ; + cnt = P - environ; + P = (char **)realloc(lastenv, sizeof(char *) * (cnt + 2)); + if (!P) + return (-1); + if (lastenv != environ) + memcpy(P, environ, cnt * sizeof(char *)); + lastenv = environ = P; + environ[cnt] = str; + environ[cnt + 1] = NULL; + return (0); +} + +#endif + #ifndef HAVE_SETENV /* * setenv -- @@ -80,24 +131,39 @@ __findenv(const char *name, size_t *offset) int setenv(const char *name, const char *value, int rewrite) { - static char **lastenv; /* last value of environ */ - char *C; - size_t l_value, offset; + char *C, **P; + const char *np; + int l_value, offset = 0; + + for (np = name; *np && *np != '='; ++np) + ; +#ifdef notyet + if (*np) { + errno = EINVAL; + return (-1); /* has `=' in name */ + } +#endif - if (*value == '=') /* no `=' in value */ - ++value; l_value = strlen(value); - if ((C = __findenv(name, &offset))) { /* find if already exists */ + if ((C = __findenv(name, (int)(np - name), &offset)) != NULL) { + int tmpoff = offset + 1; if (!rewrite) return (0); +#if 0 /* XXX - existing entry may not be writable */ if (strlen(C) >= l_value) { /* old larger; copy over */ while ((*C++ = *value++)) ; return (0); } +#endif + /* could be set multiple times */ + while (__findenv(name, (int)(np - name), &tmpoff)) { + for (P = &environ[tmpoff];; ++P) + if (!(*P = *(P + 1))) + break; + } } else { /* create new slot */ size_t cnt; - char **P; for (P = environ; *P != NULL; P++) ; @@ -111,10 +177,8 @@ setenv(const char *name, const char *value, int rewrite) offset = cnt; environ[cnt + 1] = NULL; } - for (C = (char *)name; *C && *C != '='; ++C) - ; /* no `=' in name */ if (!(environ[offset] = /* name + `=' + value */ - malloc((size_t)((int)(C - name) + l_value + 2)))) + malloc((size_t)((int)(np - name) + l_value + 2)))) return (-1); for (C = environ[offset]; (*C = *name++) && *C != '='; ++C) ; @@ -122,6 +186,7 @@ setenv(const char *name, const char *value, int rewrite) ; return (0); } + #endif /* HAVE_SETENV */ #ifndef HAVE_UNSETENV @@ -129,17 +194,33 @@ setenv(const char *name, const char *value, int rewrite) * unsetenv(name) -- * Delete environmental variable "name". */ -void +int unsetenv(const char *name) { char **P; - size_t offset; + const char *np; + int offset = 0; - while (__findenv(name, &offset)) /* if set multiple times */ + if (!name || !*name) { + errno = EINVAL; + return (-1); + } + for (np = name; *np && *np != '='; ++np) + ; + if (*np) { + errno = EINVAL; + return (-1); /* has `=' in name */ + } + + /* could be set multiple times */ + while (__findenv(name, (int)(np - name), &offset)) { for (P = &environ[offset];; ++P) if (!(*P = *(P + 1))) break; + } + return (0); } #endif /* HAVE_UNSETENV */ #endif /* !defined(HAVE_SETENV) || !defined(HAVE_UNSETENV) */ + diff --git a/crypto/openssh/openbsd-compat/sha2.c b/crypto/openssh/openbsd-compat/sha2.c old mode 100755 new mode 100644 index cf8e0ad66..f5bf74d1f --- a/crypto/openssh/openbsd-compat/sha2.c +++ b/crypto/openssh/openbsd-compat/sha2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sha2.c,v 1.11 2005/08/08 08:05:35 espie Exp $ */ +/* from OpenBSD: sha2.c,v 1.11 2005/08/08 08:05:35 espie Exp */ /* * FILE: sha2.c diff --git a/crypto/openssh/openbsd-compat/sha2.h b/crypto/openssh/openbsd-compat/sha2.h old mode 100755 new mode 100644 index 821f2dd6c..73e94f150 --- a/crypto/openssh/openbsd-compat/sha2.h +++ b/crypto/openssh/openbsd-compat/sha2.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sha2.h,v 1.6 2004/06/22 01:57:30 jfb Exp $ */ +/* OpenBSD: sha2.h,v 1.6 2004/06/22 01:57:30 jfb Exp */ /* * FILE: sha2.h diff --git a/crypto/openssh/openbsd-compat/strlcpy.c b/crypto/openssh/openbsd-compat/strlcpy.c index 679a5b291..b4b1b6015 100644 --- a/crypto/openssh/openbsd-compat/strlcpy.c +++ b/crypto/openssh/openbsd-compat/strlcpy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: strlcpy.c,v 1.10 2005/08/08 08:05:37 espie Exp $ */ +/* $OpenBSD: strlcpy.c,v 1.11 2006/05/05 15:27:38 millert Exp $ */ /* * Copyright (c) 1998 Todd C. Miller @@ -37,11 +37,11 @@ strlcpy(char *dst, const char *src, size_t siz) size_t n = siz; /* Copy as many bytes as will fit */ - if (n != 0 && --n != 0) { - do { - if ((*d++ = *s++) == 0) + if (n != 0) { + while (--n != 0) { + if ((*d++ = *s++) == '\0') break; - } while (--n != 0); + } } /* Not enough room in dst, add NUL and traverse rest of src */ diff --git a/crypto/openssh/packet.c b/crypto/openssh/packet.c index 6f2bdc390..6fee80c9b 100644 --- a/crypto/openssh/packet.c +++ b/crypto/openssh/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.172 2010/11/13 23:27:50 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.176 2012/01/25 19:40:09 markus Exp $ */ /* $FreeBSD$ */ /* * Author: Tatu Ylonen @@ -246,7 +246,7 @@ packet_set_connection(int fd_in, int fd_out) void packet_set_timeout(int timeout, int count) { - if (timeout == 0 || count == 0) { + if (timeout <= 0 || count <= 0) { active_state->packet_timeout_ms = -1; return; } @@ -426,10 +426,8 @@ packet_set_state(int mode, u_int32_t seqnr, u_int64_t blocks, u_int32_t packets, state->bytes = bytes; } -/* returns 1 if connection is via ipv4 */ - -int -packet_connection_is_ipv4(void) +static int +packet_connection_af(void) { struct sockaddr_storage to; socklen_t tolen = sizeof(to); @@ -438,14 +436,12 @@ packet_connection_is_ipv4(void) if (getsockname(active_state->connection_out, (struct sockaddr *)&to, &tolen) < 0) return 0; - if (to.ss_family == AF_INET) - return 1; #ifdef IPV4_IN_IPV6 if (to.ss_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&to)->sin6_addr)) - return 1; + return AF_INET; #endif - return 0; + return to.ss_family; } /* Sets the connection into non-blocking mode. */ @@ -978,8 +974,10 @@ packet_send2(void) /* during rekeying we can only send key exchange messages */ if (active_state->rekeying) { - if (!((type >= SSH2_MSG_TRANSPORT_MIN) && - (type <= SSH2_MSG_TRANSPORT_MAX))) { + if ((type < SSH2_MSG_TRANSPORT_MIN) || + (type > SSH2_MSG_TRANSPORT_MAX) || + (type == SSH2_MSG_SERVICE_REQUEST) || + (type == SSH2_MSG_SERVICE_ACCEPT)) { debug("enqueue packet: %u", type); p = xmalloc(sizeof(*p)); p->type = type; @@ -1271,6 +1269,7 @@ packet_read_poll2(u_int32_t *seqnr_p) cipher_crypt(&active_state->receive_context, cp, buffer_ptr(&active_state->input), block_size); cp = buffer_ptr(&active_state->incoming_packet); + active_state->packlen = get_u32(cp); if (active_state->packlen < 1 + 4 || active_state->packlen > PACKET_MAX_SIZE) { @@ -1454,12 +1453,6 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p) } } -int -packet_read_poll(void) -{ - return packet_read_poll_seqnr(NULL); -} - /* * Buffers the given amount of input characters. This is intended to be used * together with packet_read_poll. @@ -1756,16 +1749,30 @@ packet_not_very_much_data_to_write(void) static void packet_set_tos(int tos) { -#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN) - if (!packet_connection_is_on_socket() || - !packet_connection_is_ipv4()) +#ifndef IP_TOS_IS_BROKEN + if (!packet_connection_is_on_socket()) return; - debug3("%s: set IP_TOS 0x%02x", __func__, tos); - if (setsockopt(active_state->connection_in, IPPROTO_IP, IP_TOS, &tos, - sizeof(tos)) < 0) - error("setsockopt IP_TOS %d: %.100s:", - tos, strerror(errno)); -#endif + switch (packet_connection_af()) { +# ifdef IP_TOS + case AF_INET: + debug3("%s: set IP_TOS 0x%02x", __func__, tos); + if (setsockopt(active_state->connection_in, + IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) < 0) + error("setsockopt IP_TOS %d: %.100s:", + tos, strerror(errno)); + break; +# endif /* IP_TOS */ +# ifdef IPV6_TCLASS + case AF_INET6: + debug3("%s: set IPV6_TCLASS 0x%02x", __func__, tos); + if (setsockopt(active_state->connection_in, + IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos)) < 0) + error("setsockopt IPV6_TCLASS %d: %.100s:", + tos, strerror(errno)); + break; +# endif /* IPV6_TCLASS */ + } +#endif /* IP_TOS_IS_BROKEN */ } /* Informs that the current session is interactive. Sets IP flags for that. */ diff --git a/crypto/openssh/packet.h b/crypto/openssh/packet.h index 16e33cdcd..74fffe715 100644 --- a/crypto/openssh/packet.h +++ b/crypto/openssh/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.55 2010/11/13 23:27:50 djm Exp $ */ +/* $OpenBSD: packet.h,v 1.57 2012/01/25 19:40:09 markus Exp $ */ /* $FreeBSD$ */ /* @@ -59,7 +59,6 @@ void packet_send(void); int packet_read(void); void packet_read_expect(int type); -int packet_read_poll(void); void packet_process_incoming(const char *buf, u_int len); int packet_read_seqnr(u_int32_t *seqnr_p); int packet_read_poll_seqnr(u_int32_t *seqnr_p); @@ -96,7 +95,6 @@ int packet_have_data_to_write(void); int packet_not_very_much_data_to_write(void); int packet_connection_is_on_socket(void); -int packet_connection_is_ipv4(void); int packet_remaining(void); void packet_send_ignore(int); void packet_add_padding(u_char); diff --git a/crypto/openssh/pathnames.h b/crypto/openssh/pathnames.h index 1b6e789b4..813af9a49 100644 --- a/crypto/openssh/pathnames.h +++ b/crypto/openssh/pathnames.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pathnames.h,v 1.20 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: pathnames.h,v 1.22 2011/05/23 03:30:07 djm Exp $ */ /* * Author: Tatu Ylonen diff --git a/crypto/openssh/readconf.c b/crypto/openssh/readconf.c index 17a93a641..122d76a38 100644 --- a/crypto/openssh/readconf.c +++ b/crypto/openssh/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.190 2010/11/13 23:27:50 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.194 2011/09/23 07:45:05 markus Exp $ */ /* $FreeBSD$ */ /* * Author: Tatu Ylonen @@ -138,7 +138,7 @@ typedef enum { oHashKnownHosts, oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, - oKexAlgorithms, oIPQoS, + oKexAlgorithms, oIPQoS, oRequestTTY, oHPNDisabled, oHPNBufferSize, oTcpRcvBufPoll, oTcpRcvBuf, #ifdef NONE_CIPHER_ENABLED oNoneEnabled, oNoneSwitch, @@ -202,9 +202,9 @@ static struct { { "host", oHost }, { "escapechar", oEscapeChar }, { "globalknownhostsfile", oGlobalKnownHostsFile }, - { "globalknownhostsfile2", oGlobalKnownHostsFile2 }, /* obsolete */ + { "globalknownhostsfile2", oDeprecated }, { "userknownhostsfile", oUserKnownHostsFile }, - { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */ + { "userknownhostsfile2", oDeprecated }, { "connectionattempts", oConnectionAttempts }, { "batchmode", oBatchMode }, { "checkhostip", oCheckHostIP }, @@ -254,6 +254,7 @@ static struct { #endif { "kexalgorithms", oKexAlgorithms }, { "ipqos", oIPQoS }, + { "requesttty", oRequestTTY }, { "hpndisabled", oHPNDisabled }, { "hpnbuffersize", oHPNBufferSize }, { "tcprcvbufpoll", oTcpRcvBufPoll }, @@ -262,8 +263,8 @@ static struct { { "noneenabled", oNoneEnabled }, { "noneswitch", oNoneSwitch }, #endif - { "versionaddendum", oVersionAddendum }, + { NULL, oBadOption } }; @@ -323,6 +324,7 @@ add_remote_forward(Options *options, const Forward *newfwd) fwd->listen_port = newfwd->listen_port; fwd->connect_host = newfwd->connect_host; fwd->connect_port = newfwd->connect_port; + fwd->handle = newfwd->handle; fwd->allocated_port = 0; } @@ -383,8 +385,10 @@ process_config_line(Options *options, const char *host, char *line, const char *filename, int linenum, int *activep) { - char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256]; - int opcode, *intptr, value, value2, scale; + char *s, **charptr, *endofnumber, *keyword, *arg, *arg2; + char **cpptr, fwdarg[256]; + u_int *uintptr, max_entries = 0; + int negated, opcode, *intptr, value, value2, scale; LogLevel *log_level_ptr; long long orig, val64; size_t len; @@ -627,26 +631,33 @@ parse_yesnoask: parse_string: arg = strdelim(&s); if (!arg || *arg == '\0') - fatal("%.200s line %d: Missing argument.", filename, linenum); + fatal("%.200s line %d: Missing argument.", + filename, linenum); if (*activep && *charptr == NULL) *charptr = xstrdup(arg); break; case oGlobalKnownHostsFile: - charptr = &options->system_hostfile; - goto parse_string; + cpptr = (char **)&options->system_hostfiles; + uintptr = &options->num_system_hostfiles; + max_entries = SSH_MAX_HOSTS_FILES; +parse_char_array: + if (*activep && *uintptr == 0) { + while ((arg = strdelim(&s)) != NULL && *arg != '\0') { + if ((*uintptr) >= max_entries) + fatal("%s line %d: " + "too many authorized keys files.", + filename, linenum); + cpptr[(*uintptr)++] = xstrdup(arg); + } + } + return 0; case oUserKnownHostsFile: - charptr = &options->user_hostfile; - goto parse_string; - - case oGlobalKnownHostsFile2: - charptr = &options->system_hostfile2; - goto parse_string; - - case oUserKnownHostsFile2: - charptr = &options->user_hostfile2; - goto parse_string; + cpptr = (char **)&options->user_hostfiles; + uintptr = &options->num_user_hostfiles; + max_entries = SSH_MAX_HOSTS_FILES; + goto parse_char_array; case oHostName: charptr = &options->hostname; @@ -823,12 +834,28 @@ parse_int: case oHost: *activep = 0; - while ((arg = strdelim(&s)) != NULL && *arg != '\0') + arg2 = NULL; + while ((arg = strdelim(&s)) != NULL && *arg != '\0') { + negated = *arg == '!'; + if (negated) + arg++; if (match_pattern(host, arg)) { - debug("Applying options for %.100s", arg); + if (negated) { + debug("%.200s line %d: Skipping Host " + "block because of negated match " + "for %.100s", filename, linenum, + arg); + *activep = 0; + break; + } + if (!*activep) + arg2 = arg; /* logged below */ *activep = 1; - break; } + } + if (*activep) + debug("%.200s line %d: Applying options for %.100s", + filename, linenum, arg2); /* Avoid garbage check below, as strdelim is done. */ return 0; @@ -1027,11 +1054,24 @@ parse_int: intptr = &options->use_roaming; goto parse_flag; - case oVersionAddendum: - ssh_version_set_addendum(strtok(s, "\n")); - do { - arg = strdelim(&s); - } while (arg != NULL && *arg != '\0'); + case oRequestTTY: + arg = strdelim(&s); + if (!arg || *arg == '\0') + fatal("%s line %d: missing argument.", + filename, linenum); + intptr = &options->request_tty; + if (strcasecmp(arg, "yes") == 0) + value = REQUEST_TTY_YES; + else if (strcasecmp(arg, "no") == 0) + value = REQUEST_TTY_NO; + else if (strcasecmp(arg, "force") == 0) + value = REQUEST_TTY_FORCE; + else if (strcasecmp(arg, "auto") == 0) + value = REQUEST_TTY_AUTO; + else + fatal("Unsupported RequestTTY \"%s\"", arg); + if (*activep && *intptr == -1) + *intptr = value; break; case oHPNDisabled: @@ -1054,9 +1094,9 @@ parse_int: case oNoneEnabled: intptr = &options->none_enabled; goto parse_flag; - + /* - * We check to see if the command comes from the command line or not. + * We check to see if the command comes from the command line or not. * If it does then enable it otherwise fail. NONE must never be a * default configuration. */ @@ -1072,9 +1112,25 @@ parse_int: "from the command line", filename); error("Continuing..."); return 0; - } + } #endif + case oVersionAddendum: + if (s == NULL) + fatal("%.200s line %d: Missing argument.", filename, + linenum); + len = strspn(s, WHITESPACE); + if (*activep && options->version_addendum == NULL) { + if (strcasecmp(s + len, "none") == 0) + options->version_addendum = xstrdup(""); + else if (strchr(s + len, '\r') != NULL) + fatal("%.200s line %d: Invalid argument", + filename, linenum); + else + options->version_addendum = xstrdup(s + len); + } + return 0; + case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", filename, linenum, keyword); @@ -1199,10 +1255,8 @@ initialize_options(Options * options) options->proxy_command = NULL; options->user = NULL; options->escape_char = -1; - options->system_hostfile = NULL; - options->user_hostfile = NULL; - options->system_hostfile2 = NULL; - options->user_hostfile2 = NULL; + options->num_system_hostfiles = 0; + options->num_user_hostfiles = 0; options->local_forwards = NULL; options->num_local_forwards = 0; options->remote_forwards = NULL; @@ -1235,6 +1289,8 @@ initialize_options(Options * options) options->zero_knowledge_password_authentication = -1; options->ip_qos_interactive = -1; options->ip_qos_bulk = -1; + options->request_tty = -1; + options->version_addendum = NULL; options->hpn_disabled = -1; options->hpn_buffer_size = -1; options->tcp_rcv_buf_poll = -1; @@ -1349,14 +1405,18 @@ fill_default_options(Options * options) } if (options->escape_char == -1) options->escape_char = '~'; - if (options->system_hostfile == NULL) - options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE; - if (options->user_hostfile == NULL) - options->user_hostfile = _PATH_SSH_USER_HOSTFILE; - if (options->system_hostfile2 == NULL) - options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2; - if (options->user_hostfile2 == NULL) - options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2; + if (options->num_system_hostfiles == 0) { + options->system_hostfiles[options->num_system_hostfiles++] = + xstrdup(_PATH_SSH_SYSTEM_HOSTFILE); + options->system_hostfiles[options->num_system_hostfiles++] = + xstrdup(_PATH_SSH_SYSTEM_HOSTFILE2); + } + if (options->num_user_hostfiles == 0) { + options->user_hostfiles[options->num_user_hostfiles++] = + xstrdup(_PATH_SSH_USER_HOSTFILE); + options->user_hostfiles[options->num_user_hostfiles++] = + xstrdup(_PATH_SSH_USER_HOSTFILE2); + } if (options->log_level == SYSLOG_LEVEL_NOT_SET) options->log_level = SYSLOG_LEVEL_INFO; if (options->clear_forwardings == 1) @@ -1401,14 +1461,18 @@ fill_default_options(Options * options) options->ip_qos_interactive = IPTOS_LOWDELAY; if (options->ip_qos_bulk == -1) options->ip_qos_bulk = IPTOS_THROUGHPUT; + if (options->request_tty == -1) + options->request_tty = REQUEST_TTY_AUTO; /* options->local_command should not be set by default */ /* options->proxy_command should not be set by default */ /* options->user will be set in the main program if appropriate */ /* options->hostname will be set in the main program if appropriate */ /* options->host_key_alias should not be set by default */ /* options->preferred_authentications will be set in ssh */ + if (options->version_addendum == NULL) + options->version_addendum = xstrdup(SSH_VERSION_FREEBSD); if (options->hpn_disabled == -1) - options->hpn_disabled = 0; + options->hpn_disabled = 0; if (options->hpn_buffer_size > -1) { u_int maxlen; @@ -1428,7 +1492,7 @@ fill_default_options(Options * options) } if (options->tcp_rcv_buf == 0) options->tcp_rcv_buf = 1; - if (options->tcp_rcv_buf > -1) + if (options->tcp_rcv_buf > -1) options->tcp_rcv_buf *= 1024; if (options->tcp_rcv_buf_poll == -1) options->tcp_rcv_buf_poll = 1; diff --git a/crypto/openssh/readconf.h b/crypto/openssh/readconf.h index 195f6e74d..7f7668814 100644 --- a/crypto/openssh/readconf.h +++ b/crypto/openssh/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.88 2010/11/13 23:27:50 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.91 2011/09/23 07:45:05 markus Exp $ */ /* $FreeBSD$ */ /* @@ -25,10 +25,12 @@ typedef struct { char *connect_host; /* Host to connect. */ int connect_port; /* Port to connect on connect_host. */ int allocated_port; /* Dynamically allocated listen port */ + int handle; /* Handle for dynamic listen ports */ } Forward; /* Data structure for representing option data. */ -#define MAX_SEND_ENV 256 +#define MAX_SEND_ENV 256 +#define SSH_MAX_HOSTS_FILES 256 typedef struct { int forward_agent; /* Forward authentication agent. */ @@ -84,10 +86,10 @@ typedef struct { char *user; /* User to log in as. */ int escape_char; /* Escape character; -2 = none */ - char *system_hostfile;/* Path for /etc/ssh/ssh_known_hosts. */ - char *user_hostfile; /* Path for $HOME/.ssh/known_hosts. */ - char *system_hostfile2; - char *user_hostfile2; + u_int num_system_hostfiles; /* Paths for /etc/ssh/ssh_known_hosts */ + char *system_hostfiles[SSH_MAX_HOSTS_FILES]; + u_int num_user_hostfiles; /* Path for $HOME/.ssh/known_hosts */ + char *user_hostfiles[SSH_MAX_HOSTS_FILES]; char *preferred_authentications; char *bind_address; /* local socket address for connection to sshd */ char *pkcs11_provider; /* PKCS#11 provider */ @@ -133,6 +135,9 @@ typedef struct { int use_roaming; + int request_tty; + char *version_addendum; /* Appended to SSH banner */ + int hpn_disabled; /* Switch to disable HPN buffer management. */ int hpn_buffer_size; /* User definable size for HPN buffer * window. */ @@ -152,6 +157,11 @@ typedef struct { #define SSHCTL_MASTER_ASK 3 #define SSHCTL_MASTER_AUTO_ASK 4 +#define REQUEST_TTY_AUTO 0 +#define REQUEST_TTY_NO 1 +#define REQUEST_TTY_YES 2 +#define REQUEST_TTY_FORCE 3 + void initialize_options(Options *); void fill_default_options(Options *); int read_config_file(const char *, const char *, Options *, int); diff --git a/crypto/openssh/roaming.h b/crypto/openssh/roaming.h index 6bb94cc39..da069f878 100644 --- a/crypto/openssh/roaming.h +++ b/crypto/openssh/roaming.h @@ -1,4 +1,4 @@ -/* $OpenBSD: roaming.h,v 1.5 2009/10/24 11:11:58 andreas Exp $ */ +/* $OpenBSD: roaming.h,v 1.6 2011/12/07 05:44:38 djm Exp $ */ /* * Copyright (c) 2004-2009 AppGate Network Security AB * @@ -18,8 +18,9 @@ #ifndef ROAMING_H #define ROAMING_H -#define DEFAULT_ROAMBUF 65536 -#define ROAMING_REQUEST "roaming@appgate.com" +#define DEFAULT_ROAMBUF 65536 +#define MAX_ROAMBUF (2*1024*1024) /* XXX arbitrary */ +#define ROAMING_REQUEST "roaming@appgate.com" extern int roaming_enabled; extern int resume_in_progress; diff --git a/crypto/openssh/roaming_client.c b/crypto/openssh/roaming_client.c index cea8e7360..48009d781 100644 --- a/crypto/openssh/roaming_client.c +++ b/crypto/openssh/roaming_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: roaming_client.c,v 1.3 2010/01/18 01:50:27 dtucker Exp $ */ +/* $OpenBSD: roaming_client.c,v 1.4 2011/12/07 05:44:38 djm Exp $ */ /* * Copyright (c) 2004-2009 AppGate Network Security AB * @@ -72,7 +72,7 @@ roaming_reply(int type, u_int32_t seq, void *ctxt) cookie = packet_get_int64(); key1 = oldkey1 = packet_get_int64(); key2 = oldkey2 = packet_get_int64(); - set_out_buffer_size(packet_get_int() + get_snd_buf_size()); + set_out_buffer_size(packet_get_int() + get_snd_buf_size()); roaming_enabled = 1; } diff --git a/crypto/openssh/roaming_common.c b/crypto/openssh/roaming_common.c index 9adbe56fc..8d0b6054a 100644 --- a/crypto/openssh/roaming_common.c +++ b/crypto/openssh/roaming_common.c @@ -1,4 +1,4 @@ -/* $OpenBSD: roaming_common.c,v 1.8 2010/01/12 00:59:29 djm Exp $ */ +/* $OpenBSD: roaming_common.c,v 1.9 2011/12/07 05:44:38 djm Exp $ */ /* * Copyright (c) 2004-2009 AppGate Network Security AB * @@ -75,6 +75,8 @@ get_recv_buf_size() void set_out_buffer_size(size_t size) { + if (size == 0 || size > MAX_ROAMBUF) + fatal("%s: bad buffer size %lu", __func__, (u_long)size); /* * The buffer size can only be set once and the buffer will live * as long as the session lives. diff --git a/crypto/openssh/sandbox-darwin.c b/crypto/openssh/sandbox-darwin.c new file mode 100644 index 000000000..69901ef14 --- /dev/null +++ b/crypto/openssh/sandbox-darwin.c @@ -0,0 +1,98 @@ +/* + * Copyright (c) 2011 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#ifdef SANDBOX_DARWIN + +#include + +#include + +#include +#include +#include +#include +#include +#include + +#include "log.h" +#include "sandbox.h" +#include "xmalloc.h" + +/* Darwin/OS X sandbox */ + +struct ssh_sandbox { + pid_t child_pid; +}; + +struct ssh_sandbox * +ssh_sandbox_init(void) +{ + struct ssh_sandbox *box; + + /* + * Strictly, we don't need to maintain any state here but we need + * to return non-NULL to satisfy the API. + */ + debug3("%s: preparing Darwin sandbox", __func__); + box = xcalloc(1, sizeof(*box)); + box->child_pid = 0; + + return box; +} + +void +ssh_sandbox_child(struct ssh_sandbox *box) +{ + char *errmsg; + struct rlimit rl_zero; + + debug3("%s: starting Darwin sandbox", __func__); + if (sandbox_init(kSBXProfilePureComputation, SANDBOX_NAMED, + &errmsg) == -1) + fatal("%s: sandbox_init: %s", __func__, errmsg); + + /* + * The kSBXProfilePureComputation still allows sockets, so + * we must disable these using rlimit. + */ + rl_zero.rlim_cur = rl_zero.rlim_max = 0; + if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) + fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", + __func__, strerror(errno)); + if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) + fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", + __func__, strerror(errno)); + if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1) + fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s", + __func__, strerror(errno)); +} + +void +ssh_sandbox_parent_finish(struct ssh_sandbox *box) +{ + free(box); + debug3("%s: finished", __func__); +} + +void +ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) +{ + box->child_pid = child_pid; +} + +#endif /* SANDBOX_DARWIN */ diff --git a/crypto/openssh/sandbox-null.c b/crypto/openssh/sandbox-null.c new file mode 100644 index 000000000..29fa9669f --- /dev/null +++ b/crypto/openssh/sandbox-null.c @@ -0,0 +1,72 @@ +/* $OpenBSD$ */ +/* + * Copyright (c) 2011 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#ifdef SANDBOX_NULL + +#include + +#include +#include +#include +#include +#include +#include + +#include "log.h" +#include "ssh-sandbox.h" +#include "xmalloc.h" + +/* dummy sandbox */ + +struct ssh_sandbox { + int junk; +}; + +struct ssh_sandbox * +ssh_sandbox_init(void) +{ + struct ssh_sandbox *box; + + /* + * Strictly, we don't need to maintain any state here but we need + * to return non-NULL to satisfy the API. + */ + box = xcalloc(1, sizeof(*box)); + return box; +} + +void +ssh_sandbox_child(struct ssh_sandbox *box) +{ + /* Nothing to do here */ +} + +void +ssh_sandbox_parent_finish(struct ssh_sandbox *box) +{ + free(box); +} + +void +ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) +{ + /* Nothing to do here */ +} + +#endif /* SANDBOX_NULL */ diff --git a/crypto/openssh/sandbox-rlimit.c b/crypto/openssh/sandbox-rlimit.c new file mode 100644 index 000000000..a00386337 --- /dev/null +++ b/crypto/openssh/sandbox-rlimit.c @@ -0,0 +1,95 @@ +/* $OpenBSD: sandbox-rlimit.c,v 1.3 2011/06/23 09:34:13 djm Exp $ */ +/* + * Copyright (c) 2011 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#ifdef SANDBOX_RLIMIT + +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +#include "log.h" +#include "ssh-sandbox.h" +#include "xmalloc.h" + +/* Minimal sandbox that sets zero nfiles, nprocs and filesize rlimits */ + +struct ssh_sandbox { + pid_t child_pid; +}; + +struct ssh_sandbox * +ssh_sandbox_init(void) +{ + struct ssh_sandbox *box; + + /* + * Strictly, we don't need to maintain any state here but we need + * to return non-NULL to satisfy the API. + */ + debug3("%s: preparing rlimit sandbox", __func__); + box = xcalloc(1, sizeof(*box)); + box->child_pid = 0; + + return box; +} + +void +ssh_sandbox_child(struct ssh_sandbox *box) +{ + struct rlimit rl_zero; + + rl_zero.rlim_cur = rl_zero.rlim_max = 0; + +#ifndef SANDBOX_SKIP_RLIMIT_FSIZE + if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) + fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", + __func__, strerror(errno)); +#endif + if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) + fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", + __func__, strerror(errno)); +#ifdef HAVE_RLIMIT_NPROC + if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1) + fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s", + __func__, strerror(errno)); +#endif +} + +void +ssh_sandbox_parent_finish(struct ssh_sandbox *box) +{ + free(box); + debug3("%s: finished", __func__); +} + +void +ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) +{ + box->child_pid = child_pid; +} + +#endif /* SANDBOX_RLIMIT */ diff --git a/crypto/openssh/sandbox-systrace.c b/crypto/openssh/sandbox-systrace.c new file mode 100644 index 000000000..2d16a627f --- /dev/null +++ b/crypto/openssh/sandbox-systrace.c @@ -0,0 +1,198 @@ +/* $OpenBSD: sandbox-systrace.c,v 1.6 2012/06/30 14:35:09 markus Exp $ */ +/* + * Copyright (c) 2011 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#ifdef SANDBOX_SYSTRACE + +#include +#include +#include +#include +#include +#include + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "atomicio.h" +#include "log.h" +#include "ssh-sandbox.h" +#include "xmalloc.h" + +struct sandbox_policy { + int syscall; + int action; +}; + +/* Permitted syscalls in preauth. Unlisted syscalls get SYSTR_POLICY_KILL */ +static const struct sandbox_policy preauth_policy[] = { + { SYS_open, SYSTR_POLICY_NEVER }, + + { SYS___sysctl, SYSTR_POLICY_PERMIT }, + { SYS_close, SYSTR_POLICY_PERMIT }, + { SYS_exit, SYSTR_POLICY_PERMIT }, + { SYS_getpid, SYSTR_POLICY_PERMIT }, + { SYS_gettimeofday, SYSTR_POLICY_PERMIT }, + { SYS_madvise, SYSTR_POLICY_PERMIT }, + { SYS_mmap, SYSTR_POLICY_PERMIT }, + { SYS_mprotect, SYSTR_POLICY_PERMIT }, + { SYS_mquery, SYSTR_POLICY_PERMIT }, + { SYS_poll, SYSTR_POLICY_PERMIT }, + { SYS_munmap, SYSTR_POLICY_PERMIT }, + { SYS_read, SYSTR_POLICY_PERMIT }, + { SYS_select, SYSTR_POLICY_PERMIT }, + { SYS_sigprocmask, SYSTR_POLICY_PERMIT }, + { SYS_write, SYSTR_POLICY_PERMIT }, + { -1, -1 } +}; + +struct ssh_sandbox { + int systrace_fd; + pid_t child_pid; + void (*osigchld)(int); +}; + +struct ssh_sandbox * +ssh_sandbox_init(void) +{ + struct ssh_sandbox *box; + + debug3("%s: preparing systrace sandbox", __func__); + box = xcalloc(1, sizeof(*box)); + box->systrace_fd = -1; + box->child_pid = 0; + box->osigchld = signal(SIGCHLD, SIG_IGN); + + return box; +} + +void +ssh_sandbox_child(struct ssh_sandbox *box) +{ + debug3("%s: ready", __func__); + signal(SIGCHLD, box->osigchld); + if (kill(getpid(), SIGSTOP) != 0) + fatal("%s: kill(%d, SIGSTOP)", __func__, getpid()); + debug3("%s: started", __func__); +} + +static void +ssh_sandbox_parent(struct ssh_sandbox *box, pid_t child_pid, + const struct sandbox_policy *allowed_syscalls) +{ + int dev_systrace, i, j, found, status; + pid_t pid; + struct systrace_policy policy; + + /* Wait for the child to send itself a SIGSTOP */ + debug3("%s: wait for child %ld", __func__, (long)child_pid); + do { + pid = waitpid(child_pid, &status, WUNTRACED); + } while (pid == -1 && errno == EINTR); + signal(SIGCHLD, box->osigchld); + if (!WIFSTOPPED(status)) { + if (WIFSIGNALED(status)) + fatal("%s: child terminated with signal %d", + __func__, WTERMSIG(status)); + if (WIFEXITED(status)) + fatal("%s: child exited with status %d", + __func__, WEXITSTATUS(status)); + fatal("%s: child not stopped", __func__); + } + debug3("%s: child %ld stopped", __func__, (long)child_pid); + box->child_pid = child_pid; + + /* Set up systracing of child */ + if ((dev_systrace = open("/dev/systrace", O_RDONLY)) == -1) + fatal("%s: open(\"/dev/systrace\"): %s", __func__, + strerror(errno)); + if (ioctl(dev_systrace, STRIOCCLONE, &box->systrace_fd) == -1) + fatal("%s: ioctl(STRIOCCLONE, %d): %s", __func__, + dev_systrace, strerror(errno)); + close(dev_systrace); + debug3("%s: systrace attach, fd=%d", __func__, box->systrace_fd); + if (ioctl(box->systrace_fd, STRIOCATTACH, &child_pid) == -1) + fatal("%s: ioctl(%d, STRIOCATTACH, %d): %s", __func__, + box->systrace_fd, child_pid, strerror(errno)); + + /* Allocate and assign policy */ + bzero(&policy, sizeof(policy)); + policy.strp_op = SYSTR_POLICY_NEW; + policy.strp_maxents = SYS_MAXSYSCALL; + if (ioctl(box->systrace_fd, STRIOCPOLICY, &policy) == -1) + fatal("%s: ioctl(%d, STRIOCPOLICY (new)): %s", __func__, + box->systrace_fd, strerror(errno)); + + policy.strp_op = SYSTR_POLICY_ASSIGN; + policy.strp_pid = box->child_pid; + if (ioctl(box->systrace_fd, STRIOCPOLICY, &policy) == -1) + fatal("%s: ioctl(%d, STRIOCPOLICY (assign)): %s", + __func__, box->systrace_fd, strerror(errno)); + + /* Set per-syscall policy */ + for (i = 0; i < SYS_MAXSYSCALL; i++) { + found = 0; + for (j = 0; allowed_syscalls[j].syscall != -1; j++) { + if (allowed_syscalls[j].syscall == i) { + found = 1; + break; + } + } + policy.strp_op = SYSTR_POLICY_MODIFY; + policy.strp_code = i; + policy.strp_policy = found ? + allowed_syscalls[j].action : SYSTR_POLICY_KILL; + if (found) + debug3("%s: policy: enable syscall %d", __func__, i); + if (ioctl(box->systrace_fd, STRIOCPOLICY, &policy) == -1) + fatal("%s: ioctl(%d, STRIOCPOLICY (modify)): %s", + __func__, box->systrace_fd, strerror(errno)); + } + + /* Signal the child to start running */ + debug3("%s: start child %ld", __func__, (long)child_pid); + if (kill(box->child_pid, SIGCONT) != 0) + fatal("%s: kill(%d, SIGCONT)", __func__, box->child_pid); +} + +void +ssh_sandbox_parent_finish(struct ssh_sandbox *box) +{ + /* Closing this before the child exits will terminate it */ + close(box->systrace_fd); + + free(box); + debug3("%s: finished", __func__); +} + +void +ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) +{ + ssh_sandbox_parent(box, child_pid, preauth_policy); +} + +#endif /* SANDBOX_SYSTRACE */ diff --git a/crypto/openssh/scp.1 b/crypto/openssh/scp.1 index 4031bd47f..e4343c11c 100644 --- a/crypto/openssh/scp.1 +++ b/crypto/openssh/scp.1 @@ -8,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.56 2010/12/09 14:13:32 jmc Exp $ +.\" $OpenBSD: scp.1,v 1.58 2011/09/05 07:01:44 jmc Exp $ .\" -.Dd December 9, 2010 +.Dd September 5 2011 .Dt SCP 1 .Os .Sh NAME @@ -31,7 +31,7 @@ .Oo .Op Ar user No @ .Ar host1 No : -.Oc Ns Ar file1 +.Oc Ar file1 .Sm on .Ar ... .Sm off @@ -140,6 +140,7 @@ For full details of the options listed below, and their possible values, see .It ConnectTimeout .It ControlMaster .It ControlPath +.It ControlPersist .It GlobalKnownHostsFile .It GSSAPIAuthentication .It GSSAPIDelegateCredentials @@ -152,6 +153,7 @@ For full details of the options listed below, and their possible values, see .It IdentityFile .It IdentitiesOnly .It IPQoS +.It KbdInteractiveAuthentication .It KbdInteractiveDevices .It KexAlgorithms .It LogLevel diff --git a/crypto/openssh/scp.c b/crypto/openssh/scp.c index 18b2597fe..08587b5f2 100644 --- a/crypto/openssh/scp.c +++ b/crypto/openssh/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.170 2010/12/09 14:13:33 jmc Exp $ */ +/* $OpenBSD: scp.c,v 1.171 2011/09/09 22:37:01 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -601,12 +601,14 @@ toremote(char *targ, int argc, char **argv) host = cleanhostname(argv[i]); suser = NULL; } - xasprintf(&bp, "%s -f -- %s", cmd, src); + xasprintf(&bp, "%s -f %s%s", cmd, + *src == '-' ? "-- " : "", src); if (do_cmd(host, suser, bp, &remin, &remout) < 0) exit(1); (void) xfree(bp); host = cleanhostname(thost); - xasprintf(&bp, "%s -t -- %s", cmd, targ); + xasprintf(&bp, "%s -t %s%s", cmd, + *targ == '-' ? "-- " : "", targ); if (do_cmd2(host, tuser, bp, remin, remout) < 0) exit(1); (void) xfree(bp); @@ -652,7 +654,8 @@ toremote(char *targ, int argc, char **argv) errs = 1; } else { /* local to remote */ if (remin == -1) { - xasprintf(&bp, "%s -t -- %s", cmd, targ); + xasprintf(&bp, "%s -t %s%s", cmd, + *targ == '-' ? "-- " : "", targ); host = cleanhostname(thost); if (do_cmd(host, tuser, bp, &remin, &remout) < 0) @@ -705,7 +708,8 @@ tolocal(int argc, char **argv) suser = pwd->pw_name; } host = cleanhostname(host); - xasprintf(&bp, "%s -f -- %s", cmd, src); + xasprintf(&bp, "%s -f %s%s", + cmd, *src == '-' ? "-- " : "", src); if (do_cmd(host, suser, bp, &remin, &remout) < 0) { (void) xfree(bp); ++errs; diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c index 96761e725..2664880ab 100644 --- a/crypto/openssh/servconf.c +++ b/crypto/openssh/servconf.c @@ -1,4 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.213 2010/11/13 23:27:50 djm Exp $ */ + +/* $OpenBSD: servconf.c,v 1.229 2012/07/13 01:35:21 dtucker Exp $ */ /* $FreeBSD$ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -47,6 +48,8 @@ __RCSID("$FreeBSD$"); #include "match.h" #include "channels.h" #include "groupaccess.h" +#include "canohost.h" +#include "packet.h" #include "version.h" static void add_listen_addr(ServerOptions *, char *, int); @@ -129,8 +132,7 @@ initialize_server_options(ServerOptions *options) options->use_dns = -1; options->client_alive_interval = -1; options->client_alive_count_max = -1; - options->authorized_keys_file = NULL; - options->authorized_keys_file2 = NULL; + options->num_authkeys_files = 0; options->num_accept_env = 0; options->permit_tun = -1; options->num_permitted_opens = -1; @@ -142,6 +144,7 @@ initialize_server_options(ServerOptions *options) options->authorized_principals_file = NULL; options->ip_qos_interactive = -1; options->ip_qos_bulk = -1; + options->version_addendum = NULL; options->hpn_disabled = -1; options->hpn_buffer_size = -1; options->tcp_rcv_buf_poll = -1; @@ -167,7 +170,7 @@ fill_default_server_options(ServerOptions *options) _PATH_HOST_KEY_FILE; if (options->protocol & SSH_PROTO_2) { options->host_key_files[options->num_host_key_files++] = - _PATH_HOST_RSA_KEY_FILE; + _PATH_HOST_RSA_KEY_FILE; options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE; #ifdef OPENSSL_HAS_ECC @@ -273,15 +276,12 @@ fill_default_server_options(ServerOptions *options) options->client_alive_interval = 0; if (options->client_alive_count_max == -1) options->client_alive_count_max = 3; - if (options->authorized_keys_file2 == NULL) { - /* authorized_keys_file2 falls back to authorized_keys_file */ - if (options->authorized_keys_file != NULL) - options->authorized_keys_file2 = xstrdup(options->authorized_keys_file); - else - options->authorized_keys_file2 = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2); + if (options->num_authkeys_files == 0) { + options->authorized_keys_files[options->num_authkeys_files++] = + xstrdup(_PATH_SSH_USER_PERMITTED_KEYS); + options->authorized_keys_files[options->num_authkeys_files++] = + xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2); } - if (options->authorized_keys_file == NULL) - options->authorized_keys_file = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS); if (options->permit_tun == -1) options->permit_tun = SSH_TUNMODE_NO; if (options->zero_knowledge_password_authentication == -1) @@ -290,7 +290,22 @@ fill_default_server_options(ServerOptions *options) options->ip_qos_interactive = IPTOS_LOWDELAY; if (options->ip_qos_bulk == -1) options->ip_qos_bulk = IPTOS_THROUGHPUT; - if (options->hpn_disabled == -1) + if (options->version_addendum == NULL) + options->version_addendum = xstrdup(SSH_VERSION_FREEBSD); + /* Turn privilege separation on by default */ + if (use_privsep == -1) + use_privsep = PRIVSEP_ON; + +#ifndef HAVE_MMAP + if (use_privsep && options->compression == 1) { + error("This platform does not support both privilege " + "separation and compression"); + error("Compression disabled"); + options->compression = 0; + } +#endif + + if (options->hpn_disabled == -1) options->hpn_disabled = 0; if (options->hpn_buffer_size == -1) { /* @@ -318,23 +333,10 @@ fill_default_server_options(ServerOptions *options) options->hpn_buffer_size = maxlen; else options->hpn_buffer_size *= 1024; - } else + } else { options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT; + } } - - /* Turn privilege separation on by default */ - if (use_privsep == -1) - use_privsep = 1; - -#ifndef HAVE_MMAP - if (use_privsep && options->compression == 1) { - error("This platform does not support both privilege " - "separation and compression"); - error("Compression disabled"); - options->compression = 0; - } -#endif - } /* Keyword tokens. */ @@ -361,18 +363,17 @@ typedef enum { sMaxStartups, sMaxAuthTries, sMaxSessions, sBanner, sUseDNS, sHostbasedAuthentication, sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, - sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, + sClientAliveCountMax, sAuthorizedKeysFile, sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, sMatch, sPermitOpen, sForceCommand, sChrootDirectory, sUsePrivilegeSeparation, sAllowAgentForwarding, sZeroKnowledgePasswordAuthentication, sHostCertificate, sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, - sKexAlgorithms, sIPQoS, + sKexAlgorithms, sIPQoS, sVersionAddendum, sHPNDisabled, sHPNBufferSize, sTcpRcvBufPoll, #ifdef NONE_CIPHER_ENABLED sNoneEnabled, #endif - sVersionAddendum, sDeprecated, sUnsupported } ServerOpCodes; @@ -464,10 +465,10 @@ static struct { { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL }, - { "allowusers", sAllowUsers, SSHCFG_GLOBAL }, - { "denyusers", sDenyUsers, SSHCFG_GLOBAL }, - { "allowgroups", sAllowGroups, SSHCFG_GLOBAL }, - { "denygroups", sDenyGroups, SSHCFG_GLOBAL }, + { "allowusers", sAllowUsers, SSHCFG_ALL }, + { "denyusers", sDenyUsers, SSHCFG_ALL }, + { "allowgroups", sAllowGroups, SSHCFG_ALL }, + { "denygroups", sDenyGroups, SSHCFG_ALL }, { "ciphers", sCiphers, SSHCFG_GLOBAL }, { "macs", sMacs, SSHCFG_GLOBAL }, { "protocol", sProtocol, SSHCFG_GLOBAL }, @@ -483,9 +484,9 @@ static struct { { "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL }, { "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL }, { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, - { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_ALL }, + { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, - { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, + { "acceptenv", sAcceptEnv, SSHCFG_ALL }, { "permittunnel", sPermitTunnel, SSHCFG_ALL }, { "match", sMatch, SSHCFG_ALL }, { "permitopen", sPermitOpen, SSHCFG_ALL }, @@ -497,13 +498,14 @@ static struct { { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, { "ipqos", sIPQoS, SSHCFG_ALL }, + { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, + { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, { "hpndisabled", sHPNDisabled, SSHCFG_ALL }, { "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL }, { "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL }, #ifdef NONE_CIPHER_ENABLED { "noneenabled", sNoneEnabled, SSHCFG_ALL }, #endif - { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, { NULL, sBadOption, 0 } }; @@ -592,6 +594,20 @@ add_one_listen_addr(ServerOptions *options, char *addr, int port) options->listen_addrs = aitop; } +struct connection_info * +get_connection_info(int populate, int use_dns) +{ + static struct connection_info ci; + + if (!populate) + return &ci; + ci.host = get_canonical_hostname(use_dns); + ci.address = get_remote_ipaddr(); + ci.laddress = get_local_ipaddr(packet_get_connection_in()); + ci.lport = get_local_port(); + return &ci; +} + /* * The strategy for the Match blocks is that the config file is parsed twice. * @@ -653,20 +669,25 @@ out: return result; } +/* + * All of the attributes on a single Match line are ANDed together, so we need to check every + * attribute and set the result to zero if any attribute does not match. + */ static int -match_cfg_line(char **condition, int line, const char *user, const char *host, - const char *address) +match_cfg_line(char **condition, int line, struct connection_info *ci) { - int result = 1; + int result = 1, port; char *arg, *attrib, *cp = *condition; size_t len; - if (user == NULL) + if (ci == NULL) debug3("checking syntax for 'Match %s'", cp); else - debug3("checking match for '%s' user %s host %s addr %s", cp, - user ? user : "(null)", host ? host : "(null)", - address ? address : "(null)"); + debug3("checking match for '%s' user %s host %s addr %s " + "laddr %s lport %d", cp, ci->user ? ci->user : "(null)", + ci->host ? ci->host : "(null)", + ci->address ? ci->address : "(null)", + ci->laddress ? ci->laddress : "(null)", ci->lport); while ((attrib = strdelim(&cp)) && *attrib != '\0') { if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { @@ -675,37 +696,45 @@ match_cfg_line(char **condition, int line, const char *user, const char *host, } len = strlen(arg); if (strcasecmp(attrib, "user") == 0) { - if (!user) { + if (ci == NULL || ci->user == NULL) { result = 0; continue; } - if (match_pattern_list(user, arg, len, 0) != 1) + if (match_pattern_list(ci->user, arg, len, 0) != 1) result = 0; else debug("user %.100s matched 'User %.100s' at " - "line %d", user, arg, line); + "line %d", ci->user, arg, line); } else if (strcasecmp(attrib, "group") == 0) { - switch (match_cfg_line_group(arg, line, user)) { + if (ci == NULL || ci->user == NULL) { + result = 0; + continue; + } + switch (match_cfg_line_group(arg, line, ci->user)) { case -1: return -1; case 0: result = 0; } } else if (strcasecmp(attrib, "host") == 0) { - if (!host) { + if (ci == NULL || ci->host == NULL) { result = 0; continue; } - if (match_hostname(host, arg, len) != 1) + if (match_hostname(ci->host, arg, len) != 1) result = 0; else debug("connection from %.100s matched 'Host " - "%.100s' at line %d", host, arg, line); + "%.100s' at line %d", ci->host, arg, line); } else if (strcasecmp(attrib, "address") == 0) { - switch (addr_match_list(address, arg)) { + if (ci == NULL || ci->address == NULL) { + result = 0; + continue; + } + switch (addr_match_list(ci->address, arg)) { case 1: debug("connection from %.100s matched 'Address " - "%.100s' at line %d", address, arg, line); + "%.100s' at line %d", ci->address, arg, line); break; case 0: case -1: @@ -714,12 +743,47 @@ match_cfg_line(char **condition, int line, const char *user, const char *host, case -2: return -1; } + } else if (strcasecmp(attrib, "localaddress") == 0){ + if (ci == NULL || ci->laddress == NULL) { + result = 0; + continue; + } + switch (addr_match_list(ci->laddress, arg)) { + case 1: + debug("connection from %.100s matched " + "'LocalAddress %.100s' at line %d", + ci->laddress, arg, line); + break; + case 0: + case -1: + result = 0; + break; + case -2: + return -1; + } + } else if (strcasecmp(attrib, "localport") == 0) { + if ((port = a2port(arg)) == -1) { + error("Invalid LocalPort '%s' on Match line", + arg); + return -1; + } + if (ci == NULL || ci->lport == 0) { + result = 0; + continue; + } + /* TODO support port lists */ + if (port == ci->lport) + debug("connection from %.100s matched " + "'LocalPort %d' at line %d", + ci->laddress, port, line); + else + result = 0; } else { error("Unsupported Match attribute %s", attrib); return -1; } } - if (user != NULL) + if (ci != NULL) debug3("match %sfound", result ? "" : "not "); *condition = cp; return result; @@ -727,10 +791,48 @@ match_cfg_line(char **condition, int line, const char *user, const char *host, #define WHITESPACE " \t\r\n" +/* Multistate option parsing */ +struct multistate { + char *key; + int value; +}; +static const struct multistate multistate_addressfamily[] = { + { "inet", AF_INET }, + { "inet6", AF_INET6 }, + { "any", AF_UNSPEC }, + { NULL, -1 } +}; +static const struct multistate multistate_permitrootlogin[] = { + { "without-password", PERMIT_NO_PASSWD }, + { "forced-commands-only", PERMIT_FORCED_ONLY }, + { "yes", PERMIT_YES }, + { "no", PERMIT_NO }, + { NULL, -1 } +}; +static const struct multistate multistate_compression[] = { + { "delayed", COMP_DELAYED }, + { "yes", COMP_ZLIB }, + { "no", COMP_NONE }, + { NULL, -1 } +}; +static const struct multistate multistate_gatewayports[] = { + { "clientspecified", 2 }, + { "yes", 1 }, + { "no", 0 }, + { NULL, -1 } +}; +static const struct multistate multistate_privsep[] = { + { "yes", PRIVSEP_NOSANDBOX }, + { "sandbox", PRIVSEP_ON }, + { "nosandbox", PRIVSEP_NOSANDBOX }, + { "no", PRIVSEP_OFF }, + { NULL, -1 } +}; + int process_server_config_line(ServerOptions *options, char *line, - const char *filename, int linenum, int *activep, const char *user, - const char *host, const char *address) + const char *filename, int linenum, int *activep, + struct connection_info *connectinfo) { char *cp, **charptr, *arg, *p; int cmdline = 0, *intptr, value, value2, n; @@ -740,6 +842,7 @@ process_server_config_line(ServerOptions *options, char *line, int port; u_int i, flags = 0; size_t len; + const struct multistate *multistate_ptr; cp = line; if ((arg = strdelim(&cp)) == NULL) @@ -760,7 +863,7 @@ process_server_config_line(ServerOptions *options, char *line, if (*activep && opcode != sMatch) debug3("%s:%d setting %s %s", filename, linenum, arg, cp); if (*activep == 0 && !(flags & SSHCFG_MATCH)) { - if (user == NULL) { + if (connectinfo == NULL) { fatal("%s line %d: Directive '%s' is not allowed " "within a Match block", filename, linenum, arg); } else { /* this is a directive we have already processed */ @@ -855,24 +958,27 @@ process_server_config_line(ServerOptions *options, char *line, break; case sAddressFamily: + intptr = &options->address_family; + multistate_ptr = multistate_addressfamily; + if (options->listen_addrs != NULL) + fatal("%s line %d: address family must be specified " + "before ListenAddress.", filename, linenum); + parse_multistate: arg = strdelim(&cp); if (!arg || *arg == '\0') - fatal("%s line %d: missing address family.", + fatal("%s line %d: missing argument.", filename, linenum); - intptr = &options->address_family; - if (options->listen_addrs != NULL) - fatal("%s line %d: address family must be specified before " - "ListenAddress.", filename, linenum); - if (strcasecmp(arg, "inet") == 0) - value = AF_INET; - else if (strcasecmp(arg, "inet6") == 0) - value = AF_INET6; - else if (strcasecmp(arg, "any") == 0) - value = AF_UNSPEC; - else - fatal("%s line %d: unsupported address family \"%s\".", + value = -1; + for (i = 0; multistate_ptr[i].key != NULL; i++) { + if (strcasecmp(arg, multistate_ptr[i].key) == 0) { + value = multistate_ptr[i].value; + break; + } + } + if (value == -1) + fatal("%s line %d: unsupported option \"%s\".", filename, linenum, arg); - if (*intptr == -1) + if (*activep && *intptr == -1) *intptr = value; break; @@ -911,27 +1017,8 @@ process_server_config_line(ServerOptions *options, char *line, case sPermitRootLogin: intptr = &options->permit_root_login; - arg = strdelim(&cp); - if (!arg || *arg == '\0') - fatal("%s line %d: missing yes/" - "without-password/forced-commands-only/no " - "argument.", filename, linenum); - value = 0; /* silence compiler */ - if (strcmp(arg, "without-password") == 0) - value = PERMIT_NO_PASSWD; - else if (strcmp(arg, "forced-commands-only") == 0) - value = PERMIT_FORCED_ONLY; - else if (strcmp(arg, "yes") == 0) - value = PERMIT_YES; - else if (strcmp(arg, "no") == 0) - value = PERMIT_NO; - else - fatal("%s line %d: Bad yes/" - "without-password/forced-commands-only/no " - "argument: %s", filename, linenum, arg); - if (*activep && *intptr == -1) - *intptr = value; - break; + multistate_ptr = multistate_permitrootlogin; + goto parse_multistate; case sIgnoreRhosts: intptr = &options->ignore_rhosts; @@ -1062,43 +1149,13 @@ process_server_config_line(ServerOptions *options, char *line, case sCompression: intptr = &options->compression; - arg = strdelim(&cp); - if (!arg || *arg == '\0') - fatal("%s line %d: missing yes/no/delayed " - "argument.", filename, linenum); - value = 0; /* silence compiler */ - if (strcmp(arg, "delayed") == 0) - value = COMP_DELAYED; - else if (strcmp(arg, "yes") == 0) - value = COMP_ZLIB; - else if (strcmp(arg, "no") == 0) - value = COMP_NONE; - else - fatal("%s line %d: Bad yes/no/delayed " - "argument: %s", filename, linenum, arg); - if (*intptr == -1) - *intptr = value; - break; + multistate_ptr = multistate_compression; + goto parse_multistate; case sGatewayPorts: intptr = &options->gateway_ports; - arg = strdelim(&cp); - if (!arg || *arg == '\0') - fatal("%s line %d: missing yes/no/clientspecified " - "argument.", filename, linenum); - value = 0; /* silence compiler */ - if (strcmp(arg, "clientspecified") == 0) - value = 2; - else if (strcmp(arg, "yes") == 0) - value = 1; - else if (strcmp(arg, "no") == 0) - value = 0; - else - fatal("%s line %d: Bad yes/no/clientspecified " - "argument: %s", filename, linenum, arg); - if (*activep && *intptr == -1) - *intptr = value; - break; + multistate_ptr = multistate_gatewayports; + goto parse_multistate; case sUseDNS: intptr = &options->use_dns; @@ -1136,13 +1193,16 @@ process_server_config_line(ServerOptions *options, char *line, case sUsePrivilegeSeparation: intptr = &use_privsep; - goto parse_flag; + multistate_ptr = multistate_privsep; + goto parse_multistate; case sAllowUsers: while ((arg = strdelim(&cp)) && *arg != '\0') { if (options->num_allow_users >= MAX_ALLOW_USERS) fatal("%s line %d: too many allow users.", filename, linenum); + if (!*activep) + continue; options->allow_users[options->num_allow_users++] = xstrdup(arg); } @@ -1153,6 +1213,8 @@ process_server_config_line(ServerOptions *options, char *line, if (options->num_deny_users >= MAX_DENY_USERS) fatal("%s line %d: too many deny users.", filename, linenum); + if (!*activep) + continue; options->deny_users[options->num_deny_users++] = xstrdup(arg); } @@ -1163,6 +1225,8 @@ process_server_config_line(ServerOptions *options, char *line, if (options->num_allow_groups >= MAX_ALLOW_GROUPS) fatal("%s line %d: too many allow groups.", filename, linenum); + if (!*activep) + continue; options->allow_groups[options->num_allow_groups++] = xstrdup(arg); } @@ -1173,7 +1237,10 @@ process_server_config_line(ServerOptions *options, char *line, if (options->num_deny_groups >= MAX_DENY_GROUPS) fatal("%s line %d: too many deny groups.", filename, linenum); - options->deny_groups[options->num_deny_groups++] = xstrdup(arg); + if (!*activep) + continue; + options->deny_groups[options->num_deny_groups++] = + xstrdup(arg); } break; @@ -1302,14 +1369,22 @@ process_server_config_line(ServerOptions *options, char *line, * AuthorizedKeysFile /etc/ssh_keys/%u */ case sAuthorizedKeysFile: - charptr = &options->authorized_keys_file; - goto parse_tilde_filename; - case sAuthorizedKeysFile2: - charptr = &options->authorized_keys_file2; - goto parse_tilde_filename; + if (*activep && options->num_authkeys_files == 0) { + while ((arg = strdelim(&cp)) && *arg != '\0') { + if (options->num_authkeys_files >= + MAX_AUTHKEYS_FILES) + fatal("%s line %d: " + "too many authorized keys files.", + filename, linenum); + options->authorized_keys_files[ + options->num_authkeys_files++] = + tilde_expand_filename(arg, getuid()); + } + } + return 0; + case sAuthorizedPrincipalsFile: charptr = &options->authorized_principals_file; - parse_tilde_filename: arg = strdelim(&cp); if (!arg || *arg == '\0') fatal("%s line %d: missing file name.", @@ -1339,7 +1414,7 @@ process_server_config_line(ServerOptions *options, char *line, fatal("%s line %d: too many allow env.", filename, linenum); if (!*activep) - break; + continue; options->accept_env[options->num_accept_env++] = xstrdup(arg); } @@ -1368,7 +1443,7 @@ process_server_config_line(ServerOptions *options, char *line, if (cmdline) fatal("Match directive not supported as a command-line " "option"); - value = match_cfg_line(&cp, linenum, user, host, address); + value = match_cfg_line(&cp, linenum, connectinfo); if (value < 0) fatal("%s line %d: Bad Match condition", filename, linenum); @@ -1388,6 +1463,14 @@ process_server_config_line(ServerOptions *options, char *line, } break; } + if (strcmp(arg, "none") == 0) { + if (*activep && n == -1) { + channel_clear_adm_permitted_opens(); + options->num_permitted_opens = 1; + channel_disable_adm_local_opens(); + } + break; + } if (*activep && n == -1) channel_clear_adm_permitted_opens(); for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) { @@ -1396,7 +1479,7 @@ process_server_config_line(ServerOptions *options, char *line, fatal("%s line %d: missing host in PermitOpen", filename, linenum); p = cleanhostname(p); - if (arg == NULL || (port = a2port(arg)) <= 0) + if (arg == NULL || ((port = permitopen_port(arg)) < 0)) fatal("%s line %d: bad port number in " "PermitOpen", filename, linenum); if (*activep && n == -1) @@ -1451,11 +1534,20 @@ process_server_config_line(ServerOptions *options, char *line, break; case sVersionAddendum: - ssh_version_set_addendum(strtok(cp, "\n")); - do { - arg = strdelim(&cp); - } while (arg != NULL && *arg != '\0'); - break; + if (cp == NULL) + fatal("%.200s line %d: Missing argument.", filename, + linenum); + len = strspn(cp, WHITESPACE); + if (*activep && options->version_addendum == NULL) { + if (strcasecmp(cp + len, "none") == 0) + options->version_addendum = xstrdup(""); + else if (strchr(cp + len, '\r') != NULL) + fatal("%.200s line %d: Invalid argument", + filename, linenum); + else + options->version_addendum = xstrdup(cp + len); + } + return 0; case sHPNDisabled: intptr = &options->hpn_disabled; @@ -1504,8 +1596,9 @@ process_server_config_line(ServerOptions *options, char *line, void load_server_config(const char *filename, Buffer *conf) { - char line[1024], *cp; + char line[4096], *cp; FILE *f; + int lineno = 0; debug2("%s: filename %s", __func__, filename); if ((f = fopen(filename, "r")) == NULL) { @@ -1514,6 +1607,9 @@ load_server_config(const char *filename, Buffer *conf) } buffer_clear(conf); while (fgets(line, sizeof(line), f)) { + lineno++; + if (strlen(line) == sizeof(line) - 1) + fatal("%s line %d too long", filename, lineno); /* * Trim out comments and strip whitespace * NB - preserve newlines, they are needed to reproduce @@ -1531,16 +1627,58 @@ load_server_config(const char *filename, Buffer *conf) } void -parse_server_match_config(ServerOptions *options, const char *user, - const char *host, const char *address) +parse_server_match_config(ServerOptions *options, + struct connection_info *connectinfo) { ServerOptions mo; initialize_server_options(&mo); - parse_server_config(&mo, "reprocess config", &cfg, user, host, address); + parse_server_config(&mo, "reprocess config", &cfg, connectinfo); copy_set_server_options(options, &mo, 0); } +int parse_server_match_testspec(struct connection_info *ci, char *spec) +{ + char *p; + + while ((p = strsep(&spec, ",")) && *p != '\0') { + if (strncmp(p, "addr=", 5) == 0) { + ci->address = xstrdup(p + 5); + } else if (strncmp(p, "host=", 5) == 0) { + ci->host = xstrdup(p + 5); + } else if (strncmp(p, "user=", 5) == 0) { + ci->user = xstrdup(p + 5); + } else if (strncmp(p, "laddr=", 6) == 0) { + ci->laddress = xstrdup(p + 6); + } else if (strncmp(p, "lport=", 6) == 0) { + ci->lport = a2port(p + 6); + if (ci->lport == -1) { + fprintf(stderr, "Invalid port '%s' in test mode" + " specification %s\n", p+6, p); + return -1; + } + } else { + fprintf(stderr, "Invalid test mode specification %s\n", + p); + return -1; + } + } + return 0; +} + +/* + * returns 1 for a complete spec, 0 for partial spec and -1 for an + * empty spec. + */ +int server_match_spec_complete(struct connection_info *ci) +{ + if (ci->user && ci->host && ci->address) + return 1; /* complete */ + if (!ci->user && !ci->host && !ci->address) + return -1; /* empty */ + return 0; /* partial */ +} + /* Helper macros */ #define M_CP_INTOPT(n) do {\ if (src->n != -1) \ @@ -1553,6 +1691,12 @@ parse_server_match_config(ServerOptions *options, const char *user, dst->n = src->n; \ } \ } while(0) +#define M_CP_STRARRAYOPT(n, num_n) do {\ + if (src->num_n != 0) { \ + for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \ + dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \ + } \ +} while(0) /* * Copy any supported values that are set. @@ -1588,24 +1732,27 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) M_CP_INTOPT(ip_qos_interactive); M_CP_INTOPT(ip_qos_bulk); - M_CP_STROPT(banner); + /* See comment in servconf.h */ + COPY_MATCH_STRING_OPTS(); + + /* + * The only things that should be below this point are string options + * which are only used after authentication. + */ if (preauth) return; + M_CP_STROPT(adm_forced_command); M_CP_STROPT(chroot_directory); - M_CP_STROPT(trusted_user_ca_keys); - M_CP_STROPT(revoked_keys_file); - M_CP_STROPT(authorized_keys_file); - M_CP_STROPT(authorized_keys_file2); - M_CP_STROPT(authorized_principals_file); } #undef M_CP_INTOPT #undef M_CP_STROPT +#undef M_CP_STRARRAYOPT void parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, - const char *user, const char *host, const char *address) + struct connection_info *connectinfo) { int active, linenum, bad_options = 0; char *cp, *obuf, *cbuf; @@ -1613,11 +1760,11 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); obuf = cbuf = xstrdup(buffer_ptr(conf)); - active = user ? 0 : 1; + active = connectinfo ? 0 : 1; linenum = 1; while ((cp = strsep(&cbuf, "\n")) != NULL) { if (process_server_config_line(options, cp, filename, - linenum++, &active, user, host, address) != 0) + linenum++, &active, connectinfo) != 0) bad_options++; } xfree(obuf); @@ -1627,31 +1774,34 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, } static const char * -fmt_intarg(ServerOpCodes code, int val) +fmt_multistate_int(int val, const struct multistate *m) { - if (code == sAddressFamily) { - switch (val) { - case AF_INET: - return "inet"; - case AF_INET6: - return "inet6"; - case AF_UNSPEC: - return "any"; - default: - return "UNKNOWN"; - } - } - if (code == sPermitRootLogin) { - switch (val) { - case PERMIT_NO_PASSWD: - return "without-password"; - case PERMIT_FORCED_ONLY: - return "forced-commands-only"; - case PERMIT_YES: - return "yes"; - } + u_int i; + + for (i = 0; m[i].key != NULL; i++) { + if (m[i].value == val) + return m[i].key; } - if (code == sProtocol) { + return "UNKNOWN"; +} + +static const char * +fmt_intarg(ServerOpCodes code, int val) +{ + if (val == -1) + return "unset"; + switch (code) { + case sAddressFamily: + return fmt_multistate_int(val, multistate_addressfamily); + case sPermitRootLogin: + return fmt_multistate_int(val, multistate_permitrootlogin); + case sGatewayPorts: + return fmt_multistate_int(val, multistate_gatewayports); + case sCompression: + return fmt_multistate_int(val, multistate_compression); + case sUsePrivilegeSeparation: + return fmt_multistate_int(val, multistate_privsep); + case sProtocol: switch (val) { case SSH_PROTO_1: return "1"; @@ -1662,20 +1812,16 @@ fmt_intarg(ServerOpCodes code, int val) default: return "UNKNOWN"; } + default: + switch (val) { + case 0: + return "no"; + case 1: + return "yes"; + default: + return "UNKNOWN"; + } } - if (code == sGatewayPorts && val == 2) - return "clientspecified"; - if (code == sCompression && val == COMP_DELAYED) - return "delayed"; - switch (val) { - case -1: - return "unset"; - case 0: - return "no"; - case 1: - return "yes"; - } - return "UNKNOWN"; } static const char * @@ -1715,7 +1861,18 @@ dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals) u_int i; for (i = 0; i < count; i++) - printf("%s %s\n", lookup_opcode_name(code), vals[i]); + printf("%s %s\n", lookup_opcode_name(code), vals[i]); +} + +static void +dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals) +{ + u_int i; + + printf("%s", lookup_opcode_name(code)); + for (i = 0; i < count; i++) + printf(" %s", vals[i]); + printf("\n"); } void @@ -1813,20 +1970,21 @@ dump_config(ServerOptions *o) dump_cfg_string(sCiphers, o->ciphers); dump_cfg_string(sMacs, o->macs); dump_cfg_string(sBanner, o->banner); - dump_cfg_string(sAuthorizedKeysFile, o->authorized_keys_file); - dump_cfg_string(sAuthorizedKeysFile2, o->authorized_keys_file2); dump_cfg_string(sForceCommand, o->adm_forced_command); dump_cfg_string(sChrootDirectory, o->chroot_directory); dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); dump_cfg_string(sRevokedKeys, o->revoked_keys_file); dump_cfg_string(sAuthorizedPrincipalsFile, o->authorized_principals_file); + dump_cfg_string(sVersionAddendum, o->version_addendum); /* string arguments requiring a lookup */ dump_cfg_string(sLogLevel, log_level_name(o->log_level)); dump_cfg_string(sLogFacility, log_facility_name(o->log_facility)); /* string array arguments */ + dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files, + o->authorized_keys_files); dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, o->host_key_files); dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files, @@ -1852,7 +2010,8 @@ dump_config(ServerOptions *o) } dump_cfg_string(sPermitTunnel, s); - printf("ipqos 0x%02x 0x%02x\n", o->ip_qos_interactive, o->ip_qos_bulk); + printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); + printf("%s\n", iptos2str(o->ip_qos_bulk)); channel_print_adm_permitted_opens(); } diff --git a/crypto/openssh/servconf.h b/crypto/openssh/servconf.h index cfa8e4b08..8dff83a2f 100644 --- a/crypto/openssh/servconf.h +++ b/crypto/openssh/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.95 2010/11/13 23:27:50 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.103 2012/07/10 02:19:15 djm Exp $ */ /* $FreeBSD$ */ /* @@ -28,6 +28,7 @@ #define MAX_HOSTCERTS 256 /* Max # host certificates. */ #define MAX_ACCEPT_ENV 256 /* Max # of env vars. */ #define MAX_MATCH_GROUPS 256 /* Max # of groups for Match. */ +#define MAX_AUTHKEYS_FILES 256 /* Max # of authorized_keys files. */ /* permit_root_login */ #define PERMIT_NOT_SET -1 @@ -36,6 +37,11 @@ #define PERMIT_NO_PASSWD 2 #define PERMIT_YES 3 +/* use_privsep */ +#define PRIVSEP_OFF 0 +#define PRIVSEP_ON 1 +#define PRIVSEP_NOSANDBOX 2 + #define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */ #define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */ @@ -146,8 +152,8 @@ typedef struct { * disconnect the session */ - char *authorized_keys_file; /* File containing public keys */ - char *authorized_keys_file2; + u_int num_authkeys_files; /* Files containing public keys */ + char *authorized_keys_files[MAX_AUTHKEYS_FILES]; char *adm_forced_command; @@ -162,6 +168,8 @@ typedef struct { char *trusted_user_ca_keys; char *authorized_principals_file; + char *version_addendum; /* Appended to SSH banner */ + int hpn_disabled; /* Disable HPN functionality. */ int hpn_buffer_size; /* Set HPN buffer size - default 2MB.*/ int tcp_rcv_buf_poll; /* Poll TCP rcv window in autotuning @@ -172,15 +180,46 @@ typedef struct { #endif } ServerOptions; +/* Information about the incoming connection as used by Match */ +struct connection_info { + const char *user; + const char *host; /* possibly resolved hostname */ + const char *address; /* remote address */ + const char *laddress; /* local address */ + int lport; /* local port */ +}; + + +/* + * These are string config options that must be copied between the + * Match sub-config and the main config, and must be sent from the + * privsep slave to the privsep master. We use a macro to ensure all + * the options are copied and the copies are done in the correct order. + */ +#define COPY_MATCH_STRING_OPTS() do { \ + M_CP_STROPT(banner); \ + M_CP_STROPT(trusted_user_ca_keys); \ + M_CP_STROPT(revoked_keys_file); \ + M_CP_STROPT(authorized_principals_file); \ + M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ + M_CP_STRARRAYOPT(allow_users, num_allow_users); \ + M_CP_STRARRAYOPT(deny_users, num_deny_users); \ + M_CP_STRARRAYOPT(allow_groups, num_allow_groups); \ + M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \ + M_CP_STRARRAYOPT(accept_env, num_accept_env); \ + } while (0) + +struct connection_info *get_connection_info(int, int); void initialize_server_options(ServerOptions *); void fill_default_server_options(ServerOptions *); int process_server_config_line(ServerOptions *, char *, const char *, int, - int *, const char *, const char *, const char *); + int *, struct connection_info *); void load_server_config(const char *, Buffer *); void parse_server_config(ServerOptions *, const char *, Buffer *, - const char *, const char *, const char *); -void parse_server_match_config(ServerOptions *, const char *, const char *, - const char *); + struct connection_info *); +void parse_server_match_config(ServerOptions *, struct connection_info *); +int parse_server_match_testspec(struct connection_info *, char *); +int server_match_spec_complete(struct connection_info *); void copy_set_server_options(ServerOptions *, ServerOptions *, int); void dump_config(ServerOptions *); char *derelativise_path(const char *); diff --git a/crypto/openssh/serverloop.c b/crypto/openssh/serverloop.c index 7606937cc..33fcfc37e 100644 --- a/crypto/openssh/serverloop.c +++ b/crypto/openssh/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.159 2009/05/28 16:50:16 andreas Exp $ */ +/* $OpenBSD: serverloop.c,v 1.162 2012/06/20 04:42:58 djm Exp $ */ /* $FreeBSD$ */ /* * Author: Tatu Ylonen @@ -132,8 +132,8 @@ notify_setup(void) { if (pipe(notify_pipe) < 0) { error("pipe(notify_pipe) failed %s", strerror(errno)); - } else if ((fcntl(notify_pipe[0], F_SETFD, 1) == -1) || - (fcntl(notify_pipe[1], F_SETFD, 1) == -1)) { + } else if ((fcntl(notify_pipe[0], F_SETFD, FD_CLOEXEC) == -1) || + (fcntl(notify_pipe[1], F_SETFD, FD_CLOEXEC) == -1)) { error("fcntl(notify_pipe, F_SETFD) failed %s", strerror(errno)); close(notify_pipe[0]); close(notify_pipe[1]); @@ -282,9 +282,18 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, { struct timeval tv, *tvp; int ret; + time_t minwait_secs = 0; int client_alive_scheduled = 0; int program_alive_scheduled = 0; + /* Allocate and update select() masks for channel descriptors. */ + channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, + &minwait_secs, 0); + + if (minwait_secs != 0) + max_time_milliseconds = MIN(max_time_milliseconds, + (u_int)minwait_secs * 1000); + /* * if using client_alive, set the max timeout accordingly, * and indicate that this particular timeout was for client @@ -299,9 +308,6 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, max_time_milliseconds = options.client_alive_interval * 1000; } - /* Allocate and update select() masks for channel descriptors. */ - channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, 0); - if (compat20) { #if 0 /* wrong: bad condition XXX */ @@ -727,7 +733,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) /* Wait until all output has been sent to the client. */ drain_output(); - debug("End of interactive session; stdin %ld, stdout (read %ld, " "sent %ld), stderr %ld bytes.", + debug("End of interactive session; stdin %ld, stdout (read %ld, sent %ld), stderr %ld bytes.", stdin_bytes, fdout_bytes, stdout_bytes, stderr_bytes); /* Free and clear the buffers. */ diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c index b04e62997..57a3e18c2 100644 --- a/crypto/openssh/session.c +++ b/crypto/openssh/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.258 2010/11/25 04:10:09 djm Exp $ */ +/* $OpenBSD: session.c,v 1.260 2012/03/15 03:10:27 guenther Exp $ */ /* $FreeBSD$ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -98,6 +98,10 @@ __RCSID("$FreeBSD$"); #include #endif +#ifdef WITH_SELINUX +#include +#endif + #define IS_INTERNAL_SFTP(c) \ (!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \ (c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\0' || \ @@ -1402,7 +1406,7 @@ do_nologin(struct passwd *pw) struct stat sb; #ifdef HAVE_LOGIN_CAP - if (login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid) + if (login_getcapbool(lc, "ignorenologin", 0) || pw->pw_uid == 0) return; nl = login_getcapstr(lc, "nologin", def_nl, def_nl); #else @@ -1547,6 +1551,9 @@ do_pwchange(Session *s) if (s->ttyfd != -1) { fprintf(stderr, "You must change your password now and login again!\n"); +#ifdef WITH_SELINUX + setexeccon(NULL); +#endif #ifdef PASSWD_NEEDS_USERNAME execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name, (char *)NULL); @@ -2175,7 +2182,7 @@ session_break_req(Session *s) packet_get_int(); /* ignored */ packet_check_eom(); - if (s->ttyfd == -1 || tcsendbreak(s->ttyfd, 0) < 0) + if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) < 0) return 0; return 1; } diff --git a/crypto/openssh/sftp-client.c b/crypto/openssh/sftp-client.c index caa384b4e..85f2bd444 100644 --- a/crypto/openssh/sftp-client.c +++ b/crypto/openssh/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.94 2010/12/04 00:18:01 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.97 2012/07/02 12:13:26 dtucker Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -462,12 +462,12 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, buffer_put_cstring(&msg, path); send_msg(conn, &msg); - buffer_clear(&msg); - handle = get_handle(conn, id, &handle_len, "remote readdir(\"%s\")", path); - if (handle == NULL) + if (handle == NULL) { + buffer_free(&msg); return -1; + } if (dir) { ents = 0; @@ -510,6 +510,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, fx2txt(status)); do_close(conn, handle, handle_len); xfree(handle); + buffer_free(&msg); return(status); } } else if (type != SSH2_FXP_NAME) @@ -756,7 +757,8 @@ do_realpath(struct sftp_conn *conn, char *path) longname = buffer_get_string(&msg, NULL); a = decode_attrib(&msg); - debug3("SSH_FXP_REALPATH %s -> %s", path, filename); + debug3("SSH_FXP_REALPATH %s -> %s size %lu", path, filename, + (unsigned long)a->size); xfree(longname); @@ -805,15 +807,15 @@ do_hardlink(struct sftp_conn *conn, char *oldpath, char *newpath) Buffer msg; u_int status, id; - buffer_init(&msg); - - /* Send link request */ - id = conn->msg_id++; if ((conn->exts & SFTP_EXT_HARDLINK) == 0) { error("Server does not support hardlink@openssh.com extension"); return -1; } + buffer_init(&msg); + + /* Send link request */ + id = conn->msg_id++; buffer_put_char(&msg, SSH2_FXP_EXTENDED); buffer_put_int(&msg, id); buffer_put_cstring(&msg, "hardlink@openssh.com"); @@ -889,6 +891,7 @@ do_readlink(struct sftp_conn *conn, char *path) u_int status = buffer_get_int(&msg); error("Couldn't readlink: %s", fx2txt(status)); + buffer_free(&msg); return(NULL); } else if (type != SSH2_FXP_NAME) fatal("Expected SSH2_FXP_NAME(%u) packet, got %u", diff --git a/crypto/openssh/sftp-glob.c b/crypto/openssh/sftp-glob.c index cdc270827..06bf157ca 100644 --- a/crypto/openssh/sftp-glob.c +++ b/crypto/openssh/sftp-glob.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-glob.c,v 1.22 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: sftp-glob.c,v 1.23 2011/10/04 14:17:32 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -111,7 +111,7 @@ fudge_lstat(const char *path, struct stat *st) { Attrib *a; - if (!(a = do_lstat(cur.conn, (char *)path, 0))) + if (!(a = do_lstat(cur.conn, (char *)path, 1))) return(-1); attrib_to_stat(a, st); @@ -124,7 +124,7 @@ fudge_stat(const char *path, struct stat *st) { Attrib *a; - if (!(a = do_stat(cur.conn, (char *)path, 0))) + if (!(a = do_stat(cur.conn, (char *)path, 1))) return(-1); attrib_to_stat(a, st); diff --git a/crypto/openssh/sftp-server.c b/crypto/openssh/sftp-server.c index b268d0883..9d01c7d79 100644 --- a/crypto/openssh/sftp-server.c +++ b/crypto/openssh/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.93 2010/12/04 00:18:01 djm Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.94 2011/06/17 21:46:16 djm Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -68,7 +68,7 @@ Buffer iqueue; Buffer oqueue; /* Version of client */ -int version; +u_int version; /* Disable writes */ int readonly; @@ -522,7 +522,7 @@ process_init(void) Buffer msg; version = get_int(); - verbose("received client version %d", version); + verbose("received client version %u", version); buffer_init(&msg); buffer_put_char(&msg, SSH2_FXP_VERSION); buffer_put_int(&msg, SSH2_FILEXFER_VERSION); diff --git a/crypto/openssh/sftp.1 b/crypto/openssh/sftp.1 index 416948291..5ff9e66ce 100644 --- a/crypto/openssh/sftp.1 +++ b/crypto/openssh/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.88 2010/12/04 00:18:01 djm Exp $ +.\" $OpenBSD: sftp.1,v 1.91 2011/09/05 05:56:13 djm Exp $ .\" $FreeBSD$ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. @@ -23,7 +23,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd December 4, 2010 +.Dd September 5 2011 .Dt SFTP 1 .Os .Sh NAME @@ -90,6 +90,10 @@ to obviate the need to enter a password at connection time (see and .Xr ssh-keygen 1 for details). +.Pp +Since some usage formats use colon characters to delimit host names from path +names, IPv6 addresses must be enclosed in square brackets to avoid ambiguity. +.Pp The options are as follows: .Bl -tag -width Ds .It Fl 1 @@ -191,6 +195,7 @@ For full details of the options listed below, and their possible values, see .It ConnectTimeout .It ControlMaster .It ControlPath +.It ControlPersist .It GlobalKnownHostsFile .It GSSAPIAuthentication .It GSSAPIDelegateCredentials @@ -203,6 +208,7 @@ For full details of the options listed below, and their possible values, see .It IdentityFile .It IdentitiesOnly .It IPQoS +.It KbdInteractiveAuthentication .It KbdInteractiveDevices .It KexAlgorithms .It LogLevel @@ -242,7 +248,7 @@ diagnostic messages from Specify how many requests may be outstanding at any one time. Increasing this may slightly improve file transfer speed but will increase memory usage. -The default is 256 outstanding requests providing for 8MB +The default is 256 outstanding requests providing for 8MB of outstanding data with a 32KB buffer. .It Fl r Recursively copy entire directories when uploading and downloading. @@ -481,7 +487,7 @@ is specified, then .Ar remote-path must specify a directory. .Pp -If ether the +If either the .Fl P or .Fl p diff --git a/crypto/openssh/sftp.c b/crypto/openssh/sftp.c index 0fb420a89..20fb50147 100644 --- a/crypto/openssh/sftp.c +++ b/crypto/openssh/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.132 2010/12/04 00:18:01 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.136 2012/06/22 14:36:33 dtucker Exp $ */ /* $FreeBSD$ */ /* * Copyright (c) 2001-2004 Damien Miller @@ -784,7 +784,6 @@ static int do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, int lflag) { - Attrib *a = NULL; char *fname, *lname; glob_t g; int err; @@ -794,7 +793,8 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, memset(&g, 0, sizeof(g)); if (remote_glob(conn, path, - GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE|GLOB_KEEPSTAT, NULL, &g) || + GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE|GLOB_KEEPSTAT|GLOB_NOSORT, + NULL, &g) || (g.gl_pathc && !g.gl_matchc)) { if (g.gl_pathc) globfree(&g); @@ -829,7 +829,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, colspace = width / columns; } - for (i = 0; g.gl_pathv[i] && !interrupted; i++, a = NULL) { + for (i = 0; g.gl_pathv[i] && !interrupted; i++) { fname = path_strip(g.gl_pathv[i], strip_path); if (lflag & LS_LONG_VIEW) { if (g.gl_statv[i] == NULL) { @@ -1631,8 +1631,10 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote, } list[count] = NULL; - if (count == 0) + if (count == 0) { + xfree(list); return 0; + } /* Complete ambigious command */ tmp = complete_ambiguous(cmd, list, count); @@ -1932,13 +1934,8 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) xfree(dir); } -#if defined(HAVE_SETVBUF) && !defined(BROKEN_SETVBUF) - setvbuf(stdout, NULL, _IOLBF, 0); - setvbuf(infile, NULL, _IOLBF, 0); -#else setlinebuf(stdout); setlinebuf(infile); -#endif interactive = !batchmode && isatty(STDIN_FILENO); err = 0; diff --git a/crypto/openssh/ssh-add.1 b/crypto/openssh/ssh-add.1 index 4260cbdb8..dc6ffafbf 100644 --- a/crypto/openssh/ssh-add.1 +++ b/crypto/openssh/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.55 2010/10/28 18:33:28 jmc Exp $ +.\" $OpenBSD: ssh-add.1,v 1.56 2011/10/18 05:00:48 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd October 28, 2010 +.Dd October 18 2011 .Dt SSH-ADD 1 .Os .Sh NAME @@ -43,7 +43,7 @@ .Nd adds private key identities to the authentication agent .Sh SYNOPSIS .Nm ssh-add -.Op Fl cDdLlXx +.Op Fl cDdkLlXx .Op Fl t Ar life .Op Ar .Nm ssh-add @@ -110,6 +110,9 @@ and retry. .It Fl e Ar pkcs11 Remove keys provided by the PKCS#11 shared library .Ar pkcs11 . +.It Fl k +When loading keys into the agent, load plain private keys only and skip +certificates. .It Fl L Lists public key parameters of all identities currently represented by the agent. diff --git a/crypto/openssh/ssh-add.c b/crypto/openssh/ssh-add.c index 125d6645b..738644d27 100644 --- a/crypto/openssh/ssh-add.c +++ b/crypto/openssh/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.100 2010/08/31 12:33:38 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.103 2011/10/18 23:37:42 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -139,14 +139,18 @@ delete_all(AuthenticationConnection *ac) } static int -add_file(AuthenticationConnection *ac, const char *filename) +add_file(AuthenticationConnection *ac, const char *filename, int key_only) { Key *private, *cert; char *comment = NULL; - char msg[1024], *certpath; + char msg[1024], *certpath = NULL; int fd, perms_ok, ret = -1; + Buffer keyblob; - if ((fd = open(filename, O_RDONLY)) < 0) { + if (strcmp(filename, "-") == 0) { + fd = STDIN_FILENO; + filename = "(stdin)"; + } else if ((fd = open(filename, O_RDONLY)) < 0) { perror(filename); return -1; } @@ -155,18 +159,28 @@ add_file(AuthenticationConnection *ac, const char *filename) * Since we'll try to load a keyfile multiple times, permission errors * will occur multiple times, so check perms first and bail if wrong. */ - perms_ok = key_perm_ok(fd, filename); - close(fd); - if (!perms_ok) + if (fd != STDIN_FILENO) { + perms_ok = key_perm_ok(fd, filename); + if (!perms_ok) { + close(fd); + return -1; + } + } + buffer_init(&keyblob); + if (!key_load_file(fd, filename, &keyblob)) { + buffer_free(&keyblob); + close(fd); return -1; + } + close(fd); /* At first, try empty passphrase */ - private = key_load_private(filename, "", &comment); + private = key_parse_private(&keyblob, filename, "", &comment); if (comment == NULL) comment = xstrdup(filename); /* try last */ if (private == NULL && pass != NULL) - private = key_load_private(filename, pass, NULL); + private = key_parse_private(&keyblob, filename, pass, NULL); if (private == NULL) { /* clear passphrase since it did not work */ clear_pass(); @@ -177,9 +191,11 @@ add_file(AuthenticationConnection *ac, const char *filename) if (strcmp(pass, "") == 0) { clear_pass(); xfree(comment); + buffer_free(&keyblob); return -1; } - private = key_load_private(filename, pass, &comment); + private = key_parse_private(&keyblob, filename, pass, + &comment); if (private != NULL) break; clear_pass(); @@ -187,6 +203,7 @@ add_file(AuthenticationConnection *ac, const char *filename) "Bad passphrase, try again for %.200s: ", comment); } } + buffer_free(&keyblob); if (ssh_add_identity_constrained(ac, private, comment, lifetime, confirm)) { @@ -202,6 +219,9 @@ add_file(AuthenticationConnection *ac, const char *filename) fprintf(stderr, "Could not add identity: %s\n", filename); } + /* Skip trying to load the cert if requested */ + if (key_only) + goto out; /* Now try to add the certificate flavour too */ xasprintf(&certpath, "%s-cert.pub", filename); @@ -236,7 +256,8 @@ add_file(AuthenticationConnection *ac, const char *filename) if (confirm != 0) fprintf(stderr, "The user must confirm each use of the key\n"); out: - xfree(certpath); + if (certpath != NULL) + xfree(certpath); xfree(comment); key_free(private); @@ -330,13 +351,13 @@ lock_agent(AuthenticationConnection *ac, int lock) } static int -do_file(AuthenticationConnection *ac, int deleting, char *file) +do_file(AuthenticationConnection *ac, int deleting, int key_only, char *file) { if (deleting) { if (delete_file(ac, file) == -1) return -1; } else { - if (add_file(ac, file) == -1) + if (add_file(ac, file, key_only) == -1) return -1; } return 0; @@ -349,12 +370,13 @@ usage(void) fprintf(stderr, "Options:\n"); fprintf(stderr, " -l List fingerprints of all identities.\n"); fprintf(stderr, " -L List public key parameters of all identities.\n"); + fprintf(stderr, " -k Load only keys and not certificates.\n"); + fprintf(stderr, " -c Require confirmation to sign using identities\n"); + fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); fprintf(stderr, " -d Delete identity.\n"); fprintf(stderr, " -D Delete all identities.\n"); fprintf(stderr, " -x Lock agent.\n"); fprintf(stderr, " -X Unlock agent.\n"); - fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); - fprintf(stderr, " -c Require confirmation to sign using identities\n"); fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n"); fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n"); } @@ -366,13 +388,12 @@ main(int argc, char **argv) extern int optind; AuthenticationConnection *ac = NULL; char *pkcs11provider = NULL; - int i, ch, deleting = 0, ret = 0; + int i, ch, deleting = 0, ret = 0, key_only = 0; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); __progname = ssh_get_progname(argv[0]); - init_rng(); seed_rng(); OpenSSL_add_all_algorithms(); @@ -384,8 +405,11 @@ main(int argc, char **argv) "Could not open a connection to your authentication agent.\n"); exit(2); } - while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) { + while ((ch = getopt(argc, argv, "klLcdDxXe:s:t:")) != -1) { switch (ch) { + case 'k': + key_only = 1; + break; case 'l': case 'L': if (list_identities(ac, ch == 'l' ? 1 : 0) == -1) @@ -451,7 +475,7 @@ main(int argc, char **argv) default_files[i]); if (stat(buf, &st) < 0) continue; - if (do_file(ac, deleting, buf) == -1) + if (do_file(ac, deleting, key_only, buf) == -1) ret = 1; else count++; @@ -460,7 +484,7 @@ main(int argc, char **argv) ret = 1; } else { for (i = 0; i < argc; i++) { - if (do_file(ac, deleting, argv[i]) == -1) + if (do_file(ac, deleting, key_only, argv[i]) == -1) ret = 1; } } diff --git a/crypto/openssh/ssh-agent.1 b/crypto/openssh/ssh-agent.1 index 7f4942f2f..b14461570 100644 --- a/crypto/openssh/ssh-agent.1 +++ b/crypto/openssh/ssh-agent.1 @@ -44,7 +44,7 @@ .Sh SYNOPSIS .Nm ssh-agent .Op Fl c | s -.Op Fl d +.Op Fl dx .Op Fl a Ar bind_address .Op Fl t Ar life .Op Ar command Op Ar arg ... @@ -103,6 +103,8 @@ A lifetime specified for an identity with .Xr ssh-add 1 overrides this value. Without this option the default maximum lifetime is forever. +.It Fl x +Exit after the last client has disconnected. .El .Pp If a commandline is given, this is executed as a subprocess of the agent. diff --git a/crypto/openssh/ssh-agent.c b/crypto/openssh/ssh-agent.c index d8af4e460..9d4e0c9c6 100644 --- a/crypto/openssh/ssh-agent.c +++ b/crypto/openssh/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.171 2010/11/21 01:01:13 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.172 2011/06/03 01:37:40 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -138,15 +138,34 @@ extern char *__progname; /* Default lifetime (0 == forever) */ static int lifetime = 0; +/* + * Client connection count; incremented in new_socket() and decremented in + * close_socket(). When it reaches 0, ssh-agent will exit. Since it is + * normally initialized to 1, it will never reach 0. However, if the -x + * option is specified, it is initialized to 0 in main(); in that case, + * ssh-agent will exit as soon as it has had at least one client but no + * longer has any. + */ +static int xcount = 1; + static void close_socket(SocketEntry *e) { + int last = 0; + + if (e->type == AUTH_CONNECTION) { + debug("xcount %d -> %d", xcount, xcount - 1); + if (--xcount == 0) + last = 1; + } close(e->fd); e->fd = -1; e->type = AUTH_UNUSED; buffer_free(&e->input); buffer_free(&e->output); buffer_free(&e->request); + if (last) + cleanup_exit(0); } static void @@ -901,6 +920,10 @@ new_socket(sock_type type, int fd) { u_int i, old_alloc, new_alloc; + if (type == AUTH_CONNECTION) { + debug("xcount %d -> %d", xcount, xcount + 1); + ++xcount; + } set_nonblock(fd); if (fd > max_fd) @@ -1098,7 +1121,11 @@ cleanup_handler(int sig) static void check_parent_exists(void) { - if (parent_pid != -1 && kill(parent_pid, 0) < 0) { + /* + * If our parent has exited then getppid() will return (pid_t)1, + * so testing for that should be safe. + */ + if (parent_pid != -1 && getppid() != parent_pid) { /* printf("Parent has died - Authentication agent exiting.\n"); */ cleanup_socket(); _exit(2); @@ -1117,6 +1144,7 @@ usage(void) fprintf(stderr, " -d Debug mode.\n"); fprintf(stderr, " -a socket Bind agent socket to given name.\n"); fprintf(stderr, " -t life Default identity lifetime (seconds).\n"); + fprintf(stderr, " -x Exit when the last client disconnects.\n"); exit(1); } @@ -1156,10 +1184,9 @@ main(int ac, char **av) OpenSSL_add_all_algorithms(); __progname = ssh_get_progname(av[0]); - init_rng(); seed_rng(); - while ((ch = getopt(ac, av, "cdksa:t:")) != -1) { + while ((ch = getopt(ac, av, "cdksa:t:x")) != -1) { switch (ch) { case 'c': if (s_flag) @@ -1188,6 +1215,9 @@ main(int ac, char **av) usage(); } break; + case 'x': + xcount = 0; + break; default: usage(); } @@ -1347,8 +1377,7 @@ skip: if (ac > 0) parent_alive_interval = 10; idtab_init(); - if (!d_flag) - signal(SIGINT, SIG_IGN); + signal(SIGINT, d_flag ? cleanup_handler : SIG_IGN); signal(SIGPIPE, SIG_IGN); signal(SIGHUP, cleanup_handler); signal(SIGTERM, cleanup_handler); diff --git a/crypto/openssh/ssh-ecdsa.c b/crypto/openssh/ssh-ecdsa.c index c8276b460..085468ee7 100644 --- a/crypto/openssh/ssh-ecdsa.c +++ b/crypto/openssh/ssh-ecdsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-ecdsa.c,v 1.4 2010/09/10 01:04:10 djm Exp $ */ +/* $OpenBSD: ssh-ecdsa.c,v 1.5 2012/01/08 13:17:11 miod Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -145,6 +145,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, buffer_get_bignum2(&bb, sig->s); if (buffer_len(&bb) != 0) fatal("%s: remaining bytes in inner sigblob", __func__); + buffer_free(&bb); /* clean up */ memset(sigblob, 0, len); diff --git a/crypto/openssh/ssh-keygen.1 b/crypto/openssh/ssh-keygen.1 index 2e8727ba1..2613083a7 100644 --- a/crypto/openssh/ssh-keygen.1 +++ b/crypto/openssh/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.101 2010/10/28 18:33:28 jmc Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.109 2012/07/06 00:41:59 dtucker Exp $ .\" $FreeBSD$ .\" .\" Author: Tatu Ylonen @@ -36,7 +36,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd October 28, 2010 +.Dd July 6 2012 .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -105,6 +105,9 @@ .Fl f Ar input_file .Op Fl v .Op Fl a Ar num_trials +.Op Fl J Ar num_lines +.Op Fl j Ar start_line +.Op Fl K Ar checkpt .Op Fl W Ar generator .Nm ssh-keygen .Fl s Ar ca_key @@ -118,6 +121,8 @@ .Nm ssh-keygen .Fl L .Op Fl f Ar input_keyfile +.Nm ssh-keygen +.Fl A .Ek .Sh DESCRIPTION .Nm @@ -174,9 +179,8 @@ The passphrase can be changed later by using the option. .Pp There is no way to recover a lost passphrase. -If the passphrase is -lost or forgotten, a new key must be generated and copied to the -corresponding public key to other machines. +If the passphrase is lost or forgotten, a new key must be generated +and the corresponding public key copied to other machines. .Pp For RSA1 keys, there is also a comment field in the key file that is only for @@ -193,6 +197,13 @@ should be placed to be activated. .Pp The options are as follows: .Bl -tag -width Ds +.It Fl A +For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys +do not exist, generate the host keys with the default key file path, +an empty passphrase, default bits for the key type, and default comment. +This is used by +.Pa /etc/rc +to generate new host keys. .It Fl a Ar trials Specifies the number of primality tests to perform when screening DH-GEX candidates using the @@ -205,6 +216,12 @@ Specifies the number of bits in the key to create. For RSA keys, the minimum size is 768 bits and the default is 2048 bits. Generally, 2048 bits is considered sufficient. DSA keys must be exactly 1024 bits as specified by FIPS 186-2. +For ECDSA keys, the +.Fl b +flag determines the key length by selecting from one of three elliptic +curve sizes: 256, 384 or 521 bits. +Attempting to use bit lengths other than these three values for ECDSA keys +will fail. .It Fl C Ar comment Provides a new comment. .It Fl c @@ -283,6 +300,24 @@ in the format specified by the .Fl m option and print an OpenSSH compatible private (or public) key to stdout. +.It Fl J Ar num_lines +Exit after screening the specified number of lines +while performing DH candidate screening using the +.Fl T +option. +.It Fl j Ar start_line +Start screening at the specified line number +while performing DH candidate screening using the +.Fl T +option. +.It Fl K Ar checkpt +Write the last line processed to the file +.Ar checkpt +while performing DH candidate screening using the +.Fl T +option. +This will be used to skip lines in the input file that have already been +processed if the job is restarted. This option allows importing keys from other software, including several commercial SSH implementations. The default import format is @@ -394,9 +429,6 @@ new passphrase. .It Fl q Silence .Nm ssh-keygen . -Used by -.Pa /etc/rc -when creating a new key. .It Fl R Ar hostname Removes all keys belonging to .Ar hostname @@ -499,7 +531,7 @@ This may be overridden using the .Fl S option, which specifies a different start point (in hex). .Pp -Once a set of candidates have been generated, they must be tested for +Once a set of candidates have been generated, they must be screened for suitability. This may be performed using the .Fl T diff --git a/crypto/openssh/ssh-keygen.c b/crypto/openssh/ssh-keygen.c index c95e4ab29..a223ddc81 100644 --- a/crypto/openssh/ssh-keygen.c +++ b/crypto/openssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.205 2011/01/11 06:13:10 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.216 2012/07/06 06:38:03 jmc Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -49,10 +49,7 @@ #include "hostfile.h" #include "dns.h" #include "ssh2.h" - -#ifdef ENABLE_PKCS11 #include "ssh-pkcs11.h" -#endif /* Number of bits in the RSA/DSA key. This value can be set on the command line. */ #define DEFAULT_BITS 2048 @@ -157,7 +154,40 @@ char hostname[MAXHOSTNAMELEN]; /* moduli.c */ int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); -int prime_test(FILE *, FILE *, u_int32_t, u_int32_t); +int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long, + unsigned long); + +static void +type_bits_valid(int type, u_int32_t *bitsp) +{ + u_int maxbits; + + if (type == KEY_UNSPEC) { + fprintf(stderr, "unknown key type %s\n", key_type_name); + exit(1); + } + if (*bitsp == 0) { + if (type == KEY_DSA) + *bitsp = DEFAULT_BITS_DSA; + else if (type == KEY_ECDSA) + *bitsp = DEFAULT_BITS_ECDSA; + else + *bitsp = DEFAULT_BITS; + } + maxbits = (type == KEY_DSA) ? + OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; + if (*bitsp > maxbits) { + fprintf(stderr, "key bits exceeds maximum %d\n", maxbits); + exit(1); + } + if (type == KEY_DSA && *bitsp != 1024) + fatal("DSA keys must be 1024 bits"); + else if (type != KEY_ECDSA && *bitsp < 768) + fatal("Key must at least be 768 bits"); + else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(*bitsp) == -1) + fatal("Invalid ECDSA key length - valid lengths are " + "256, 384 or 521 bits"); +} static void ask_filename(struct passwd *pw, const char *prompt) @@ -236,6 +266,10 @@ do_convert_to_ssh2(struct passwd *pw, Key *k) u_char *blob; char comment[61]; + if (k->type == KEY_RSA1) { + fprintf(stderr, "version 1 keys are not supported\n"); + exit(1); + } if (key_to_blob(k, &blob, &len) <= 0) { fprintf(stderr, "key_to_blob failed\n"); exit(1); @@ -259,6 +293,7 @@ static void do_convert_to_pkcs8(Key *k) { switch (key_type_plain(k->type)) { + case KEY_RSA1: case KEY_RSA: if (!PEM_write_RSA_PUBKEY(stdout, k->rsa)) fatal("PEM_write_RSA_PUBKEY failed"); @@ -283,6 +318,7 @@ static void do_convert_to_pem(Key *k) { switch (key_type_plain(k->type)) { + case KEY_RSA1: case KEY_RSA: if (!PEM_write_RSAPublicKey(stdout, k->rsa)) fatal("PEM_write_RSAPublicKey failed"); @@ -316,10 +352,6 @@ do_convert_to(struct passwd *pw) exit(1); } } - if (k->type == KEY_RSA1) { - fprintf(stderr, "version 1 keys are not supported\n"); - exit(1); - } switch (convert_format) { case FMT_RFC4716: @@ -817,6 +849,100 @@ do_fingerprint(struct passwd *pw) exit(0); } +static void +do_gen_all_hostkeys(struct passwd *pw) +{ + struct { + char *key_type; + char *key_type_display; + char *path; + } key_types[] = { + { "rsa1", "RSA1", _PATH_HOST_KEY_FILE }, + { "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE }, + { "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE }, +#ifdef OPENSSL_HAS_ECC + { "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE }, +#endif + { NULL, NULL, NULL } + }; + + int first = 0; + struct stat st; + Key *private, *public; + char comment[1024]; + int i, type, fd; + FILE *f; + + for (i = 0; key_types[i].key_type; i++) { + if (stat(key_types[i].path, &st) == 0) + continue; + if (errno != ENOENT) { + printf("Could not stat %s: %s", key_types[i].path, + strerror(errno)); + first = 0; + continue; + } + + if (first == 0) { + first = 1; + printf("%s: generating new host keys: ", __progname); + } + printf("%s ", key_types[i].key_type_display); + fflush(stdout); + arc4random_stir(); + type = key_type_from_name(key_types[i].key_type); + strlcpy(identity_file, key_types[i].path, sizeof(identity_file)); + bits = 0; + type_bits_valid(type, &bits); + private = key_generate(type, bits); + if (private == NULL) { + fprintf(stderr, "key_generate failed\n"); + first = 0; + continue; + } + public = key_from_private(private); + snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, + hostname); + if (!key_save_private(private, identity_file, "", comment)) { + printf("Saving the key failed: %s.\n", identity_file); + key_free(private); + key_free(public); + first = 0; + continue; + } + key_free(private); + arc4random_stir(); + strlcat(identity_file, ".pub", sizeof(identity_file)); + fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); + if (fd == -1) { + printf("Could not save your public key in %s\n", + identity_file); + key_free(public); + first = 0; + continue; + } + f = fdopen(fd, "w"); + if (f == NULL) { + printf("fdopen %s failed\n", identity_file); + key_free(public); + first = 0; + continue; + } + if (!key_write(public, f)) { + fprintf(stderr, "write key failed\n"); + key_free(public); + first = 0; + continue; + } + fprintf(f, " %s\n", comment); + fclose(f); + key_free(public); + + } + if (first != 0) + printf("\n"); +} + static void printhost(FILE *f, const char *name, Key *public, int ca, int hash) { @@ -1329,6 +1455,9 @@ prepare_options_buf(Buffer *c, int which) if ((which & OPTIONS_CRITICAL) != 0 && certflags_command != NULL) add_string_option(c, "force-command", certflags_command); + if ((which & OPTIONS_EXTENSIONS) != 0 && + (certflags_flags & CERTOPT_X_FWD) != 0) + add_flag_option(c, "permit-X11-forwarding"); if ((which & OPTIONS_EXTENSIONS) != 0 && (certflags_flags & CERTOPT_AGENT_FWD) != 0) add_flag_option(c, "permit-agent-forwarding"); @@ -1341,9 +1470,6 @@ prepare_options_buf(Buffer *c, int which) if ((which & OPTIONS_EXTENSIONS) != 0 && (certflags_flags & CERTOPT_USER_RC) != 0) add_flag_option(c, "permit-user-rc"); - if ((which & OPTIONS_EXTENSIONS) != 0 && - (certflags_flags & CERTOPT_X_FWD) != 0) - add_flag_option(c, "permit-X11-forwarding"); if ((which & OPTIONS_CRITICAL) != 0 && certflags_src_addr != NULL) add_string_option(c, "source-address", certflags_src_addr); @@ -1593,7 +1719,7 @@ add_cert_option(char *opt) { char *val; - if (strcmp(opt, "clear") == 0) + if (strcasecmp(opt, "clear") == 0) certflags_flags = 0; else if (strcasecmp(opt, "no-x11-forwarding") == 0) certflags_flags &= ~CERTOPT_X_FWD; @@ -1745,6 +1871,7 @@ usage(void) { fprintf(stderr, "usage: %s [options]\n", __progname); fprintf(stderr, "Options:\n"); + fprintf(stderr, " -A Generate non-existent host keys for all key types.\n"); fprintf(stderr, " -a trials Number of trials for screening DH-GEX moduli.\n"); fprintf(stderr, " -B Show bubblebabble digest of key file.\n"); fprintf(stderr, " -b bits Number of bits in the key to create.\n"); @@ -1762,6 +1889,9 @@ usage(void) fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n"); fprintf(stderr, " -I key_id Key identifier to include in certificate.\n"); fprintf(stderr, " -i Import foreign format to OpenSSH key file.\n"); + fprintf(stderr, " -J number Screen this number of moduli lines.\n"); + fprintf(stderr, " -j number Start screening moduli at specified line.\n"); + fprintf(stderr, " -K checkpt Write checkpoints to this file.\n"); fprintf(stderr, " -L Print the contents of a certificate.\n"); fprintf(stderr, " -l Show fingerprint of key file.\n"); fprintf(stderr, " -M memory Amount of memory (MB) to use for generating DH-GEX moduli.\n"); @@ -1794,14 +1924,16 @@ int main(int argc, char **argv) { char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2; + char *checkpoint = NULL; char out_file[MAXPATHLEN], *rr_hostname = NULL; Key *private, *public; struct passwd *pw; struct stat st; int opt, type, fd; - u_int maxbits; u_int32_t memory = 0, generator_wanted = 0, trials = 100; int do_gen_candidates = 0, do_screen_candidates = 0; + int gen_all_hostkeys = 0; + unsigned long start_lineno = 0, lines_to_process = 0; BIGNUM *start = NULL; FILE *f; const char *errstr; @@ -1817,7 +1949,6 @@ main(int argc, char **argv) OpenSSL_add_all_algorithms(); log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); - init_rng(); seed_rng(); /* we need this for the home * directory. */ @@ -1831,9 +1962,12 @@ main(int argc, char **argv) exit(1); } - while ((opt = getopt(argc, argv, "degiqpclBHLhvxXyF:b:f:t:D:I:P:m:N:n:" - "O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) { + while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:J:j:K:P:" + "m:N:n:O:C:r:g:R:T:G:M:S:s:a:V:W:z")) != -1) { switch (opt) { + case 'A': + gen_all_hostkeys = 1; + break; case 'b': bits = (u_int32_t)strtonum(optarg, 256, 32768, &errstr); if (errstr) @@ -1850,6 +1984,12 @@ main(int argc, char **argv) case 'I': cert_key_id = optarg; break; + case 'J': + lines_to_process = strtoul(optarg, NULL, 10); + break; + case 'j': + start_lineno = strtoul(optarg, NULL, 10); + break; case 'R': delete_host = 1; rr_hostname = optarg; @@ -1928,9 +2068,6 @@ main(int argc, char **argv) case 'y': print_public = 1; break; - case 'd': - key_type_name = "dsa"; - break; case 's': ca_key_path = optarg; break; @@ -1982,6 +2119,11 @@ main(int argc, char **argv) sizeof(out_file)) fatal("Output filename too long"); break; + case 'K': + if (strlen(optarg) >= MAXPATHLEN) + fatal("Checkpoint filename too long"); + checkpoint = xstrdup(optarg); + break; case 'S': /* XXX - also compare length against bits */ if (BN_hex2bn(&start, optarg) == 0) @@ -2062,6 +2204,8 @@ main(int argc, char **argv) _PATH_HOST_RSA_KEY_FILE, rr_hostname); n += do_print_resource_record(pw, _PATH_HOST_DSA_KEY_FILE, rr_hostname); + n += do_print_resource_record(pw, + _PATH_HOST_ECDSA_KEY_FILE, rr_hostname); if (n == 0) fatal("no keys found."); @@ -2104,42 +2248,25 @@ main(int argc, char **argv) fatal("Couldn't open moduli file \"%s\": %s", out_file, strerror(errno)); } - if (prime_test(in, out, trials, generator_wanted) != 0) + if (prime_test(in, out, trials, generator_wanted, checkpoint, + start_lineno, lines_to_process) != 0) fatal("modulus screening failed"); return (0); } + if (gen_all_hostkeys) { + do_gen_all_hostkeys(pw); + return (0); + } + arc4random_stir(); if (key_type_name == NULL) key_type_name = "rsa"; type = key_type_from_name(key_type_name); - if (type == KEY_UNSPEC) { - fprintf(stderr, "unknown key type %s\n", key_type_name); - exit(1); - } - if (bits == 0) { - if (type == KEY_DSA) - bits = DEFAULT_BITS_DSA; - else if (type == KEY_ECDSA) - bits = DEFAULT_BITS_ECDSA; - else - bits = DEFAULT_BITS; - } - maxbits = (type == KEY_DSA) ? - OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; - if (bits > maxbits) { - fprintf(stderr, "key bits exceeds maximum %d\n", maxbits); - exit(1); - } - if (type == KEY_DSA && bits != 1024) - fatal("DSA keys must be 1024 bits"); - else if (type != KEY_ECDSA && bits < 768) - fatal("Key must at least be 768 bits"); - else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(bits) == -1) - fatal("Invalid ECDSA key length - valid lengths are " - "256, 384 or 521 bits"); + type_bits_valid(type, &bits); + if (!quiet) printf("Generating public/private %s key pair.\n", key_type_name); private = key_generate(type, bits); diff --git a/crypto/openssh/ssh-keyscan.c b/crypto/openssh/ssh-keyscan.c index 2ba71ea60..878fac506 100644 --- a/crypto/openssh/ssh-keyscan.c +++ b/crypto/openssh/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.84 2011/01/04 20:44:13 otto Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.85 2011/03/15 10:36:02 okan Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -535,7 +535,7 @@ conloop(void) seltime.tv_sec--; } } else - seltime.tv_sec = seltime.tv_usec = 0; + timerclear(&seltime); r = xcalloc(read_wait_nfdset, sizeof(fd_mask)); e = xcalloc(read_wait_nfdset, sizeof(fd_mask)); @@ -620,7 +620,6 @@ main(int argc, char **argv) extern char *optarg; __progname = ssh_get_progname(argv[0]); - init_rng(); seed_rng(); TAILQ_INIT(&tq); diff --git a/crypto/openssh/ssh-keysign.c b/crypto/openssh/ssh-keysign.c index d05156005..1deb7e141 100644 --- a/crypto/openssh/ssh-keysign.c +++ b/crypto/openssh/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.35 2010/08/31 12:33:38 djm Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.36 2011/02/16 00:31:14 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -150,9 +150,10 @@ main(int argc, char **argv) { Buffer b; Options options; - Key *keys[2], *key = NULL; +#define NUM_KEYTYPES 3 + Key *keys[NUM_KEYTYPES], *key = NULL; struct passwd *pw; - int key_fd[2], i, found, version = 2, fd; + int key_fd[NUM_KEYTYPES], i, found, version = 2, fd; u_char *signature, *data; char *host; u_int slen, dlen; @@ -165,8 +166,10 @@ main(int argc, char **argv) if (fd > 2) close(fd); - key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); - key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); + i = 0; + key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); + key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY); + key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); original_real_uid = getuid(); /* XXX readconf.c needs this */ if ((pw = getpwuid(original_real_uid)) == NULL) @@ -175,7 +178,6 @@ main(int argc, char **argv) permanently_set_uid(pw); - init_rng(); seed_rng(); arc4random_stir(); @@ -191,7 +193,11 @@ main(int argc, char **argv) fatal("ssh-keysign not enabled in %s", _PATH_HOST_CONFIG_FILE); - if (key_fd[0] == -1 && key_fd[1] == -1) + for (i = found = 0; i < NUM_KEYTYPES; i++) { + if (key_fd[i] != -1) + found = 1; + } + if (found == 0) fatal("could not open any host key"); OpenSSL_add_all_algorithms(); @@ -200,7 +206,7 @@ main(int argc, char **argv) RAND_seed(rnd, sizeof(rnd)); found = 0; - for (i = 0; i < 2; i++) { + for (i = 0; i < NUM_KEYTYPES; i++) { keys[i] = NULL; if (key_fd[i] == -1) continue; @@ -230,7 +236,7 @@ main(int argc, char **argv) xfree(host); found = 0; - for (i = 0; i < 2; i++) { + for (i = 0; i < NUM_KEYTYPES; i++) { if (keys[i] != NULL && key_equal_public(key, keys[i])) { found = 1; diff --git a/crypto/openssh/ssh-pkcs11-client.c b/crypto/openssh/ssh-pkcs11-client.c index 650c37342..82b11daf5 100644 --- a/crypto/openssh/ssh-pkcs11-client.c +++ b/crypto/openssh/ssh-pkcs11-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-client.c,v 1.2 2010/02/24 06:12:53 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11-client.c,v 1.3 2012/01/16 20:34:09 miod Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -123,6 +123,7 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, buffer_put_int(&msg, 0); xfree(blob); send_msg(&msg); + buffer_clear(&msg); if (recv_msg(&msg) == SSH2_AGENT_SIGN_RESPONSE) { signature = buffer_get_string(&msg, &slen); @@ -132,6 +133,7 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, } xfree(signature); } + buffer_free(&msg); return (ret); } diff --git a/crypto/openssh/ssh-pkcs11-helper.c b/crypto/openssh/ssh-pkcs11-helper.c index 8e3f57ace..fcb5defc0 100644 --- a/crypto/openssh/ssh-pkcs11-helper.c +++ b/crypto/openssh/ssh-pkcs11-helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-helper.c,v 1.3 2010/02/24 06:12:53 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11-helper.c,v 1.4 2012/07/02 12:13:26 dtucker Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -168,13 +168,13 @@ process_sign(void) { u_char *blob, *data, *signature = NULL; u_int blen, dlen, slen = 0; - int ok = -1, flags, ret; + int ok = -1, ret; Key *key, *found; Buffer msg; blob = get_string(&blen); data = get_string(&dlen); - flags = get_int(); /* XXX ignore */ + (void)get_int(); /* XXX ignore flags */ if ((key = key_from_blob(blob, blen)) != NULL) { if ((found = lookup_key(key)) != NULL) { @@ -280,7 +280,6 @@ main(int argc, char **argv) TAILQ_INIT(&pkcs11_keylist); pkcs11_init(0); - init_rng(); seed_rng(); __progname = ssh_get_progname(argv[0]); diff --git a/crypto/openssh/ssh-pkcs11.c b/crypto/openssh/ssh-pkcs11.c index 286c232c7..1f4c1c8e4 100644 --- a/crypto/openssh/ssh-pkcs11.c +++ b/crypto/openssh/ssh-pkcs11.c @@ -590,4 +590,18 @@ fail: return (-1); } +#else + +int +pkcs11_init(int interactive) +{ + return (0); +} + +void +pkcs11_terminate(void) +{ + return; +} + #endif /* ENABLE_PKCS11 */ diff --git a/crypto/openssh/ssh-rand-helper.8 b/crypto/openssh/ssh-rand-helper.8 deleted file mode 100644 index af5a72fcb..000000000 --- a/crypto/openssh/ssh-rand-helper.8 +++ /dev/null @@ -1,94 +0,0 @@ -.\" $Id: ssh-rand-helper.8,v 1.3 2007/01/22 01:44:53 djm Exp $ -.\" -.\" Copyright (c) 2002 Damien Miller. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd April 14, 2002 -.Dt SSH-RAND-HELPER 8 -.Os -.Sh NAME -.Nm ssh-rand-helper -.Nd random number gatherer for OpenSSH -.Sh SYNOPSIS -.Nm ssh-rand-hlper -.Op Fl vxXh -.Op Fl b Ar bytes -.Sh DESCRIPTION -.Nm -is a small helper program used by -.Xr ssh 1 , -.Xr ssh-add 1 , -.Xr ssh-agent 1 , -.Xr ssh-keygen 1 , -.Xr ssh-keyscan 1 -and -.Xr sshd 8 -to gather random numbers of cryptographic quality if the -.Xr openssl 4 -library has not been configured to provide them itself. -.Pp -Normally -.Nm -will generate a strong random seed and provide it to the calling -program via standard output. If standard output is a tty, -.Nm -will instead print the seed in hexidecimal format unless told otherwise. -.Pp -.Nm -will by default gather random numbers from the system commands listed -in -.Pa /etc/ssh/ssh_prng_cmds . -The output of each of the commands listed will be hashed and used to -generate a random seed for the calling program. -.Nm -will also store seed files in -.Pa ~/.ssh/prng_seed -between executions. -.Pp -Alternately, -.Nm -may be configured at build time to collect random numbers from a -EGD/PRNGd server via a unix domain or localhost tcp socket. -.Pp -This program is not intended to be run by the end-user, so the few -commandline options are for debugging purposes only. -.Bl -tag -width Ds -.It Fl b Ar bytes -Specify the number of random bytes to include in the output. -.It Fl x -Output a hexidecimal instead of a binary seed. -.It Fl X -Force output of a binary seed, even if standard output is a tty -.It Fl v -Turn on debugging message. Multiple -.Fl v -options will increase the debugging level. -.It Fl h -Display a summary of options. -.El -.Sh AUTHORS -Damien Miller -.Sh SEE ALSO -.Xr ssh 1 , -.Xr ssh-add 1 , -.Xr ssh-keygen 1 , -.Xr sshd 8 diff --git a/crypto/openssh/ssh-rand-helper.c b/crypto/openssh/ssh-rand-helper.c deleted file mode 100644 index fa5070499..000000000 --- a/crypto/openssh/ssh-rand-helper.c +++ /dev/null @@ -1,932 +0,0 @@ -/* - * Copyright (c) 2001-2002 Damien Miller. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include -#include -#include -#include -#include - -#include -#include -#include - -#include -#include - -#ifdef HAVE_SYS_UN_H -# include -#endif - -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -/* SunOS 4.4.4 needs this */ -#ifdef HAVE_FLOATINGPOINT_H -# include -#endif /* HAVE_FLOATINGPOINT_H */ - -#include "misc.h" -#include "xmalloc.h" -#include "atomicio.h" -#include "pathnames.h" -#include "log.h" - -/* Number of bytes we write out */ -#define OUTPUT_SEED_SIZE 48 - -/* Length of on-disk seedfiles */ -#define SEED_FILE_SIZE 1024 - -/* Maximum number of command-line arguments to read from file */ -#define NUM_ARGS 10 - -/* Minimum number of usable commands to be considered sufficient */ -#define MIN_ENTROPY_SOURCES 16 - -/* Path to on-disk seed file (relative to user's home directory */ -#ifndef SSH_PRNG_SEED_FILE -# define SSH_PRNG_SEED_FILE _PATH_SSH_USER_DIR"/prng_seed" -#endif - -/* Path to PRNG commands list */ -#ifndef SSH_PRNG_COMMAND_FILE -# define SSH_PRNG_COMMAND_FILE SSHDIR "/ssh_prng_cmds" -#endif - -extern char *__progname; - -#define WHITESPACE " \t\n" - -#ifndef RUSAGE_SELF -# define RUSAGE_SELF 0 -#endif -#ifndef RUSAGE_CHILDREN -# define RUSAGE_CHILDREN 0 -#endif - -#if !defined(PRNGD_SOCKET) && !defined(PRNGD_PORT) -# define USE_SEED_FILES -#endif - -typedef struct { - /* Proportion of data that is entropy */ - double rate; - /* Counter goes positive if this command times out */ - unsigned int badness; - /* Increases by factor of two each timeout */ - unsigned int sticky_badness; - /* Path to executable */ - char *path; - /* argv to pass to executable */ - char *args[NUM_ARGS]; /* XXX: arbitrary limit */ - /* full command string (debug) */ - char *cmdstring; -} entropy_cmd_t; - -/* slow command timeouts (all in milliseconds) */ -/* static int entropy_timeout_default = ENTROPY_TIMEOUT_MSEC; */ -static int entropy_timeout_current = ENTROPY_TIMEOUT_MSEC; - -/* this is initialised from a file, by prng_read_commands() */ -static entropy_cmd_t *entropy_cmds = NULL; - -/* Prototypes */ -double stir_from_system(void); -double stir_from_programs(void); -double stir_gettimeofday(double entropy_estimate); -double stir_clock(double entropy_estimate); -double stir_rusage(int who, double entropy_estimate); -double hash_command_output(entropy_cmd_t *src, unsigned char *hash); -int get_random_bytes_prngd(unsigned char *buf, int len, - unsigned short tcp_port, char *socket_path); - -/* - * Collect 'len' bytes of entropy into 'buf' from PRNGD/EGD daemon - * listening either on 'tcp_port', or via Unix domain socket at * - * 'socket_path'. - * Either a non-zero tcp_port or a non-null socket_path must be - * supplied. - * Returns 0 on success, -1 on error - */ -int -get_random_bytes_prngd(unsigned char *buf, int len, - unsigned short tcp_port, char *socket_path) -{ - int fd, addr_len, rval, errors; - u_char msg[2]; - struct sockaddr_storage addr; - struct sockaddr_in *addr_in = (struct sockaddr_in *)&addr; - struct sockaddr_un *addr_un = (struct sockaddr_un *)&addr; - mysig_t old_sigpipe; - - /* Sanity checks */ - if (socket_path == NULL && tcp_port == 0) - fatal("You must specify a port or a socket"); - if (socket_path != NULL && - strlen(socket_path) >= sizeof(addr_un->sun_path)) - fatal("Random pool path is too long"); - if (len <= 0 || len > 255) - fatal("Too many bytes (%d) to read from PRNGD", len); - - memset(&addr, '\0', sizeof(addr)); - - if (tcp_port != 0) { - addr_in->sin_family = AF_INET; - addr_in->sin_addr.s_addr = htonl(INADDR_LOOPBACK); - addr_in->sin_port = htons(tcp_port); - addr_len = sizeof(*addr_in); - } else { - addr_un->sun_family = AF_UNIX; - strlcpy(addr_un->sun_path, socket_path, - sizeof(addr_un->sun_path)); - addr_len = offsetof(struct sockaddr_un, sun_path) + - strlen(socket_path) + 1; - } - - old_sigpipe = mysignal(SIGPIPE, SIG_IGN); - - errors = 0; - rval = -1; -reopen: - fd = socket(addr.ss_family, SOCK_STREAM, 0); - if (fd == -1) { - error("Couldn't create socket: %s", strerror(errno)); - goto done; - } - - if (connect(fd, (struct sockaddr*)&addr, addr_len) == -1) { - if (tcp_port != 0) { - error("Couldn't connect to PRNGD port %d: %s", - tcp_port, strerror(errno)); - } else { - error("Couldn't connect to PRNGD socket \"%s\": %s", - addr_un->sun_path, strerror(errno)); - } - goto done; - } - - /* Send blocking read request to PRNGD */ - msg[0] = 0x02; - msg[1] = len; - - if (atomicio(vwrite, fd, msg, sizeof(msg)) != sizeof(msg)) { - if (errno == EPIPE && errors < 10) { - close(fd); - errors++; - goto reopen; - } - error("Couldn't write to PRNGD socket: %s", - strerror(errno)); - goto done; - } - - if (atomicio(read, fd, buf, len) != (size_t)len) { - if (errno == EPIPE && errors < 10) { - close(fd); - errors++; - goto reopen; - } - error("Couldn't read from PRNGD socket: %s", - strerror(errno)); - goto done; - } - - rval = 0; -done: - mysignal(SIGPIPE, old_sigpipe); - if (fd != -1) - close(fd); - return rval; -} - -static int -seed_from_prngd(unsigned char *buf, size_t bytes) -{ -#ifdef PRNGD_PORT - debug("trying egd/prngd port %d", PRNGD_PORT); - if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == 0) - return 0; -#endif -#ifdef PRNGD_SOCKET - debug("trying egd/prngd socket %s", PRNGD_SOCKET); - if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == 0) - return 0; -#endif - return -1; -} - -double -stir_gettimeofday(double entropy_estimate) -{ - struct timeval tv; - - if (gettimeofday(&tv, NULL) == -1) - fatal("Couldn't gettimeofday: %s", strerror(errno)); - - RAND_add(&tv, sizeof(tv), entropy_estimate); - - return entropy_estimate; -} - -double -stir_clock(double entropy_estimate) -{ -#ifdef HAVE_CLOCK - clock_t c; - - c = clock(); - RAND_add(&c, sizeof(c), entropy_estimate); - - return entropy_estimate; -#else /* _HAVE_CLOCK */ - return 0; -#endif /* _HAVE_CLOCK */ -} - -double -stir_rusage(int who, double entropy_estimate) -{ -#ifdef HAVE_GETRUSAGE - struct rusage ru; - - if (getrusage(who, &ru) == -1) - return 0; - - RAND_add(&ru, sizeof(ru), entropy_estimate); - - return entropy_estimate; -#else /* _HAVE_GETRUSAGE */ - return 0; -#endif /* _HAVE_GETRUSAGE */ -} - -static int -timeval_diff(struct timeval *t1, struct timeval *t2) -{ - int secdiff, usecdiff; - - secdiff = t2->tv_sec - t1->tv_sec; - usecdiff = (secdiff*1000000) + (t2->tv_usec - t1->tv_usec); - return (int)(usecdiff / 1000); -} - -double -hash_command_output(entropy_cmd_t *src, unsigned char *hash) -{ - char buf[8192]; - fd_set rdset; - int bytes_read, cmd_eof, error_abort, msec_elapsed, p[2]; - int status, total_bytes_read; - static int devnull = -1; - pid_t pid; - SHA_CTX sha; - struct timeval tv_start, tv_current; - - debug3("Reading output from \'%s\'", src->cmdstring); - - if (devnull == -1) { - devnull = open("/dev/null", O_RDWR); - if (devnull == -1) - fatal("Couldn't open /dev/null: %s", - strerror(errno)); - } - - if (pipe(p) == -1) - fatal("Couldn't open pipe: %s", strerror(errno)); - - (void)gettimeofday(&tv_start, NULL); /* record start time */ - - switch (pid = fork()) { - case -1: /* Error */ - close(p[0]); - close(p[1]); - fatal("Couldn't fork: %s", strerror(errno)); - /* NOTREACHED */ - case 0: /* Child */ - dup2(devnull, STDIN_FILENO); - dup2(p[1], STDOUT_FILENO); - dup2(p[1], STDERR_FILENO); - close(p[0]); - close(p[1]); - close(devnull); - - execv(src->path, (char**)(src->args)); - - debug("(child) Couldn't exec '%s': %s", - src->cmdstring, strerror(errno)); - _exit(-1); - default: /* Parent */ - break; - } - - RAND_add(&pid, sizeof(&pid), 0.0); - - close(p[1]); - - /* Hash output from child */ - SHA1_Init(&sha); - - cmd_eof = error_abort = msec_elapsed = total_bytes_read = 0; - while (!error_abort && !cmd_eof) { - int ret; - struct timeval tv; - int msec_remaining; - - (void) gettimeofday(&tv_current, 0); - msec_elapsed = timeval_diff(&tv_start, &tv_current); - if (msec_elapsed >= entropy_timeout_current) { - error_abort=1; - continue; - } - msec_remaining = entropy_timeout_current - msec_elapsed; - - FD_ZERO(&rdset); - FD_SET(p[0], &rdset); - tv.tv_sec = msec_remaining / 1000; - tv.tv_usec = (msec_remaining % 1000) * 1000; - - ret = select(p[0] + 1, &rdset, NULL, NULL, &tv); - - RAND_add(&tv, sizeof(tv), 0.0); - - switch (ret) { - case 0: - /* timer expired */ - error_abort = 1; - kill(pid, SIGINT); - break; - case 1: - /* command input */ - do { - bytes_read = read(p[0], buf, sizeof(buf)); - } while (bytes_read == -1 && errno == EINTR); - RAND_add(&bytes_read, sizeof(&bytes_read), 0.0); - if (bytes_read == -1) { - error_abort = 1; - break; - } else if (bytes_read) { - SHA1_Update(&sha, buf, bytes_read); - total_bytes_read += bytes_read; - } else { - cmd_eof = 1; - } - break; - case -1: - default: - /* error */ - debug("Command '%s': select() failed: %s", - src->cmdstring, strerror(errno)); - error_abort = 1; - break; - } - } - - SHA1_Final(hash, &sha); - - close(p[0]); - - debug3("Time elapsed: %d msec", msec_elapsed); - - if (waitpid(pid, &status, 0) == -1) { - error("Couldn't wait for child '%s' completion: %s", - src->cmdstring, strerror(errno)); - return 0.0; - } - - RAND_add(&status, sizeof(&status), 0.0); - - if (error_abort) { - /* - * Closing p[0] on timeout causes the entropy command to - * SIGPIPE. Take whatever output we got, and mark this - * command as slow - */ - debug2("Command '%s' timed out", src->cmdstring); - src->sticky_badness *= 2; - src->badness = src->sticky_badness; - return total_bytes_read; - } - - if (WIFEXITED(status)) { - if (WEXITSTATUS(status) == 0) { - return total_bytes_read; - } else { - debug2("Command '%s' exit status was %d", - src->cmdstring, WEXITSTATUS(status)); - src->badness = src->sticky_badness = 128; - return 0.0; - } - } else if (WIFSIGNALED(status)) { - debug2("Command '%s' returned on uncaught signal %d !", - src->cmdstring, status); - src->badness = src->sticky_badness = 128; - return 0.0; - } else - return 0.0; -} - -double -stir_from_system(void) -{ - double total_entropy_estimate; - long int i; - - total_entropy_estimate = 0; - - i = getpid(); - RAND_add(&i, sizeof(i), 0.5); - total_entropy_estimate += 0.1; - - i = getppid(); - RAND_add(&i, sizeof(i), 0.5); - total_entropy_estimate += 0.1; - - i = getuid(); - RAND_add(&i, sizeof(i), 0.0); - i = getgid(); - RAND_add(&i, sizeof(i), 0.0); - - total_entropy_estimate += stir_gettimeofday(1.0); - total_entropy_estimate += stir_clock(0.5); - total_entropy_estimate += stir_rusage(RUSAGE_SELF, 2.0); - - return total_entropy_estimate; -} - -double -stir_from_programs(void) -{ - int c; - double entropy, total_entropy; - unsigned char hash[SHA_DIGEST_LENGTH]; - - total_entropy = 0; - for(c = 0; entropy_cmds[c].path != NULL; c++) { - if (!entropy_cmds[c].badness) { - /* Hash output from command */ - entropy = hash_command_output(&entropy_cmds[c], - hash); - - /* Scale back estimate by command's rate */ - entropy *= entropy_cmds[c].rate; - - /* Upper bound of entropy is SHA_DIGEST_LENGTH */ - if (entropy > SHA_DIGEST_LENGTH) - entropy = SHA_DIGEST_LENGTH; - - /* Stir it in */ - RAND_add(hash, sizeof(hash), entropy); - - debug3("Got %0.2f bytes of entropy from '%s'", - entropy, entropy_cmds[c].cmdstring); - - total_entropy += entropy; - - /* Execution time should be a bit unpredictable */ - total_entropy += stir_gettimeofday(0.05); - total_entropy += stir_clock(0.05); - total_entropy += stir_rusage(RUSAGE_SELF, 0.1); - total_entropy += stir_rusage(RUSAGE_CHILDREN, 0.1); - } else { - debug2("Command '%s' disabled (badness %d)", - entropy_cmds[c].cmdstring, - entropy_cmds[c].badness); - - if (entropy_cmds[c].badness > 0) - entropy_cmds[c].badness--; - } - } - - return total_entropy; -} - -/* - * prng seedfile functions - */ -int -prng_check_seedfile(char *filename) -{ - struct stat st; - - /* - * XXX raceable: eg replace seed between this stat and subsequent - * open. Not such a problem because we don't really trust the - * seed file anyway. - * XXX: use secure path checking as elsewhere in OpenSSH - */ - if (lstat(filename, &st) == -1) { - /* Give up on hard errors */ - if (errno != ENOENT) - debug("WARNING: Couldn't stat random seed file " - "\"%.100s\": %s", filename, strerror(errno)); - return 0; - } - - /* regular file? */ - if (!S_ISREG(st.st_mode)) - fatal("PRNG seedfile %.100s is not a regular file", - filename); - - /* mode 0600, owned by root or the current user? */ - if (((st.st_mode & 0177) != 0) || !(st.st_uid == getuid())) { - debug("WARNING: PRNG seedfile %.100s must be mode 0600, " - "owned by uid %li", filename, (long int)getuid()); - return 0; - } - - return 1; -} - -void -prng_write_seedfile(void) -{ - int fd, save_errno; - unsigned char seed[SEED_FILE_SIZE]; - char filename[MAXPATHLEN], tmpseed[MAXPATHLEN]; - struct passwd *pw; - mode_t old_umask; - - pw = getpwuid(getuid()); - if (pw == NULL) - fatal("Couldn't get password entry for current user " - "(%li): %s", (long int)getuid(), strerror(errno)); - - /* Try to ensure that the parent directory is there */ - snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, - _PATH_SSH_USER_DIR); - if (mkdir(filename, 0700) < 0 && errno != EEXIST) - fatal("mkdir %.200s: %s", filename, strerror(errno)); - - snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, - SSH_PRNG_SEED_FILE); - - strlcpy(tmpseed, filename, sizeof(tmpseed)); - if (strlcat(tmpseed, ".XXXXXXXXXX", sizeof(tmpseed)) >= - sizeof(tmpseed)) - fatal("PRNG seed filename too long"); - - if (RAND_bytes(seed, sizeof(seed)) <= 0) - fatal("PRNG seed extraction failed"); - - /* Don't care if the seed doesn't exist */ - prng_check_seedfile(filename); - - old_umask = umask(0177); - - if ((fd = mkstemp(tmpseed)) == -1) { - debug("WARNING: couldn't make temporary PRNG seedfile %.100s " - "(%.100s)", tmpseed, strerror(errno)); - } else { - debug("writing PRNG seed to file %.100s", tmpseed); - if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed)) { - save_errno = errno; - close(fd); - unlink(tmpseed); - fatal("problem writing PRNG seedfile %.100s " - "(%.100s)", filename, strerror(save_errno)); - } - close(fd); - debug("moving temporary PRNG seed to file %.100s", filename); - if (rename(tmpseed, filename) == -1) { - save_errno = errno; - unlink(tmpseed); - fatal("problem renaming PRNG seedfile from %.100s " - "to %.100s (%.100s)", tmpseed, filename, - strerror(save_errno)); - } - } - umask(old_umask); -} - -void -prng_read_seedfile(void) -{ - int fd; - char seed[SEED_FILE_SIZE], filename[MAXPATHLEN]; - struct passwd *pw; - - pw = getpwuid(getuid()); - if (pw == NULL) - fatal("Couldn't get password entry for current user " - "(%li): %s", (long int)getuid(), strerror(errno)); - - snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, - SSH_PRNG_SEED_FILE); - - debug("loading PRNG seed from file %.100s", filename); - - if (!prng_check_seedfile(filename)) { - verbose("Random seed file not found or invalid, ignoring."); - return; - } - - /* open the file and read in the seed */ - fd = open(filename, O_RDONLY); - if (fd == -1) - fatal("could not open PRNG seedfile %.100s (%.100s)", - filename, strerror(errno)); - - if (atomicio(read, fd, &seed, sizeof(seed)) < sizeof(seed)) { - verbose("invalid or short read from PRNG seedfile " - "%.100s - ignoring", filename); - memset(seed, '\0', sizeof(seed)); - } - close(fd); - - /* stir in the seed, with estimated entropy zero */ - RAND_add(&seed, sizeof(seed), 0.0); -} - - -/* - * entropy command initialisation functions - */ -int -prng_read_commands(char *cmdfilename) -{ - char cmd[SEED_FILE_SIZE], *cp, line[1024], path[SEED_FILE_SIZE]; - double est; - entropy_cmd_t *entcmd; - FILE *f; - int cur_cmd, linenum, num_cmds, arg; - - if ((f = fopen(cmdfilename, "r")) == NULL) { - fatal("couldn't read entropy commands file %.100s: %.100s", - cmdfilename, strerror(errno)); - } - - num_cmds = 64; - entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t)); - - /* Read in file */ - cur_cmd = linenum = 0; - while (fgets(line, sizeof(line), f)) { - linenum++; - - /* Skip leading whitespace, blank lines and comments */ - cp = line + strspn(line, WHITESPACE); - if ((*cp == 0) || (*cp == '#')) - continue; /* done with this line */ - - /* - * The first non-whitespace char should be a double quote - * delimiting the commandline - */ - if (*cp != '"') { - error("bad entropy command, %.100s line %d", - cmdfilename, linenum); - continue; - } - - /* - * First token, command args (incl. argv[0]) in double - * quotes - */ - cp = strtok(cp, "\""); - if (cp == NULL) { - error("missing or bad command string, %.100s " - "line %d -- ignored", cmdfilename, linenum); - continue; - } - strlcpy(cmd, cp, sizeof(cmd)); - - /* Second token, full command path */ - if ((cp = strtok(NULL, WHITESPACE)) == NULL) { - error("missing command path, %.100s " - "line %d -- ignored", cmdfilename, linenum); - continue; - } - - /* Did configure mark this as dead? */ - if (strncmp("undef", cp, 5) == 0) - continue; - - strlcpy(path, cp, sizeof(path)); - - /* Third token, entropy rate estimate for this command */ - if ((cp = strtok(NULL, WHITESPACE)) == NULL) { - error("missing entropy estimate, %.100s " - "line %d -- ignored", cmdfilename, linenum); - continue; - } - est = strtod(cp, NULL); - - /* end of line */ - if ((cp = strtok(NULL, WHITESPACE)) != NULL) { - error("garbage at end of line %d in %.100s " - "-- ignored", linenum, cmdfilename); - continue; - } - - /* save the command for debug messages */ - entcmd[cur_cmd].cmdstring = xstrdup(cmd); - - /* split the command args */ - cp = strtok(cmd, WHITESPACE); - arg = 0; - do { - entcmd[cur_cmd].args[arg] = xstrdup(cp); - arg++; - } while(arg < NUM_ARGS && (cp = strtok(NULL, WHITESPACE))); - - if (strtok(NULL, WHITESPACE)) - error("ignored extra commands (max %d), %.100s " - "line %d", NUM_ARGS, cmdfilename, linenum); - - /* Copy the command path and rate estimate */ - entcmd[cur_cmd].path = xstrdup(path); - entcmd[cur_cmd].rate = est; - - /* Initialise other values */ - entcmd[cur_cmd].sticky_badness = 1; - - cur_cmd++; - - /* - * If we've filled the array, reallocate it twice the size - * Do this now because even if this we're on the last - * command we need another slot to mark the last entry - */ - if (cur_cmd == num_cmds) { - num_cmds *= 2; - entcmd = xrealloc(entcmd, num_cmds, - sizeof(entropy_cmd_t)); - } - } - - /* zero the last entry */ - memset(&entcmd[cur_cmd], '\0', sizeof(entropy_cmd_t)); - - /* trim to size */ - entropy_cmds = xrealloc(entcmd, (cur_cmd + 1), - sizeof(entropy_cmd_t)); - - debug("Loaded %d entropy commands from %.100s", cur_cmd, - cmdfilename); - - fclose(f); - return cur_cmd < MIN_ENTROPY_SOURCES ? -1 : 0; -} - -void -usage(void) -{ - fprintf(stderr, "Usage: %s [options]\n", __progname); - fprintf(stderr, " -v Verbose; display verbose debugging messages.\n"); - fprintf(stderr, " Multiple -v increases verbosity.\n"); - fprintf(stderr, " -x Force output in hexadecimal (for debugging)\n"); - fprintf(stderr, " -X Force output in binary\n"); - fprintf(stderr, " -b bytes Number of bytes to output (default %d)\n", - OUTPUT_SEED_SIZE); -} - -int -main(int argc, char **argv) -{ - unsigned char *buf; - int ret, ch, debug_level, output_hex, bytes; - extern char *optarg; - extern int optind; - LogLevel ll; - - __progname = ssh_get_progname(argv[0]); - log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); - - ll = SYSLOG_LEVEL_INFO; - debug_level = output_hex = 0; - bytes = OUTPUT_SEED_SIZE; - - /* Don't write binary data to a tty, unless we are forced to */ - if (isatty(STDOUT_FILENO)) - output_hex = 1; - - while ((ch = getopt(argc, argv, "vxXhb:")) != -1) { - switch (ch) { - case 'v': - if (debug_level < 3) - ll = SYSLOG_LEVEL_DEBUG1 + debug_level++; - break; - case 'x': - output_hex = 1; - break; - case 'X': - output_hex = 0; - break; - case 'b': - if ((bytes = atoi(optarg)) <= 0) - fatal("Invalid number of output bytes"); - break; - case 'h': - usage(); - exit(0); - default: - error("Invalid commandline option"); - usage(); - exit(1); - } - } - log_init(argv[0], ll, SYSLOG_FACILITY_USER, 1); - - if (argc != optind) { - error("Unexpected commandline arguments."); - usage(); - exit(1); - } - -#ifdef USE_SEED_FILES - prng_read_seedfile(); -#endif - - buf = xmalloc(bytes); - - /* - * Seed the RNG from wherever we can - */ - - /* Take whatever is on the stack, but don't credit it */ - RAND_add(buf, bytes, 0); - - debug("Seeded RNG with %i bytes from system calls", - (int)stir_from_system()); - - /* try prngd, fall back to commands if prngd fails or not configured */ - if (seed_from_prngd(buf, bytes) == 0) { - RAND_add(buf, bytes, bytes); - } else { - /* Read in collection commands */ - if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1) - fatal("PRNG initialisation failed -- exiting."); - debug("Seeded RNG with %i bytes from programs", - (int)stir_from_programs()); - } - -#ifdef USE_SEED_FILES - prng_write_seedfile(); -#endif - - /* - * Write the seed to stdout - */ - - if (!RAND_status()) - fatal("Not enough entropy in RNG"); - - if (RAND_bytes(buf, bytes) <= 0) - fatal("Couldn't extract entropy from PRNG"); - - if (output_hex) { - for(ret = 0; ret < bytes; ret++) - printf("%02x", (unsigned char)(buf[ret])); - printf("\n"); - } else - ret = atomicio(vwrite, STDOUT_FILENO, buf, bytes); - - memset(buf, '\0', bytes); - xfree(buf); - - return ret == bytes ? 0 : 1; -} - -/* - * We may attempt to re-seed during mkstemp if we are using the one in the - * compat library (via mkstemp -> _gettemp -> arc4random -> seed_rng) so we - * need our own seed_rng(). We must also check that we have enough entropy. - */ -void -seed_rng(void) -{ - if (!RAND_status()) - fatal("Not enough entropy in RNG"); -} diff --git a/crypto/openssh/ssh-sandbox.h b/crypto/openssh/ssh-sandbox.h new file mode 100644 index 000000000..dfecd5aa0 --- /dev/null +++ b/crypto/openssh/ssh-sandbox.h @@ -0,0 +1,23 @@ +/* $OpenBSD: ssh-sandbox.h,v 1.1 2011/06/23 09:34:13 djm Exp $ */ +/* + * Copyright (c) 2011 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +struct ssh_sandbox; + +struct ssh_sandbox *ssh_sandbox_init(void); +void ssh_sandbox_child(struct ssh_sandbox *); +void ssh_sandbox_parent_finish(struct ssh_sandbox *); +void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t); diff --git a/crypto/openssh/ssh.1 b/crypto/openssh/ssh.1 index 4bdb30ef6..7eab76a3f 100644 --- a/crypto/openssh/ssh.1 +++ b/crypto/openssh/ssh.1 @@ -33,9 +33,9 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.316 2010/11/18 15:01:00 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.326 2012/06/18 12:17:18 dtucker Exp $ .\" $FreeBSD$ -.Dd November 18, 2010 +.Dd June 18 2012 .Dt SSH 1 .Os .Sh NAME @@ -393,9 +393,13 @@ Valid commands are: .Dq check (check that the master process is running), .Dq forward -(request forwardings without command execution) and +(request forwardings without command execution), +.Dq cancel +(cancel forwardings), .Dq exit -(request the master to exit). +(request the master to exit), and +.Dq stop +(request the master to stop accepting further multiplexing requests). .It Fl o Ar option Can be used to give options in the format used in the configuration file. This is useful for specifying options for which there is no separate @@ -418,11 +422,13 @@ For full details of the options listed below, and their possible values, see .It ConnectTimeout .It ControlMaster .It ControlPath +.It ControlPersist .It DynamicForward .It EscapeChar .It ExitOnForwardFailure .It ForwardAgent .It ForwardX11 +.It ForwardX11Timeout .It ForwardX11Trusted .It GatewayPorts .It GlobalKnownHostsFile @@ -437,6 +443,7 @@ For full details of the options listed below, and their possible values, see .It IdentityFile .It IdentitiesOnly .It IPQoS +.It KbdInteractiveAuthentication .It KbdInteractiveDevices .It KexAlgorithms .It LocalCommand @@ -455,6 +462,7 @@ For full details of the options listed below, and their possible values, see .It PubkeyAuthentication .It RekeyLimit .It RemoteForward +.It RequestTTY .It RhostsRSAAuthentication .It RSAAuthentication .It SendEnv @@ -500,7 +508,7 @@ from the local machine. Port forwardings can also be specified in the configuration file. Privileged ports can be forwarded only when logging in as root on the remote machine. -IPv6 addresses can be specified by enclosing the address in square braces. +IPv6 addresses can be specified by enclosing the address in square brackets. .Pp By default, the listening socket on the server will be bound to the loopback interface only. @@ -581,8 +589,8 @@ Implies .Fl T , .Cm ExitOnForwardFailure and -.Cm ClearAllForwardings -and works with Protocol version 2 only. +.Cm ClearAllForwardings . +Works with Protocol version 2 only. .It Fl w Xo .Ar local_tun Ns Op : Ns Ar remote_tun .Xc @@ -666,7 +674,9 @@ Both protocols support similar authentication methods, but protocol 2 is the default since it provides additional mechanisms for confidentiality (the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour) -and integrity (hmac-md5, hmac-sha1, umac-64, hmac-ripemd160). +and integrity (hmac-md5, hmac-sha1, +hmac-sha2-256, hmac-sha2-512, +umac-64, hmac-ripemd160). Protocol 1 lacks a strong mechanism for ensuring the integrity of the connection. .Pp @@ -893,11 +903,20 @@ Currently this allows the addition of port forwardings using the and .Fl D options (see above). -It also allows the cancellation of existing remote port-forwardings -using +It also allows the cancellation of existing port-forwardings +with +.Sm off +.Fl KL Oo Ar bind_address : Oc Ar port +.Sm on +for local, +.Sm off +.Fl KR Oo Ar bind_address : Oc Ar port +.Sm on +for remote and .Sm off -.Fl KR Oo Ar bind_address : Oc Ar port . +.Fl KD Oo Ar bind_address : Oc Ar port .Sm on +for dynamic port-forwardings. .Ic !\& Ns Ar command allows the user to execute a local command if the .Ic PermitLocalCommand @@ -1358,7 +1377,7 @@ The file format and configuration options are described in .It Pa /etc/ssh/ssh_host_dsa_key .It Pa /etc/ssh/ssh_host_ecdsa_key .It Pa /etc/ssh/ssh_host_rsa_key -These three files contain the private parts of the host keys +These files contain the private parts of the host keys and are used for host-based authentication. If protocol version 1 is used, .Nm diff --git a/crypto/openssh/ssh.c b/crypto/openssh/ssh.c index e2d3f4458..c77491bb2 100644 --- a/crypto/openssh/ssh.c +++ b/crypto/openssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.356 2011/01/06 22:23:53 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.370 2012/07/06 01:47:38 djm Exp $ */ /* $FreeBSD$ */ /* * Author: Tatu Ylonen @@ -113,13 +113,16 @@ __RCSID("$FreeBSD$"); extern char *__progname; +/* Saves a copy of argv for setproctitle emulation */ +#ifndef HAVE_SETPROCTITLE +static char **saved_av; +#endif + /* Flag indicating whether debug mode is on. May be set on the command line. */ int debug_flag = 0; -/* Flag indicating whether a tty should be allocated */ +/* Flag indicating whether a tty should be requested */ int tty_flag = 0; -int no_tty_flag = 0; -int force_tty_flag = 0; /* don't exec a shell */ int no_shell_flag = 0; @@ -137,7 +140,7 @@ int stdin_null_flag = 0; int need_controlpersist_detach = 0; /* Copies of flags for ControlPersist foreground slave */ -int ostdin_null_flag, ono_shell_flag, ono_tty_flag, otty_flag; +int ostdin_null_flag, ono_shell_flag, otty_flag, orequest_tty; /* * Flag indicating that ssh should fork after authentication. This is useful @@ -216,6 +219,20 @@ static void main_sigchld_handler(int); void muxclient(const char *); void muxserver_listen(void); +/* ~/ expand a list of paths. NB. assumes path[n] is heap-allocated. */ +static void +tilde_expand_paths(char **paths, u_int num_paths) +{ + u_int i; + char *cp; + + for (i = 0; i < num_paths; i++) { + cp = tilde_expand_filename(paths[i], original_real_uid); + xfree(paths[i]); + paths[i] = cp; + } +} + /* * Main program for the ssh client. */ @@ -224,11 +241,13 @@ main(int ac, char **av) { int i, r, opt, exit_status, use_syslog; char *p, *cp, *line, *argv0, buf[MAXPATHLEN], *host_arg; + char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; struct stat st; struct passwd *pw; int dummy, timeout_ms; extern int optind, optreset; extern char *optarg; + struct servent *sp; Forward fwd; @@ -236,7 +255,17 @@ main(int ac, char **av) sanitise_stdfd(); __progname = ssh_get_progname(av[0]); - init_rng(); + +#ifndef HAVE_SETPROCTITLE + /* Prepare for later setproctitle emulation */ + /* Save argv so it isn't clobbered by setproctitle() emulation */ + saved_av = xcalloc(ac + 1, sizeof(*saved_av)); + for (i = 0; i < ac; i++) + saved_av[i] = xstrdup(av[i]); + saved_av[i] = NULL; + compat_init_setproctitle(ac, av); + av = saved_av; +#endif /* * Discard other fds that are hanging around. These can cause problem @@ -348,6 +377,10 @@ main(int ac, char **av) muxclient_command = SSHMUX_COMMAND_FORWARD; else if (strcmp(optarg, "exit") == 0) muxclient_command = SSHMUX_COMMAND_TERMINATE; + else if (strcmp(optarg, "stop") == 0) + muxclient_command = SSHMUX_COMMAND_STOP; + else if (strcmp(optarg, "cancel") == 0) + muxclient_command = SSHMUX_COMMAND_CANCEL_FWD; else fatal("Invalid multiplex command."); break; @@ -389,9 +422,10 @@ main(int ac, char **av) #endif break; case 't': - if (tty_flag) - force_tty_flag = 1; - tty_flag = 1; + if (options.request_tty == REQUEST_TTY_YES) + options.request_tty = REQUEST_TTY_FORCE; + else + options.request_tty = REQUEST_TTY_YES; break; case 'v': if (debug_flag == 0) { @@ -404,9 +438,16 @@ main(int ac, char **av) } /* FALLTHROUGH */ case 'V': - fprintf(stderr, "%s, %s\n", - ssh_version_get(options.hpn_disabled), - SSLeay_version(SSLEAY_VERSION)); + if (options.version_addendum && + *options.version_addendum != '\0') + fprintf(stderr, "%s%s %s, %s\n", SSH_RELEASE, + options.hpn_disabled ? "" : SSH_VERSION_HPN, + options.version_addendum, + SSLeay_version(SSLEAY_VERSION)); + else + fprintf(stderr, "%s%s, %s\n", SSH_RELEASE, + options.hpn_disabled ? "" : SSH_VERSION_HPN, + SSLeay_version(SSLEAY_VERSION)); if (opt == 'V') exit(0); break; @@ -435,7 +476,7 @@ main(int ac, char **av) optarg); exit(255); } - no_tty_flag = 1; + options.request_tty = REQUEST_TTY_NO; no_shell_flag = 1; options.clear_forwardings = 1; options.exit_on_forward_failure = 1; @@ -544,10 +585,10 @@ main(int ac, char **av) break; case 'N': no_shell_flag = 1; - no_tty_flag = 1; + options.request_tty = REQUEST_TTY_NO; break; case 'T': - no_tty_flag = 1; + options.request_tty = REQUEST_TTY_NO; #ifdef NONE_CIPHER_ENABLED /* * Ensure that the user does not try to backdoor a @@ -623,7 +664,6 @@ main(int ac, char **av) */ if (!ac) { /* No command specified - execute shell on a tty. */ - tty_flag = 1; if (subsystem_flag) { fprintf(stderr, "You must specify a subsystem to invoke.\n"); @@ -644,21 +684,6 @@ main(int ac, char **av) fatal("Cannot fork into background without a command " "to execute."); - /* Allocate a tty by default if no command specified. */ - if (buffer_len(&command) == 0) - tty_flag = 1; - - /* Force no tty */ - if (no_tty_flag || muxclient_command != 0) - tty_flag = 0; - /* Do not allocate a tty if stdin is not a tty. */ - if ((!isatty(fileno(stdin)) || stdin_null_flag) && !force_tty_flag) { - if (tty_flag) - logit("Pseudo-terminal will not be allocated because " - "stdin is not a terminal."); - tty_flag = 0; - } - /* * Initialize "log" output. Since we are the client all output * actually goes to stderr. @@ -681,7 +706,7 @@ main(int ac, char **av) if (r > 0 && (size_t)r < sizeof(buf)) (void)read_config_file(buf, host, &options, 1); - /* Read systemwide configuration file after use config. */ + /* Read systemwide configuration file after user config. */ (void)read_config_file(_PATH_HOST_CONFIG_FILE, host, &options, 0); } @@ -694,6 +719,26 @@ main(int ac, char **av) /* reinit */ log_init(argv0, options.log_level, SYSLOG_FACILITY_USER, !use_syslog); + if (options.request_tty == REQUEST_TTY_YES || + options.request_tty == REQUEST_TTY_FORCE) + tty_flag = 1; + + /* Allocate a tty by default if no command specified. */ + if (buffer_len(&command) == 0) + tty_flag = options.request_tty != REQUEST_TTY_NO; + + /* Force no tty */ + if (options.request_tty == REQUEST_TTY_NO || muxclient_command != 0) + tty_flag = 0; + /* Do not allocate a tty if stdin is not a tty. */ + if ((!isatty(fileno(stdin)) || stdin_null_flag) && + options.request_tty != REQUEST_TTY_FORCE) { + if (tty_flag) + logit("Pseudo-terminal will not be allocated because " + "stdin is not a terminal."); + tty_flag = 0; + } + seed_rng(); if (options.user == NULL) @@ -712,17 +757,19 @@ main(int ac, char **av) "h", host, (char *)NULL); } - if (options.local_command != NULL) { - char thishost[NI_MAXHOST]; + if (gethostname(thishost, sizeof(thishost)) == -1) + fatal("gethostname: %s", strerror(errno)); + strlcpy(shorthost, thishost, sizeof(shorthost)); + shorthost[strcspn(thishost, ".")] = '\0'; + snprintf(portstr, sizeof(portstr), "%d", options.port); - if (gethostname(thishost, sizeof(thishost)) == -1) - fatal("gethostname: %s", strerror(errno)); - snprintf(buf, sizeof(buf), "%d", options.port); + if (options.local_command != NULL) { debug3("expanding LocalCommand: %s", options.local_command); cp = options.local_command; options.local_command = percent_expand(cp, "d", pw->pw_dir, "h", host, "l", thishost, "n", host_arg, "r", options.user, - "p", buf, "u", pw->pw_name, (char *)NULL); + "p", portstr, "u", pw->pw_name, "L", shorthost, + (char *)NULL); debug3("expanded LocalCommand: %s", options.local_command); xfree(cp); } @@ -763,16 +810,13 @@ main(int ac, char **av) } if (options.control_path != NULL) { - char thishost[NI_MAXHOST]; - - if (gethostname(thishost, sizeof(thishost)) == -1) - fatal("gethostname: %s", strerror(errno)); - snprintf(buf, sizeof(buf), "%d", options.port); cp = tilde_expand_filename(options.control_path, original_real_uid); xfree(options.control_path); - options.control_path = percent_expand(cp, "p", buf, "h", host, - "r", options.user, "l", thishost, (char *)NULL); + options.control_path = percent_expand(cp, "h", host, + "l", thishost, "n", host_arg, "r", options.user, + "p", portstr, "u", pw->pw_name, "L", shorthost, + (char *)NULL); xfree(cp); } if (muxclient_command != 0 && options.control_path == NULL) @@ -877,31 +921,28 @@ main(int ac, char **av) * Now that we are back to our own permissions, create ~/.ssh * directory if it doesn't already exist. */ - r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, - strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); - if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { + if (config == NULL) { + r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, + strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); + if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { #ifdef WITH_SELINUX - ssh_selinux_setfscreatecon(buf); + ssh_selinux_setfscreatecon(buf); #endif - if (mkdir(buf, 0700) < 0) - error("Could not create directory '%.200s'.", buf); + if (mkdir(buf, 0700) < 0) + error("Could not create directory '%.200s'.", + buf); #ifdef WITH_SELINUX - ssh_selinux_setfscreatecon(NULL); + ssh_selinux_setfscreatecon(NULL); #endif + } } /* load options.identity_files */ load_public_identity_files(); /* Expand ~ in known host file names. */ - /* XXX mem-leaks: */ - options.system_hostfile = - tilde_expand_filename(options.system_hostfile, original_real_uid); - options.user_hostfile = - tilde_expand_filename(options.user_hostfile, original_real_uid); - options.system_hostfile2 = - tilde_expand_filename(options.system_hostfile2, original_real_uid); - options.user_hostfile2 = - tilde_expand_filename(options.user_hostfile2, original_real_uid); + tilde_expand_paths(options.system_hostfiles, + options.num_system_hostfiles); + tilde_expand_paths(options.user_hostfiles, options.num_user_hostfiles); signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */ signal(SIGCHLD, main_sigchld_handler); @@ -974,8 +1015,7 @@ control_persist_detach(void) /* Parent: set up mux slave to connect to backgrounded master */ debug2("%s: background process is %ld", __func__, (long)pid); stdin_null_flag = ostdin_null_flag; - no_shell_flag = ono_shell_flag; - no_tty_flag = ono_tty_flag; + options.request_tty = orequest_tty; tty_flag = otty_flag; close(muxserver_sock); muxserver_sock = -1; @@ -994,6 +1034,7 @@ control_persist_detach(void) if (devnull > STDERR_FILENO) close(devnull); } + setproctitle("%s [mux]", options.control_path); } /* Do fork() after authentication. Used by "ssh -f" */ @@ -1018,11 +1059,17 @@ ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) debug("remote forward %s for: listen %d, connect %s:%d", type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure", rfwd->listen_port, rfwd->connect_host, rfwd->connect_port); - if (type == SSH2_MSG_REQUEST_SUCCESS && rfwd->listen_port == 0) { - rfwd->allocated_port = packet_get_int(); - logit("Allocated port %u for remote forward to %s:%d", - rfwd->allocated_port, - rfwd->connect_host, rfwd->connect_port); + if (rfwd->listen_port == 0) { + if (type == SSH2_MSG_REQUEST_SUCCESS) { + rfwd->allocated_port = packet_get_int(); + logit("Allocated port %u for remote forward to %s:%d", + rfwd->allocated_port, + rfwd->connect_host, rfwd->connect_port); + channel_update_permitted_opens(rfwd->handle, + rfwd->allocated_port); + } else { + channel_update_permitted_opens(rfwd->handle, -1); + } } if (type == SSH2_MSG_REQUEST_FAILURE) { @@ -1047,25 +1094,26 @@ client_cleanup_stdio_fwd(int id, void *arg) cleanup_exit(0); } -static int -client_setup_stdio_fwd(const char *host_to_connect, u_short port_to_connect) +static void +ssh_init_stdio_forwarding(void) { Channel *c; int in, out; - debug3("client_setup_stdio_fwd %s:%d", host_to_connect, - port_to_connect); + if (stdio_forward_host == NULL) + return; + if (!compat20) + fatal("stdio forwarding require Protocol 2"); - in = dup(STDIN_FILENO); - out = dup(STDOUT_FILENO); - if (in < 0 || out < 0) - fatal("channel_connect_stdio_fwd: dup() in/out failed"); + debug3("%s: %s:%d", __func__, stdio_forward_host, stdio_forward_port); - if ((c = channel_connect_stdio_fwd(host_to_connect, port_to_connect, - in, out)) == NULL) - return 0; + if ((in = dup(STDIN_FILENO)) < 0 || + (out = dup(STDOUT_FILENO)) < 0) + fatal("channel_connect_stdio_fwd: dup() in/out failed"); + if ((c = channel_connect_stdio_fwd(stdio_forward_host, + stdio_forward_port, in, out)) == NULL) + fatal("%s: channel_connect_stdio_fwd failed", __func__); channel_register_cleanup(c->self, client_cleanup_stdio_fwd, 0); - return 1; } static void @@ -1074,15 +1122,6 @@ ssh_init_forwarding(void) int success = 0; int i; - if (stdio_forward_host != NULL) { - if (!compat20) { - fatal("stdio forwarding require Protocol 2"); - } - if (!client_setup_stdio_fwd(stdio_forward_host, - stdio_forward_port)) - fatal("Failed to connect in stdio forward mode."); - } - /* Initiate local TCP/IP port forwardings. */ for (i = 0; i < options.num_local_forwards; i++) { debug("Local connections to %.200s:%d forwarded to remote " @@ -1114,19 +1153,22 @@ ssh_init_forwarding(void) options.remote_forwards[i].listen_port, options.remote_forwards[i].connect_host, options.remote_forwards[i].connect_port); - if (channel_request_remote_forwarding( + options.remote_forwards[i].handle = + channel_request_remote_forwarding( options.remote_forwards[i].listen_host, options.remote_forwards[i].listen_port, options.remote_forwards[i].connect_host, - options.remote_forwards[i].connect_port) < 0) { + options.remote_forwards[i].connect_port); + if (options.remote_forwards[i].handle < 0) { if (options.exit_on_forward_failure) fatal("Could not request remote forwarding."); else logit("Warning: Could not request remote " "forwarding."); + } else { + client_register_global_confirm(ssh_confirm_remote_forward, + &options.remote_forwards[i]); } - client_register_global_confirm(ssh_confirm_remote_forward, - &options.remote_forwards[i]); } /* Initiate tunnel forwarding. */ @@ -1238,8 +1280,8 @@ ssh_session(void) /* Request forwarding with authentication spoofing. */ debug("Requesting X11 forwarding with authentication " "spoofing."); - x11_request_forwarding_with_spoofing(0, display, proto, data); - + x11_request_forwarding_with_spoofing(0, display, proto, + data, 0); /* Read response from the server. */ type = packet_read(); if (type == SSH_SMSG_SUCCESS) { @@ -1270,6 +1312,7 @@ ssh_session(void) } /* Initiate port forwardings. */ + ssh_init_stdio_forwarding(); ssh_init_forwarding(); /* Execute a local command */ @@ -1337,9 +1380,11 @@ ssh_session2_setup(int id, int success, void *arg) /* Request forwarding with authentication spoofing. */ debug("Requesting X11 forwarding with authentication " "spoofing."); - x11_request_forwarding_with_spoofing(id, display, proto, data); + x11_request_forwarding_with_spoofing(id, display, proto, + data, 1); + client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN); + /* XXX exit_on_forward_failure */ interactive = 1; - /* XXX wait for reply */ } check_agent_present(); @@ -1349,6 +1394,10 @@ ssh_session2_setup(int id, int success, void *arg) packet_send(); } + /* Tell the packet module whether this is an interactive session. */ + packet_set_interactive(interactive, + options.ip_qos_interactive, options.ip_qos_bulk); + client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), NULL, fileno(stdin), &command, environ); } @@ -1430,6 +1479,7 @@ ssh_session2_open(void) c->dynamic_window = 1; debug("Enabled Dynamic Window Scaling\n"); } + debug3("ssh_session2_open: channel_new: %d", c->self); channel_send_open(c->self); @@ -1446,15 +1496,18 @@ ssh_session2(void) int id = -1; /* XXX should be pre-session */ + if (!options.control_persist) + ssh_init_stdio_forwarding(); ssh_init_forwarding(); /* Start listening for multiplex clients */ muxserver_listen(); /* - * If we are in control persist mode, then prepare to background - * ourselves and have a foreground client attach as a control - * slave. NB. we must save copies of the flags that we override for + * If we are in control persist mode and have a working mux listen + * socket, then prepare to background ourselves and have a foreground + * client attach as a control slave. + * NB. we must save copies of the flags that we override for * the backgrounding, since we defer attachment of the slave until * after the connection is fully established (in particular, * async rfwd replies have been received for ExitOnForwardFailure). @@ -1462,16 +1515,21 @@ ssh_session2(void) if (options.control_persist && muxserver_sock != -1) { ostdin_null_flag = stdin_null_flag; ono_shell_flag = no_shell_flag; - ono_tty_flag = no_tty_flag; + orequest_tty = options.request_tty; otty_flag = tty_flag; stdin_null_flag = 1; no_shell_flag = 1; - no_tty_flag = 1; tty_flag = 0; if (!fork_after_authentication_flag) need_controlpersist_detach = 1; fork_after_authentication_flag = 1; } + /* + * ControlPersist mux listen socket setup failed, attempt the + * stdio forward setup that we skipped earlier. + */ + if (options.control_persist && muxserver_sock == -1) + ssh_init_stdio_forwarding(); if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) id = ssh_session2_open(); diff --git a/crypto/openssh/ssh_config b/crypto/openssh/ssh_config index 1ff198b85..1c4e9f0bf 100644 --- a/crypto/openssh/ssh_config +++ b/crypto/openssh/ssh_config @@ -46,4 +46,4 @@ # PermitLocalCommand no # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com -# VersionAddendum FreeBSD-20110503 +# VersionAddendum FreeBSD-20120901 diff --git a/crypto/openssh/ssh_config.5 b/crypto/openssh/ssh_config.5 index f0754c343..0736be106 100644 --- a/crypto/openssh/ssh_config.5 +++ b/crypto/openssh/ssh_config.5 @@ -33,9 +33,9 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.146 2010/12/08 04:02:47 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.157 2012/06/29 13:57:25 naddy Exp $ .\" $FreeBSD$ -.Dd December 8, 2010 +.Dd June 29 2012 .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -113,6 +113,15 @@ The host is the argument given on the command line (i.e. the name is not converted to a canonicalized host name before matching). .Pp +A pattern entry may be negated by prefixing it with an exclamation mark +.Pq Sq !\& . +If a negated entry is matched, then the +.Cm Host +entry is ignored, regardless of whether any other patterns on the line +match. +Negated matches are therefore useful to provide exceptions for wildcard +matches. +.Pp See .Sx PATTERNS for more information on patterns. @@ -306,14 +315,22 @@ section above or the string .Dq none to disable connection sharing. In the path, +.Ql %L +will be substituted by the first component of the local host name, .Ql %l -will be substituted by the local host name, +will be substituted by the local host name (including any domain name), .Ql %h will be substituted by the target host name, +.Ql %n +will be substituted by the original target host name +specified on the command line, .Ql %p -the port, and +the port, .Ql %r -by the remote login username. +by the remote login username, and +.Ql %u +by the username of the user running +.Xr ssh 1 . It is recommended that any .Cm ControlPath used for opportunistic connection sharing include @@ -501,9 +518,11 @@ or The default is .Dq no . .It Cm GlobalKnownHostsFile -Specifies a file to use for the global -host key database instead of -.Pa /etc/ssh/ssh_known_hosts . +Specifies one or more files to use for the global +host key database, separated by whitespace. +The default is +.Pa /etc/ssh/ssh_known_hosts , +.Pa /etc/ssh/ssh_known_hosts2 . .It Cm GSSAPIAuthentication Specifies whether user authentication based on GSSAPI is allowed. The default is @@ -570,7 +589,7 @@ Specifies the real host name to log into. This can be used to specify nicknames or abbreviations for hosts. If the hostname contains the character sequence .Ql %h , -then this will be replaced with the host name specified on the commandline +then this will be replaced with the host name specified on the command line (this is useful for manipulating unqualified names). The default is the name given on the command line. Numeric IP addresses are also permitted (both on the command line and in @@ -594,7 +613,7 @@ offers many different identities. The default is .Dq no . .It Cm IdentityFile -Specifies a file from which the user's DSA, ECDSA or DSA authentication +Specifies a file from which the user's DSA, ECDSA or RSA authentication identity is read. The default is .Pa ~/.ssh/identity @@ -630,13 +649,17 @@ escape characters: It is possible to have multiple identity files specified in configuration files; all these identities will be tried in sequence. +Multiple +.Cm IdentityFile +directives will add to the list of identities tried (this behaviour +differs from that of other configuration directives). .It Cm IPQoS Specifies the IPv4 type-of-service or DSCP class for connections. Accepted values are .Dq af11 , .Dq af12 , .Dq af13 , -.Dq af14 , +.Dq af21 , .Dq af22 , .Dq af23 , .Dq af31 , @@ -771,7 +794,8 @@ Multiple algorithms must be comma-separated. The default is: .Bd -literal -offset indent hmac-md5,hmac-sha1,umac-64@openssh.com, -hmac-ripemd160,hmac-sha1-96,hmac-md5-96 +hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, +hmac-sha1-96,hmac-md5-96 .Ed .It Cm NoHostAuthenticationForLocalhost This option can be used if the home directory is shared across machines. @@ -944,6 +968,23 @@ will only succeed if the server's .Cm GatewayPorts option is enabled (see .Xr sshd_config 5 ) . +.It Cm RequestTTY +Specifies whether to request a pseudo-tty for the session. +The argument may be one of: +.Dq no +(never request a TTY), +.Dq yes +(always request a TTY when standard input is a TTY), +.Dq force +(always request a TTY) or +.Dq auto +(request a TTY when opening a login session). +This option mirrors the +.Fl t +and +.Fl T +flags for +.Xr ssh 1 . .It Cm RhostsRSAAuthentication Specifies whether to try rhosts based authentication with RSA host authentication. @@ -1138,9 +1179,11 @@ This can be useful when a different user name is used on different machines. This saves the trouble of having to remember to give the user name on the command line. .It Cm UserKnownHostsFile -Specifies a file to use for the user -host key database instead of -.Pa ~/.ssh/known_hosts . +Specifies one or more files to use for the user +host key database, separated by whitespace. +The default is +.Pa ~/.ssh/known_hosts , +.Pa ~/.ssh/known_hosts2 . .It Cm VerifyHostKeyDNS Specifies whether to verify the remote key using DNS and SSHFP resource records. @@ -1173,7 +1216,7 @@ in Specifies a string to append to the regular version string to identify OS- or site-specific modifications. The default is -.Dq FreeBSD-20110503 . +.Dq FreeBSD-20120901 . .It Cm VisualHostKey If this flag is set to .Dq yes , diff --git a/crypto/openssh/ssh_namespace.h b/crypto/openssh/ssh_namespace.h index 51b3f20a4..f5935e6d1 100644 --- a/crypto/openssh/ssh_namespace.h +++ b/crypto/openssh/ssh_namespace.h @@ -7,8 +7,7 @@ * * A list of symbols which need munging is obtained as follows: * - * nm libssh.a | awk '/[0-9a-z] [A-Z] / && $3 !~ /^ssh_/ { print "#define " $3 "\t\tssh_" $3 }' - * + * nm libssh.a | awk '/[0-9a-z] [A-Z] / && $3 !~ /^ssh_/ { printf("#define %-39s ssh_%s\n", $3, $3) }' | unexpand -a | sort * $FreeBSD$ */ @@ -96,6 +95,7 @@ #define channel_after_select ssh_channel_after_select #define channel_by_id ssh_channel_by_id #define channel_cancel_cleanup ssh_channel_cancel_cleanup +#define channel_cancel_lport_listener ssh_channel_cancel_lport_listener #define channel_cancel_rport_listener ssh_channel_cancel_rport_listener #define channel_clear_adm_permitted_opens ssh_channel_clear_adm_permitted_opens #define channel_clear_permitted_opens ssh_channel_clear_permitted_opens @@ -104,6 +104,7 @@ #define channel_connect_by_listen_address ssh_channel_connect_by_listen_address #define channel_connect_stdio_fwd ssh_channel_connect_stdio_fwd #define channel_connect_to ssh_channel_connect_to +#define channel_disable_adm_local_opens ssh_channel_disable_adm_local_opens #define channel_find_open ssh_channel_find_open #define channel_free ssh_channel_free #define channel_free_all ssh_channel_free_all @@ -145,6 +146,7 @@ #define channel_setup_remote_fwd_listener ssh_channel_setup_remote_fwd_listener #define channel_still_open ssh_channel_still_open #define channel_stop_listening ssh_channel_stop_listening +#define channel_update_permitted_opens ssh_channel_update_permitted_opens #define check_key_in_hostkeys ssh_check_key_in_hostkeys #define choose_dh ssh_choose_dh #define chop ssh_chop @@ -201,6 +203,7 @@ #define dispatch_run ssh_dispatch_run #define dispatch_set ssh_dispatch_set #define do_log ssh_do_log +#define do_log2 ssh_do_log2 #define dump_base64 ssh_dump_base64 #define enable_compat13 ssh_enable_compat13 #define enable_compat20 ssh_enable_compat20 @@ -237,7 +240,7 @@ #define hpdelim ssh_hpdelim #define incoming_stream ssh_incoming_stream #define init_hostkeys ssh_init_hostkeys -#define init_rng ssh_init_rng +#define iptos2str ssh_iptos2str #define ipv64_normalise_mapped ssh_ipv64_normalise_mapped #define kex_derive_keys ssh_kex_derive_keys #define kex_dh_hash ssh_kex_dh_hash @@ -282,6 +285,7 @@ #define key_in_file ssh_key_in_file #define key_is_cert ssh_key_is_cert #define key_load_cert ssh_key_load_cert +#define key_load_file ssh_key_load_file #define key_load_private ssh_key_load_private #define key_load_private_cert ssh_key_load_private_cert #define key_load_private_pem ssh_key_load_private_pem @@ -291,6 +295,7 @@ #define key_names_valid2 ssh_key_names_valid2 #define key_new ssh_key_new #define key_new_private ssh_key_new_private +#define key_parse_private ssh_key_parse_private #define key_perm_ok ssh_key_perm_ok #define key_read ssh_key_read #define key_save_private ssh_key_save_private @@ -335,7 +340,6 @@ #define packet_add_padding ssh_packet_add_padding #define packet_backup_state ssh_packet_backup_state #define packet_close ssh_packet_close -#define packet_connection_is_ipv4 ssh_packet_connection_is_ipv4 #define packet_connection_is_on_socket ssh_packet_connection_is_on_socket #define packet_disconnect ssh_packet_disconnect #define packet_get_bignum ssh_packet_get_bignum @@ -378,7 +382,6 @@ #define packet_put_string ssh_packet_put_string #define packet_read ssh_packet_read #define packet_read_expect ssh_packet_read_expect -#define packet_read_poll ssh_packet_read_poll #define packet_read_poll_seqnr ssh_packet_read_poll_seqnr #define packet_read_seqnr ssh_packet_read_seqnr #define packet_remaining ssh_packet_remaining @@ -408,6 +411,7 @@ #define percent_expand ssh_percent_expand #define permanently_drop_suid ssh_permanently_drop_suid #define permanently_set_uid ssh_permanently_set_uid +#define permitopen_port ssh_permitopen_port #define pkcs11_add_provider ssh_pkcs11_add_provider #define pkcs11_del_provider ssh_pkcs11_del_provider #define pkcs11_init ssh_pkcs11_init @@ -435,6 +439,7 @@ #define sanitise_stdfd ssh_sanitise_stdfd #define scan_scaled ssh_scan_scaled #define seed_rng ssh_seed_rng +#define set_log_handler ssh_set_log_handler #define set_newkeys ssh_set_newkeys #define set_nodelay ssh_set_nodelay #define set_nonblock ssh_set_nonblock diff --git a/crypto/openssh/sshconnect.c b/crypto/openssh/sshconnect.c index e9605609e..0076d115a 100644 --- a/crypto/openssh/sshconnect.c +++ b/crypto/openssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.232 2011/01/16 11:50:36 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.234 2011/05/24 07:15:47 djm Exp $ */ /* $FreeBSD$ */ /* * Author: Tatu Ylonen @@ -582,10 +582,12 @@ ssh_exchange_identification(int timeout_ms) (options.protocol & SSH_PROTO_2) ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, remote_major); /* Send our own protocol version identification. */ - snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", + snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s%s%s%s", compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, compat20 ? PROTOCOL_MINOR_2 : minor1, - ssh_version_get(options.hpn_disabled), compat20 ? "\r\n" : "\n"); + SSH_VERSION, options.hpn_disabled ? "" : SSH_VERSION_HPN, + *options.version_addendum == '\0' ? "" : " ", + options.version_addendum, compat20 ? "\r\n" : "\n"); if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf)) != strlen(buf)) fatal("write: %.100s", strerror(errno)); @@ -712,28 +714,30 @@ get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr, /* * check whether the supplied host key is valid, return -1 if the key - * is not valid. the user_hostfile will not be updated if 'readonly' is true. + * is not valid. user_hostfile[0] will not be updated if 'readonly' is true. */ #define RDRW 0 #define RDONLY 1 #define ROQUIET 2 static int check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, - Key *host_key, int readonly, char *user_hostfile, - char *system_hostfile) + Key *host_key, int readonly, + char **user_hostfiles, u_int num_user_hostfiles, + char **system_hostfiles, u_int num_system_hostfiles) { + HostStatus host_status; + HostStatus ip_status; Key *raw_key = NULL; - const char *type; char *ip = NULL, *host = NULL; char hostline[1000], *hostp, *fp, *ra; - HostStatus host_status; - HostStatus ip_status; - int r, want_cert = key_is_cert(host_key), host_ip_differ = 0; - int local = sockaddr_is_local(hostaddr); char msg[1024]; + const char *type; + const struct hostkey_entry *host_found, *ip_found; int len, cancelled_forwarding = 0; + int local = sockaddr_is_local(hostaddr); + int r, want_cert = key_is_cert(host_key), host_ip_differ = 0; struct hostkeys *host_hostkeys, *ip_hostkeys; - const struct hostkey_entry *host_found, *ip_found; + u_int i; /* * Force accepting of the host key for loopback/localhost. The @@ -765,14 +769,18 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, options.check_host_ip = 0; host_hostkeys = init_hostkeys(); - load_hostkeys(host_hostkeys, host, user_hostfile); - load_hostkeys(host_hostkeys, host, system_hostfile); + for (i = 0; i < num_user_hostfiles; i++) + load_hostkeys(host_hostkeys, host, user_hostfiles[i]); + for (i = 0; i < num_system_hostfiles; i++) + load_hostkeys(host_hostkeys, host, system_hostfiles[i]); ip_hostkeys = NULL; if (!want_cert && options.check_host_ip) { ip_hostkeys = init_hostkeys(); - load_hostkeys(ip_hostkeys, ip, user_hostfile); - load_hostkeys(ip_hostkeys, ip, system_hostfile); + for (i = 0; i < num_user_hostfiles; i++) + load_hostkeys(ip_hostkeys, ip, user_hostfiles[i]); + for (i = 0; i < num_system_hostfiles; i++) + load_hostkeys(ip_hostkeys, ip, system_hostfiles[i]); } retry: @@ -817,11 +825,12 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, logit("%s host key for IP address " "'%.128s' not in list of known hosts.", type, ip); - else if (!add_host_to_hostfile(user_hostfile, ip, + else if (!add_host_to_hostfile(user_hostfiles[0], ip, host_key, options.hash_known_hosts)) logit("Failed to add the %s host key for IP " "address '%.128s' to the list of known " - "hosts (%.30s).", type, ip, user_hostfile); + "hosts (%.30s).", type, ip, + user_hostfiles[0]); else logit("Warning: Permanently added the %s host " "key for IP address '%.128s' to the list " @@ -840,7 +849,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, port != SSH_DEFAULT_PORT) { debug("checking without port identifier"); if (check_host_key(hostname, hostaddr, 0, host_key, - ROQUIET, user_hostfile, system_hostfile) == 0) { + ROQUIET, user_hostfiles, num_user_hostfiles, + system_hostfiles, num_system_hostfiles) == 0) { debug("found matching key w/out port"); break; } @@ -905,25 +915,25 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, hostp = hostline; if (options.hash_known_hosts) { /* Add hash of host and IP separately */ - r = add_host_to_hostfile(user_hostfile, host, - host_key, options.hash_known_hosts) && - add_host_to_hostfile(user_hostfile, ip, + r = add_host_to_hostfile(user_hostfiles[0], + host, host_key, options.hash_known_hosts) && + add_host_to_hostfile(user_hostfiles[0], ip, host_key, options.hash_known_hosts); } else { /* Add unhashed "host,ip" */ - r = add_host_to_hostfile(user_hostfile, + r = add_host_to_hostfile(user_hostfiles[0], hostline, host_key, options.hash_known_hosts); } } else { - r = add_host_to_hostfile(user_hostfile, host, host_key, - options.hash_known_hosts); + r = add_host_to_hostfile(user_hostfiles[0], host, + host_key, options.hash_known_hosts); hostp = host; } if (!r) logit("Failed to add the host to the list of known " - "hosts (%.500s).", user_hostfile); + "hosts (%.500s).", user_hostfiles[0]); else logit("Warning: Permanently added '%.200s' (%s) to the " "list of known hosts.", hostp, type); @@ -984,7 +994,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, /* The host key has changed. */ warn_changed_key(host_key); error("Add correct host key in %.100s to get rid of this message.", - user_hostfile); + user_hostfiles[0]); error("Offending %s key in %s:%lu", key_type(host_found->key), host_found->file, host_found->line); @@ -1129,7 +1139,6 @@ fail: int verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) { - struct stat st; int flags = 0; char *fp; @@ -1140,7 +1149,6 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) /* XXX certs are not yet supported for DNS */ if (!key_is_cert(host_key) && options.verify_host_key_dns && verify_host_key_dns(host, hostaddr, host_key, &flags) == 0) { - if (flags & DNS_VERIFY_FOUND) { if (options.verify_host_key_dns == 1 && @@ -1158,16 +1166,9 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) } } - /* return ok if the key can be found in an old keyfile */ - if (stat(options.system_hostfile2, &st) == 0 || - stat(options.user_hostfile2, &st) == 0) { - if (check_host_key(host, hostaddr, options.port, host_key, - RDONLY, options.user_hostfile2, - options.system_hostfile2) == 0) - return 0; - } - return check_host_key(host, hostaddr, options.port, host_key, - RDRW, options.user_hostfile, options.system_hostfile); + return check_host_key(host, hostaddr, options.port, host_key, RDRW, + options.user_hostfiles, options.num_user_hostfiles, + options.system_hostfiles, options.num_system_hostfiles); } /* diff --git a/crypto/openssh/sshconnect2.c b/crypto/openssh/sshconnect2.c index 7352276fd..c96704fda 100644 --- a/crypto/openssh/sshconnect2.c +++ b/crypto/openssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.186 2010/11/29 23:45:51 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.189 2012/06/22 12:30:26 dtucker Exp $ */ /* $FreeBSD$ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -120,14 +120,15 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) size_t maxlen; struct hostkeys *hostkeys; int ktype; + u_int i; /* Find all hostkeys for this hostname */ get_hostfile_hostname_ipaddr(host, hostaddr, port, &hostname, NULL); hostkeys = init_hostkeys(); - load_hostkeys(hostkeys, hostname, options.user_hostfile2); - load_hostkeys(hostkeys, hostname, options.system_hostfile2); - load_hostkeys(hostkeys, hostname, options.user_hostfile); - load_hostkeys(hostkeys, hostname, options.system_hostfile); + for (i = 0; i < options.num_user_hostfiles; i++) + load_hostkeys(hostkeys, hostname, options.user_hostfiles[i]); + for (i = 0; i < options.num_system_hostfiles; i++) + load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]); oavail = avail = xstrdup(KEX_DEFAULT_PK_ALG); maxlen = strlen(avail) + 1; @@ -1922,6 +1923,7 @@ authmethod_get(char *authlist) authmethod_is_enabled(current)) { debug3("authmethod_is_enabled %s", name); debug("Next authentication method: %s", name); + xfree(name); return current; } } diff --git a/crypto/openssh/sshd.8 b/crypto/openssh/sshd.8 index 314300d48..d3c980a81 100644 --- a/crypto/openssh/sshd.8 +++ b/crypto/openssh/sshd.8 @@ -33,9 +33,9 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.260 2010/10/28 18:33:28 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.266 2012/06/18 12:07:07 dtucker Exp $ .\" $FreeBSD$ -.Dd October 28, 2010 +.Dd June 18 2012 .Dt SSHD 8 .Os .Sh NAME @@ -115,6 +115,8 @@ The connection parameters are supplied as keyword=value pairs. The keywords are .Dq user , .Dq host , +.Dq laddr , +.Dq lport , and .Dq addr . All are required and may be supplied in any order, either with multiple @@ -315,7 +317,8 @@ The client selects the encryption algorithm to use from those offered by the server. Additionally, session integrity is provided through a cryptographic message authentication code -(hmac-md5, hmac-sha1, umac-64 or hmac-ripemd160). +(hmac-md5, hmac-sha1, umac-64, hmac-ripemd160, +hmac-sha2-256 or hmac-sha2-512). .Pp Finally, the server and the client enter an authentication dialog. The client tries to authenticate itself using @@ -465,10 +468,12 @@ is run, and if that does not exist either, xauth is used to add the cookie. .Sh AUTHORIZED_KEYS FILE FORMAT .Cm AuthorizedKeysFile -specifies the file containing public keys for +specifies the files containing public keys for public key authentication; if none is specified, the default is -.Pa ~/.ssh/authorized_keys . +.Pa ~/.ssh/authorized_keys +and +.Pa ~/.ssh/authorized_keys2 . Each line of the file contains one key (empty lines and lines starting with a .Ql # @@ -608,6 +613,9 @@ Multiple options may be applied separated by commas. No pattern matching is performed on the specified hostnames, they must be literal domains or addresses. +A port specification of +.Cm * +matches any port. .It Cm principals="principals" On a .Cm cert-authority @@ -881,7 +889,7 @@ rlogin/rsh. .It Pa /etc/ssh/ssh_host_dsa_key .It Pa /etc/ssh/ssh_host_ecdsa_key .It Pa /etc/ssh/ssh_host_rsa_key -These three files contain the private parts of the host keys. +These files contain the private parts of the host keys. These files should only be owned by root, readable only by root, and not accessible to others. Note that @@ -892,7 +900,7 @@ does not start if these files are group/world-accessible. .It Pa /etc/ssh/ssh_host_dsa_key.pub .It Pa /etc/ssh/ssh_host_ecdsa_key.pub .It Pa /etc/ssh/ssh_host_rsa_key.pub -These three files contain the public parts of the host keys. +These files contain the public parts of the host keys. These files should be world-readable but writable only by root. Their contents should match the respective private parts. diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c index 8d6eb0e6c..937ad1e8b 100644 --- a/crypto/openssh/sshd.c +++ b/crypto/openssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.381 2011/01/11 06:13:10 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.393 2012/07/10 02:19:15 djm Exp $ */ /* $FreeBSD$ */ /* * Author: Tatu Ylonen @@ -130,6 +130,7 @@ __RCSID("$FreeBSD$"); #endif #include "monitor_wrap.h" #include "roaming.h" +#include "ssh-sandbox.h" #include "version.h" #ifdef LIBWRAP @@ -250,6 +251,7 @@ int startup_pipe; /* in child */ /* variables used for privilege separation */ int use_privsep = -1; struct monitor *pmonitor = NULL; +int privsep_is_preauth = 1; /* global authentication context */ Authctxt *the_authctxt = NULL; @@ -429,9 +431,12 @@ sshd_exchange_identification(int sock_in, int sock_out) major = PROTOCOL_MAJOR_1; minor = PROTOCOL_MINOR_1; } - snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, - ssh_version_get(options.hpn_disabled), newline); - server_version_string = xstrdup(buf); + + xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s", + major, minor, SSH_VERSION, + options.hpn_disabled ? "" : SSH_VERSION_HPN, + *options.version_addendum == '\0' ? "" : " ", + options.version_addendum, newline); /* Send our protocol version identification. */ if (roaming_atomicio(vwrite, sock_out, server_version_string, @@ -636,42 +641,65 @@ privsep_preauth(Authctxt *authctxt) { int status; pid_t pid; + struct ssh_sandbox *box = NULL; /* Set up unprivileged child process to deal with network data */ pmonitor = monitor_init(); /* Store a pointer to the kex for later rekeying */ pmonitor->m_pkex = &xxx_kex; + if (use_privsep == PRIVSEP_ON) + box = ssh_sandbox_init(); pid = fork(); if (pid == -1) { fatal("fork of unprivileged child failed"); } else if (pid != 0) { debug2("Network child is on pid %ld", (long)pid); - close(pmonitor->m_recvfd); pmonitor->m_pid = pid; + if (box != NULL) + ssh_sandbox_parent_preauth(box, pid); monitor_child_preauth(authctxt, pmonitor); - close(pmonitor->m_sendfd); /* Sync memory */ monitor_sync(pmonitor); /* Wait for the child's exit status */ - while (waitpid(pid, &status, 0) < 0) - if (errno != EINTR) - break; - return (1); + while (waitpid(pid, &status, 0) < 0) { + if (errno == EINTR) + continue; + pmonitor->m_pid = -1; + fatal("%s: waitpid: %s", __func__, strerror(errno)); + } + privsep_is_preauth = 0; + pmonitor->m_pid = -1; + if (WIFEXITED(status)) { + if (WEXITSTATUS(status) != 0) + fatal("%s: preauth child exited with status %d", + __func__, WEXITSTATUS(status)); + } else if (WIFSIGNALED(status)) + fatal("%s: preauth child terminated by signal %d", + __func__, WTERMSIG(status)); + if (box != NULL) + ssh_sandbox_parent_finish(box); + return 1; } else { /* child */ - close(pmonitor->m_sendfd); + close(pmonitor->m_log_recvfd); + + /* Arrange for logging to be sent to the monitor */ + set_log_handler(mm_log_handler, pmonitor); /* Demote the child */ if (getuid() == 0 || geteuid() == 0) privsep_preauth_child(); setproctitle("%s", "[net]"); + if (box != NULL) + ssh_sandbox_child(box); + + return 0; } - return (0); } static void @@ -697,7 +725,6 @@ privsep_postauth(Authctxt *authctxt) fatal("fork of unprivileged child failed"); else if (pmonitor->m_pid != 0) { verbose("User child is on pid %ld", (long)pmonitor->m_pid); - close(pmonitor->m_recvfd); buffer_clear(&loginmsg); monitor_child_postauth(pmonitor); @@ -705,7 +732,10 @@ privsep_postauth(Authctxt *authctxt) exit(0); } + /* child */ + close(pmonitor->m_sendfd); + pmonitor->m_sendfd = -1; /* Demote the private keys to public keys. */ demote_sensitive_data(); @@ -870,8 +900,14 @@ drop_connection(int startups) static void usage(void) { - fprintf(stderr, "%s, %s\n", - ssh_version_get(0), SSLeay_version(SSLEAY_VERSION)); + if (options.version_addendum && *options.version_addendum != '\0') + fprintf(stderr, "%s%s %s, %s\n", + SSH_RELEASE, options.hpn_disabled ? "" : SSH_VERSION_HPN, + options.version_addendum, SSLeay_version(SSLEAY_VERSION)); + else + fprintf(stderr, "%s%s, %s\n", + SSH_RELEASE, options.hpn_disabled ? "" : SSH_VERSION_HPN, + SSLeay_version(SSLEAY_VERSION)); fprintf(stderr, "usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]\n" " [-f config_file] [-g login_grace_time] [-h host_key_file]\n" @@ -1134,7 +1170,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) (int) received_sigterm); close_listen_socks(); unlink(options.pid_file); - exit(255); + exit(received_sigterm == SIGTERM ? 0 : 255); } if (key_used && key_do_regen) { generate_ephemeral_server_key(); @@ -1166,7 +1202,10 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) if (*newsock < 0) { if (errno != EINTR && errno != EAGAIN && errno != EWOULDBLOCK) - error("accept: %.100s", strerror(errno)); + error("accept: %.100s", + strerror(errno)); + if (errno == EMFILE || errno == ENFILE) + usleep(100 * 1000); continue; } if (unset_nonblock(*newsock) == -1) { @@ -1312,20 +1351,19 @@ main(int ac, char **av) int opt, i, j, on = 1; int sock_in = -1, sock_out = -1, newsock = -1; const char *remote_ip; - char *test_user = NULL, *test_host = NULL, *test_addr = NULL; int remote_port; - char *line, *p, *cp; + char *line; int config_s[2] = { -1 , -1 }; u_int64_t ibytes, obytes; mode_t new_umask; Key *key; Authctxt *authctxt; + struct connection_info *connection_info = get_connection_info(0, 0); #ifdef HAVE_SECUREWARE (void)set_auth_parameters(ac, av); #endif __progname = ssh_get_progname(av[0]); - init_rng(); /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ saved_argc = ac; @@ -1442,20 +1480,9 @@ main(int ac, char **av) test_flag = 2; break; case 'C': - cp = optarg; - while ((p = strsep(&cp, ",")) && *p != '\0') { - if (strncmp(p, "addr=", 5) == 0) - test_addr = xstrdup(p + 5); - else if (strncmp(p, "host=", 5) == 0) - test_host = xstrdup(p + 5); - else if (strncmp(p, "user=", 5) == 0) - test_user = xstrdup(p + 5); - else { - fprintf(stderr, "Invalid test " - "mode specification %s\n", p); - exit(1); - } - } + if (parse_server_match_testspec(connection_info, + optarg) == -1) + exit(1); break; case 'u': utmp_len = (u_int)strtonum(optarg, 0, MAXHOSTNAMELEN+1, NULL); @@ -1467,7 +1494,7 @@ main(int ac, char **av) case 'o': line = xstrdup(optarg); if (process_server_config_line(&options, line, - "command-line", 0, NULL, NULL, NULL, NULL) != 0) + "command-line", 0, NULL, NULL) != 0) exit(1); xfree(line); break; @@ -1504,7 +1531,7 @@ main(int ac, char **av) * root's environment */ if (getenv("KRB5CCNAME") != NULL) - unsetenv("KRB5CCNAME"); + (void) unsetenv("KRB5CCNAME"); #ifdef _UNICOS /* Cray can define user privs drop all privs now! @@ -1523,13 +1550,10 @@ main(int ac, char **av) * the parameters we need. If we're not doing an extended test, * do not silently ignore connection test params. */ - if (test_flag >= 2 && - (test_user != NULL || test_host != NULL || test_addr != NULL) - && (test_user == NULL || test_host == NULL || test_addr == NULL)) + if (test_flag >= 2 && server_match_spec_complete(connection_info) == 0) fatal("user, host and addr are all required when testing " "Match configs"); - if (test_flag < 2 && (test_user != NULL || test_host != NULL || - test_addr != NULL)) + if (test_flag < 2 && server_match_spec_complete(connection_info) >= 0) fatal("Config test connection parameter (-C) provided without " "test mode (-T)"); @@ -1541,7 +1565,7 @@ main(int ac, char **av) load_server_config(config_file_name, &cfg); parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, - &cfg, NULL, NULL, NULL); + &cfg, NULL); seed_rng(); @@ -1561,7 +1585,11 @@ main(int ac, char **av) exit(1); } - debug("sshd version %.100s", ssh_version_get(options.hpn_disabled)); + debug("sshd version %.100s%.100s%s%.100s", + SSH_RELEASE, + options.hpn_disabled ? "" : SSH_VERSION_HPN, + *options.version_addendum == '\0' ? "" : " ", + options.version_addendum); /* Store privilege separation user for later use if required. */ if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { @@ -1703,9 +1731,8 @@ main(int ac, char **av) } if (test_flag > 1) { - if (test_user != NULL && test_addr != NULL && test_host != NULL) - parse_server_match_config(&options, test_user, - test_host, test_addr); + if (server_match_spec_complete(connection_info) == 1) + parse_server_match_config(&options, connection_info); dump_config(&options); } @@ -1894,11 +1921,11 @@ main(int ac, char **av) #ifdef __FreeBSD__ /* * Initialize the resolver. This may not happen automatically - * before privsep chroot(). + * before privsep chroot(). */ if ((_res.options & RES_INIT) == 0) { - debug("res_init()"); - res_init(); + debug("res_init()"); + res_init(); } #ifdef GSSAPI /* @@ -2393,8 +2420,16 @@ do_ssh2_kex(void) void cleanup_exit(int i) { - if (the_authctxt) + if (the_authctxt) { do_cleanup(the_authctxt); + if (use_privsep && privsep_is_preauth && pmonitor->m_pid > 1) { + debug("Killing privsep child %d", pmonitor->m_pid); + if (kill(pmonitor->m_pid, SIGKILL) != 0 && + errno != ESRCH) + error("%s: kill(%d): %s", __func__, + pmonitor->m_pid, strerror(errno)); + } + } #ifdef SSH_AUDIT_EVENTS /* done after do_cleanup so it can cancel the PAM auth 'thread' */ if (!use_privsep || mm_is_monitor()) diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index f5079513b..48345f5f9 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ +# $OpenBSD: sshd_config,v 1.87 2012/07/10 02:19:15 djm Exp $ # $FreeBSD$ # This is the sshd server system-wide configuration file. See @@ -8,14 +8,12 @@ # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options change a +# possible, but leave them commented. Uncommented options override the # default value. # Note that some of FreeBSD's defaults differ from OpenBSD's, and # FreeBSD has a few additional options. -#VersionAddendum FreeBSD-20110503 - #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 @@ -50,7 +48,12 @@ #RSAAuthentication yes #PubkeyAuthentication yes -#AuthorizedKeysFile .ssh/authorized_keys + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no @@ -100,7 +103,7 @@ #PrintLastLog yes #TCPKeepAlive yes #UseLogin no -#UsePrivilegeSeparation yes +#UsePrivilegeSeparation sandbox #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 @@ -110,6 +113,7 @@ #MaxStartups 10 #PermitTunnel no #ChrootDirectory none +#VersionAddendum FreeBSD-20120901 # no default banner path #Banner none diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 1f8f7d2ce..ae551ece6 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -33,9 +33,9 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.131 2010/12/08 04:02:47 djm Exp $ +.\" $OpenBSD: sshd_config.5,v 1.144 2012/06/29 13:57:25 naddy Exp $ .\" $FreeBSD$ -.Dd December 8, 2010 +.Dd June 29 2012 .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -169,8 +169,9 @@ After expansion, .Cm AuthorizedKeysFile is taken to be an absolute path or one relative to the user's home directory. +Multiple files may be listed, separated by whitespace. The default is -.Dq .ssh/authorized_keys . +.Dq .ssh/authorized_keys .ssh/authorized_keys2 . .It Cm AuthorizedPrincipalsFile Specifies a file that lists principal names that are accepted for certificate authentication. @@ -198,7 +199,9 @@ After expansion, is taken to be an absolute path or one relative to the user's home directory. .Pp -The default is not to use a principals file \(en in this case, the username +The default is +.Dq none , +i.e. not to use a principals file \(en in this case, the username of the user must appear in a certificate's principals list for it to be accepted. Note that @@ -498,7 +501,7 @@ or .Pp .Pa /etc/hosts.equiv and -.Pa /etc/ssh/shosts.equiv +.Pa /etc/ssh/shosts.equiv are still used. The default is .Dq yes . @@ -519,7 +522,7 @@ Accepted values are .Dq af11 , .Dq af12 , .Dq af13 , -.Dq af14 , +.Dq af21 , .Dq af22 , .Dq af23 , .Dq af31 , @@ -655,7 +658,8 @@ Multiple algorithms must be comma-separated. The default is: .Bd -literal -offset indent hmac-md5,hmac-sha1,umac-64@openssh.com, -hmac-ripemd160,hmac-sha1-96,hmac-md5-96 +hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, +hmac-sha1-96,hmac-md5-96 .Ed .It Cm Match Introduces a conditional block. @@ -673,6 +677,8 @@ The available criteria are .Cm User , .Cm Group , .Cm Host , +.Cm LocalAddress , +.Cm LocalPort , and .Cm Address . The match patterns may consist of single entries or comma-separated @@ -701,12 +707,17 @@ Only a subset of keywords may be used on the lines following a .Cm Match keyword. Available keywords are +.Cm AcceptEnv , .Cm AllowAgentForwarding , +.Cm AllowGroups , .Cm AllowTcpForwarding , +.Cm AllowUsers , .Cm AuthorizedKeysFile , .Cm AuthorizedPrincipalsFile , .Cm Banner , .Cm ChrootDirectory , +.Cm DenyGroups , +.Cm DenyUsers , .Cm ForceCommand , .Cm GatewayPorts , .Cm GSSAPIAuthentication , @@ -798,6 +809,9 @@ Multiple forwards may be specified by separating them with whitespace. An argument of .Dq any can be used to remove all restrictions and permit any forwarding requests. +An argument of +.Dq none +can be used to prohibit all forwarding requests. By default all port forwarding requests are permitted. .It Cm PermitRootLogin Specifies whether root can log in using @@ -1081,12 +1095,18 @@ the privilege of the authenticated user. The goal of privilege separation is to prevent privilege escalation by containing any corruption within the unprivileged processes. The default is -.Dq yes . +.Dq sandbox . +If +.Cm UsePrivilegeSeparation +is set to +.Dq sandbox +then the pre-authentication unprivileged process is subject to additional +restrictions. .It Cm VersionAddendum -Specifies a string to append to the regular version string to identify -OS- or site-specific modifications. +Optionally specifies additional text to append to the SSH protocol banner +sent by the server upon connection. The default is -.Dq FreeBSD-20110503 . +.Dq FreeBSD-20120901 . .It Cm X11DisplayOffset Specifies the first display number available for .Xr sshd 8 Ns 's diff --git a/crypto/openssh/umac.c b/crypto/openssh/umac.c index 92902bc09..e78d2cc5f 100644 --- a/crypto/openssh/umac.c +++ b/crypto/openssh/umac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: umac.c,v 1.3 2008/05/12 20:52:20 pvalchev Exp $ */ +/* $OpenBSD: umac.c,v 1.4 2011/10/19 10:39:48 djm Exp $ */ /* ----------------------------------------------------------------------- * * umac.c -- C Implementation UMAC Message Authentication @@ -316,7 +316,7 @@ static void pdf_gen_xor(pdf_ctx *pc, UINT8 nonce[8], UINT8 buf[8]) typedef struct { UINT8 nh_key [L1_KEY_LEN + L1_KEY_SHIFT * (STREAMS - 1)]; /* NH Key */ - UINT8 data [HASH_BUF_BYTES]; /* Incomming data buffer */ + UINT8 data [HASH_BUF_BYTES]; /* Incoming data buffer */ int next_data_empty; /* Bookeeping variable for data buffer. */ int bytes_hashed; /* Bytes (out of L1_KEY_LEN) incorperated. */ UINT64 state[STREAMS]; /* on-line state */ diff --git a/crypto/openssh/version.c b/crypto/openssh/version.c deleted file mode 100644 index 2f467949c..000000000 --- a/crypto/openssh/version.c +++ /dev/null @@ -1,95 +0,0 @@ -/*- - * Copyright (c) 2001 Brian Fundakowski Feldman - * Copyright (c) 2012 Eygene Ryabinkin - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - */ - -#include "includes.h" -__RCSID("$FreeBSD$"); - -#include - -#include "version.h" -#include "xmalloc.h" - - -static char *version = NULL; -/* NULL means "use default value", empty string means "unset" */ -static const char *addendum = NULL; -static unsigned char update_version = 1; - -/* - * Constructs the version string if it is empty or needs updating. - * - * HPN patch we're running requires both parties - * to have the "hpn" string inside the advertized version - * (see compat.c::compat_datafellows), so we should - * include it to the generated string if HPN is enabled. - */ -const char * -ssh_version_get(int hpn_disabled) -{ - const char *hpn = NULL, *add = NULL; - char *newvers = NULL; - size_t size = 0; - - if (version != NULL && !update_version) - return (version); - - hpn = (hpn_disabled ? NULL : SSH_VERSION_HPN); - add = (addendum == NULL ? SSH_VERSION_ADDENDUM : - (addendum[0] == '\0' ? NULL : addendum)); - - size = strlen(SSH_VERSION_BASE) + (hpn ? strlen(hpn) : 0) + - (add ? strlen(add) + 1 : 0) + 1; - newvers = xmalloc(size); - strcpy(newvers, SSH_VERSION_BASE); - if (hpn) - strcat(newvers, hpn); - if (add) { - strcat(newvers, " "); - strcat(newvers, add); - } - - if (version) - xfree(version); - version = newvers; - update_version = 0; - - return (version); -} - -void -ssh_version_set_addendum(const char *add) -{ - if (add && addendum && !strcmp(add, addendum)) - return; - - if (addendum) - xfree((void *)addendum); - addendum = (add ? xstrdup(add) : xstrdup("")); - - update_version = 1; -} diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index 38bee886c..5ed6dd2f2 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -1,14 +1,10 @@ -/* $OpenBSD: version.h,v 1.61 2011/02/04 00:44:43 djm Exp $ */ +/* $OpenBSD: version.h,v 1.65 2012/07/22 18:19:21 markus Exp $ */ /* $FreeBSD$ */ -#ifndef _VERSION_H_ -#define _VERSION_H_ +#define SSH_VERSION "OpenSSH_6.1" +#define SSH_PORTABLE "p1" +#define SSH_RELEASE SSH_VERSION SSH_PORTABLE -#define SSH_VERSION_BASE "OpenSSH_5.8p2" -#define SSH_VERSION_ADDENDUM "FreeBSD-20110503" +#define SSH_VERSION_FREEBSD "FreeBSD-20120901" #define SSH_VERSION_HPN "_hpn13v11" - -const char *ssh_version_get(int hpn_disabled); -void ssh_version_set_addendum(const char *); -#endif /* _VERSION_H_ */ diff --git a/secure/lib/libssh/Makefile b/secure/lib/libssh/Makefile index 662bb1a40..7224823d0 100644 --- a/secure/lib/libssh/Makefile +++ b/secure/lib/libssh/Makefile @@ -23,8 +23,6 @@ SRCS= acss.c authfd.c authfile.c bufaux.c bufbn.c buffer.c \ SRCS+= bsd-misc.c fmt_scaled.c getrrsetbyname.c glob.c \ openssl-compat.c port-tun.c strtonum.c timingsafe_bcmp.c \ vis.c xcrypt.c xmmap.c -# FreeBSD additions -SRCS+= version.c .if defined(COMPAT_GETADDRINFO) SRCS+= getaddrinfo.c getnameinfo.c name6.c rcmd.c bindresvport.c diff --git a/secure/usr.sbin/sshd/Makefile b/secure/usr.sbin/sshd/Makefile index f587263f7..cc914c4d0 100644 --- a/secure/usr.sbin/sshd/Makefile +++ b/secure/usr.sbin/sshd/Makefile @@ -16,7 +16,8 @@ SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \ auth2-gss.c gss-serv.c gss-serv-krb5.c \ loginrec.c auth-pam.c auth-shadow.c auth-sia.c md5crypt.c \ sftp-server.c sftp-common.c \ - roaming_common.c roaming_serv.c + roaming_common.c roaming_serv.c \ + sandbox-null.c sandbox-rlimit.c sandbox-systrace.c sandbox-darwin.c # gss-genr.c really belongs in libssh; see src/secure/lib/libssh/Makefile SRCS+= gss-genr.c -- 2.45.0